Tracking Mafiaboy 277
Cruciform writes "The National Post has an article on the police effort to track Mafiaboy two years ago as the DoS attacks raged against Yahoo, E-trade and others. An interesting read."
Its a fairly lengthy story with lots of little bits in this tale of a script kiddie.
article illustrated something about family... (Score:5, Insightful)
If anything, it shows why good family life generally fosters good behavior in kids. I wouldnt be surprised if other 5r1p7 k1dd135 out there have similar family life to that of Mafiaboy.
Re:article illustrated something about family... (Score:2, Insightful)
Re:article illustrated something about family... (Score:2)
I don't know about this case but why is it far fetched that his home life had some sort of influence?
If he didn't think he got the recognition at home, at school or with his friends why not take it out on someone else. Why not try to show his skills, or what little ones he had.
Re:article illustrated something about family... (Score:5, Insightful)
If you read the entire article, you'll recall that the boy's brother was bragging about him, and his father was even somewhat proud of his son's 'skill'. Imagine how sweet this might be to a boy who has been ignored most of his life. Yeah. Upbringing and family life have a LOT to do with a kid's motivations for lashing out, be it digital or physical.
-Sara
Re:article illustrated something about family... (Score:2)
well it DOES require some skill but more importantly it requires time... LOTS of time... if his parents/friends did stuff with his he would not have spent all his time working on these malicious attacks... so he spends all this time working on something of course he wants SOMETHING bad... what did he do... he smeared his name all over the place... of course he was SCREAMING for attention... dont just pass off these people as "script kiddies" and just tell them to go away...
personally i dont know ONE hacker, REAL hackers included that have not once intheir life thought "wow i could EASILY take out a system for no reason and brag and it would be COOL"... everyone thinks it so stop trying to hide it and work on it... maybe if these people could meet someone who would help them learn some ethics they could do so much more but because of the nature of the internet sometimes people are exposed to things that they might not be able to handle...
Yeah, he was a script kiddie and not a hacker. (Score:3, Insightful)
He was a script kiddie, though. He took the scripts and apps of other people and used them for what he did. He did not seem to have a thorough understanding of the things he was doing, the article says he had to type commands several times before they'd work. I don't know about you, but even things I use casually are embedded in my fingertips, and having to retype a command isn't a very common occurence. Having to retype it 3-4 times is a non-occurence.
If the kid had been a real hacker (using the geek-culture definition of the word...) He would have taken that time and desire for recognition and learned new OSes thoroughly, written a program or ten, or taken up a more positive pursuit. Or at the very least, I believe that he would have been too afraid of doing what he did--because he'd know of the limitations he'd face in the future. Being shackled in the computer world would be far too painful a thing for someone who was really into it.
If you want to play in the Pros, you stay away from drugs. If you want to have your freedom on the internet, you stay away from illegal activities.
Or you become so damned good at covering your tracks that no one could ever find you.
-Sara
Re:Yeah, he was a script kiddie and not a hacker. (Score:2, Interesting)
The problem with the big anonymous internet is nobody cares, people say "screw those script kiddies" but in my personal experiance every REAL hacker i have known started out as a script kiddie, i did. I can admit that i used to use tools of other people creation and use them for malicious activities, this is where everyone has to start. They hear about comptuers, they like the possabilities, but it can be too much too fast. Children need to be protected from more damaging things than pornography on the internet. If a child browses around for a while s/he could eaily find a way to casue real damage, THAT is what people need to be protected from.
When i used to use IRC a lot more iwould be talking in a channel and some newb would come on and say "teach me to hack". Of course this was an instant ban but i followed this person into personal chat and told them EXACTLY how to hack. Get books, read em, and experiment.
I think those out in the online community who understand about computers need to help new people. I personally hold all the elitist people out ther responsible for these attacks. It's their arrogance that fosters these people to lash out in violent ways such as scripted attacks.
Re:article illustrated something about family... (Score:5, Interesting)
"Knesek recalls the wiretap and a portrait of a dysfunctional family. There were padlocks on the doors of the brothers' bedrooms. Mafiaboy "saw a lot, dealt with a lot, took a lot," recalled Knesek."
That, plus the part about the father being prosecuted for hiring a hit man, hints that some pretty freaky shit may have been going down in that house. At the very least, the boys were being raised in an ammoral atmosphere; it may have been worse than that. We'll probably never know what other bits of nastiness the feds got from the wiretaps.
Some years ago, a girl from my high school (years after I graduated) teamed up with a friend and ambushed her parents with a shotgun and an ax. Real messy stuff. Folks went around saying "How could that sweet girl ever do something like that?" It turned out in the trial that, since she could remember, she was abused physically and sexually, shared sexually with other cretins, was the object of homemade porn and was provided with a wide variety of drugs.
I'm not saying that sort of thing was going on in mafiaboy's case, but I've developed a deep [dis]repect for damages that can be done throught the effects of a "dysfunctional" family setting.
nice try, you liberal fascist (Score:1, Flamebait)
Dirty pinko communist.
Re:nice try, you liberal fascist (Score:1)
;)
Re:nice try, you liberal fascist (Score:1)
jaymz
Re:article illustrated something about family... (Score:1, Offtopic)
Which is more likely to grow up in society's pattern of 'good':
1> Child whose father is a homicidal psycho jungle cat and whose mother is a crack whore
2> Child whose parents spend time, talk, and love
Pretty simple logic, sorry you're disgruntled.
Re:article illustrated something about family... (Score:2, Insightful)
While your point is still a valid one, I don't think justifies such a harsh tone against the original post.
Perhaps it's a naive classical perspective, but I'm inclined to believe that moral development begins in the home, under the influence of one's parents and siblings. While good parents may not properly instill strong moral judgement in their children, I think there's a higher chance of them making a valid attempt toward strong moral development than parents lacking in said morals.
