When he was just 15 years old, Michael "Mafia Boy" Calce managed to shut down several major websites including CNN, Dell, Amazon, Yahoo, eBay, and ETrade with a series of denial of service attacks, commonly known as Ddos. Now, more than a decade later, he talks about how the hacker culture has changed and what users can do to protect themselves.
How he toppled web giants
In 2000, Calce targeted CNN.com after another hacker claimed the site would be impossible to bring down because of its "advanced networks" and "huge traffic numbers." He managed to slow down CNN's site for nearly two hours.
Denial of service attacks involve bombarding a site or application with so many requests that the server is unable to keep up. Calce modified a denial of service attack written by another hacker and trained approximately 200 university networks under his control to a specific target.
The attack against Yahoo was by accident, Calce said. He had put in the IP addresses into the script, and then gone to school, forgetting the script was still running. He came home to find his computer had crashed, and didn't realize what had happened until he heard the news reports later.
His activities were, by his own account, "illegal, reckless and, in many ways, simply stupid", adding that he really had not understood the consequences of his actions.
"It's so easy, it's scary"
More than a decade later, it's easier to launch attacks now than it was then, Calce said. A lot of the companies are completely unaware that they are at risk, and that needs to change.
Back when he was actively targeting sites, you had to work and build your own arsenal of tools before launching an attack. Now there are hacker desktops and ready-to-go tools that anyone can download, install, and go. "If you're interested and you want to be a hacker, you can be a hacker in 30 minutes," Calce said.
Different mentalities & motivations
Calce and his fellow hackers were driven by curiosity and desire to understand how things worked. That is where the term "hacker" originated, after all. A hacker refers to anybody interested in manipulating technology to do something other than its original purpose. "That's not necessarily a bad thing," Calce said.
"Everyone at that point in time was running tests and seeing what they could do and what they could infiltrate," Calce said.
The current generation is motivated by money, or desire to destroy. "It's much more about monetary gain, whereas we were pushing the status quo," Calce said. And even when there doesn't seem to be an obvious financial motive, that doesn't mean it isn't there.
Hacktivist groups such as "Anonymous" and "Lulzsec" are a "different breed," Calce said. While they have political motivations, some of them do have malicious goals. They are not pure white-hat, or pure black-hat, but more grey-hat hackers Calce said.
There will be more hacktivism since people have figured out how to use technology to fight back and draw more attention to their cause. "I don't condone what they're doing, but I understand their point," Calce said.
Safe Security Online
With attack motivations shifting to monetary gain, the attack focus has also shifted, and individual users are just as likely to be targeted as large companies.
Users need to use strong passwords to protect their accounts. They need to be long and complex. Password managers help keep track of strong passwords, Calce said.
They should also think about installing personal firewall software on their computers to block malicious traffic. A firewall can also warn you when an application is trying to access the Internet. If you are not using Bluetooth, it should be turned off so that other devices cannot connect to your computer.
And finally, users should beware of open wireless networks because it is incredibly easy to eavesdrop on what you are doing, and people don't realize this, Calce said.
Hacking will never go away, and users can take some steps to protect themselves, but ultimately, organizations need to invest in security to protect their end users, Calce said.