Return-Path: <sentto-279987-2462-1001631372-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Thu, 27 Sep 2001 15:57:07 -0700 (PDT) Received: (qmail 1316 invoked by uid 510); 27 Sep 2001 22:56:27 -0000 Received: from n28.groups.yahoo.com (216.115.96.78) by 204.181.12.215 with SMTP; 27 Sep 2001 22:56:27 -0000 X-eGroups-Return: sentto-279987-2462-1001631372-fc=all.net@returns.onelist.com Received: from [10.1.4.53] by f19.egroups.com with NNFMP; 27 Sep 2001 22:56:12 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_4_1); 27 Sep 2001 22:56:11 -0000 Received: (qmail 91353 invoked from network); 27 Sep 2001 22:56:11 -0000 Received: from unknown (10.1.10.27) by 10.1.4.53 with QMQP; 27 Sep 2001 22:56:11 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta2 with SMTP; 27 Sep 2001 22:56:10 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id PAA22924 for iwar@onelist.com; Thu, 27 Sep 2001 15:56:10 -0700 Message-Id: <200109272256.PAA22924@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Thu, 27 Sep 2001 15:56:10 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Meet.the.world's.baddest.cyber.cops] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Meet the world's baddest cyber cops By John Galvin, CNET, 9/27/2001 <a href="http://hongkong1.cnet.com/news/international/story/0,2000027479,38018920,00.htm">http://hongkong1.cnet.com/news/international/story/0,2000027479,38018920,00.htm> For Charles Neal, a 20-year veteran of the FBI, Mafiaboy was the watershed case for cybercrime. On Monday, February 7, 2000, a 15-year-old from suburban Montreal with the online moniker Mafiaboy launched a weeklong Internet attack on Yahoo, CNN.com, Amazon.com, eBay, Dell, Buy.com, and several others, causing losses estimated in the millions. The hacker hit the companies with what is now commonly known as a distributed denial-of-service attack, which flooded the victims' Internet servers with messages until they collapsed. The teen later told investigators in a taped interview that when he saw the chaos his attack caused he almost wet his pants. Mafiaboy was not a sophisticated hacker. He begged the software--now widely available on several Internet hacker sites--from other hackers and then used it to break into and gain root access to more than 50 servers, most of them located at American universities. He then used those servers to launch his assault. That morning, calls began coming into Neal's office at the FBI's Los Angeles computer intrusion squad, a group he formed in 1995 that had investigated computer-crime cases including those of Kevin Mitnick and the Solar Sunrise attacks against the Pentagon. Neal sent an agent to the data centre of Exodus Communications, one of the world's largest IP networks, whose corporate customers include many of Mafiaboy's victims. Neal wanted to see what Exodus's server logs would reveal about the attacks. The agent showed up at Exodus but was turned away and told not to come back without a subpoena. The high-tech industry has developed an almost institutional fear of bad publicity, reasoning that covering up attacks is better than letting FBI agents poke around their systems and launch a very public investigation. When Neal found out, he was apoplectic. "These were their clients!" he says. He finally reached Exodus's chief security officer, Bill Hancock, who had started work that day. "I said, 'Bill Hancock! This is Charles Neal of the FBI and you have some very rude people working for you!' " Hancock, who had met Neal at security conferences, told him, "That's all going to change today." Neal's team soon began poring over Exodus's logs, ultimately tracing the attacks to Mafiaboy's home computer. Jill Knesek, the case agent, then flew to Montreal where the Royal Canadian Mounted Police were placing a phone tap on Mafiaboy's house. "There were two kids in the house," remembers Knesek. "And we had to figure out which was actually doing the attacks." What made Mafiaboy so important? It proved to Neal that anybody, even someone with very limited talent, could launch a massive cyberattack. And while Mafiaboy primarily targeted dot-coms, almost every company, and maybe your home, is now online and networked to some extent. The case exposed two trends in cybercrime: The weapons are becoming increasingly easy to use, and the pool of potential victims is expanding. Neal also concluded that maybe the FBI wasn't the best way to combat cybercrime. Had Mafiaboy been smart enough to route his attacks through an offshore country, as most experienced hackers do, Neal's investigation would have been over. "Once it goes overseas it's dead," says Neal. "The FBI can't, by law, investigate any further. If we even want to call a police department overseas we have to call our State Department, which calls the people over there, and on down. It can take months! And we don't have that much time in these cases." That March, then-FBI director Louis Freeh flew to Los Angeles to award Neal his 20-year pin. Two months later, Neal, with seven years left until mandatory retirement, resigned from the bureau. He wanted to form a new computer-crime squad, one with a global reach that was part of the private sector, staffed with law-enforcement veterans and technologists. The idea was to respond to cyberattacks, but also to pursue hackers--organised criminals, script kiddies (amateurs like Mafiaboy), competing companies, or even foreign countries--like it would any legal case. Neal envisioned changing the way companies approach cybercrime, encouraging them to seek prosecution instead of living in terminal fear of bad publicity. He landed at Exodus Communications. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more! http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:51 PDT