Re:article illustrated something about family... (Score:2)
Just because you are a poor excuse for a person (ie- breaking laws, getting detention, doing drugs, etc), is not really a good excuse for anything.
I do have one question, though- how many laws are you still breaking today?
For the record, I broke a few, and I did that for really sad reasons, I wrought myself from that lifestyle.
Don't go spreading your pathetic lifestyle when it is complete non-sense.
Re:article illustrated something about family... (Score:4, Interesting)
They came from good families yet still did drugs, had detention, were violaters, etc.
Let's take a look at Ecstacy for example. A good majority of the users and dealers are middle to upper class kids that grew up in the suburbs and found something that was illegal and fun.
Liberals. Bah.
Re:article illustrated something about family... (Score:3, Insightful)
Lower income kids might have to deal with: a flawed vision of themselves being inferior to higher income people, exposure to disillusioned/disenfranchised people who've given up on themselves and their peer's ability to succeed, parents who fit the above description or are too busy to think clearly about their children's environment and care.
Middle/upper income kids might have to deal with: a flawed vision of themselves being superior to lower income people, exposure to jaded/??? people who've long ago given up on the lower class of folk (because they've "proven" they're no good), parents who fit the above description or are too busy to think clearly about their children's environment and care.
Re:article illustrated something about family... (Score:3, Interesting)
Re:article illustrated something about family... (Score:2)
And I wasn't exactly the scourge of society when I was 15 either. But damned if I didn't try, just to fit in with everyone else. Because in high school, the coolest people are either the the punks who're tougher than everyone else but aren't bright enough to know their own shortcomings, or the snobby Beautiful People who aren't bright enough to know their own shortcomings. My high school wasn't big enough to have a significant number of Beautiful People and thus anyone who qualified were torn down by the much more numerous punks. And of course, so was everyone else, and as a defence mechanism, most of the kids I grew up with did their best to prove that they were tougher, meaner, and more evil than the next guy.
So while the real punks almost invariably have a far-from-desirable home life, you're bound to see tons of wannabe punks trying to keep the real punks away by appearing to be real punks, thus the problem at hand with otherwise fine, upstanding people shoplifting, indulging in any number of recreational pharmaceuticals, and beating up the small fry after school. This sort of thing is what makes school resemble a maximum security prison.
Re:article illustrated something about family... (Score:2)
Re:article illustrated something about family... (Score:2, Interesting)
I HAD good parents. I was taken to church every Sunday/Wednesday without fail. I was made to do my homework, and eat dinner at the table. Of course, there was no such thing as a home computer then, and I don't know how my parents would have handled that, if there were.
I got ratted out by my little sister for growing pot in my bedroom when she came home for Christmas break from college once. (I was getting a hop on the spring growing season, lol). I wrecked a couple of cars in the 70's whilst hitting the disco's. I knew what I needed to keep from my parents, and did so.
I've never had children of my own, but I suspect that today's kids are no different than I was then. I had "Ward and June" for parents. It wasn't hard to keep things from them. They came from a different era; they weren't prepared for what a teenage male growing up in the 70's would do.
THEY weren't shitty parents. I wasn't a case of gross negligence. Both my sisters turned out fine, lol. Even I turned out fine after the Navy made me grow up. You can't ALWAYS blame the parents.
This all said, I WOULD blame these parents. But I'd think twice about calling the parent poster's parents as 'pretty shitty'.
As a matter of fact, I wonder about YOUR parents! You're pretty quick to jump to judgement, and your LANGUAGE still isn't acceptable in polite company.
Grab a clue. Live and let live. But I forget;
Oh well, life goes on, and then it doesn't...
Mususe of the term "script kiddie"? (Score:3, Insightful)
By using words like these in the wrong context, we're linguistically painting orselves into a corner.
This reminds me of something C. S. Lewis once wrote [worldinvisible.com]:
The word gentleman 'originally meant something recognisable; one who had a coat of arms and some landed property. When you called someone 'a gentleman' you were not paying him a compliment, but merely stating a fact. If you said he was not 'a gentleman' you were not insulting him, but giving information. There was no contradiction in saying that John was a liar and a gentleman; any more than there now is in saying that James is a fool and an M.A. But then there came people who said - so rightly, charitably, spiritually, sensitively, so anything but usefully - 'Ah but surely the important thing about a gentleman is not the coat of arms and the land, but the behaviour? Surely he is the true gentleman who behaves as a gentleman should? Surely in that sense Edward is far more truly a gentleman than John?' They meant well.
Re:Mususe of the term "script kiddie"? (Score:1, Insightful)
Re:Mususe of the term "script kiddie"? (Score:5, Insightful)
Re:Mususe of the term "script kiddie"? (Score:2)
This particular script kiddie = crying out for attention.
Drunken drivers = Idiots who are irresponsible.
Not the same.
Misuse of the term "hacker"? (Score:2)
What a pity this term has been lost to us - and all we seem to have lest is a picking up of 'geek' - something I occasionally call myself when I have to, but I'd rather 'hacker'.
I shall have to make do with just enjoying what I do.
a grrl & her server [danamania.com]
Re:Misuse of the term "hacker"? (Score:4, Funny)
No, it's not.
But with that comment you've quadrupled the normal daily visits I have to my site... all in the last 20 minutes. I think that's a pretty good effort!
a grrl & her server [danamania.com]
simple lesson (Score:3, Insightful)
The lesson is that 'MafiaBoy' was just stupid. He went and hacked sites and publicly bragged about it. He even asked people to dictate his next target.
If you go and rob a store and then brag about how you did it at the bar, you're gonna get caught.
Stupid stupid stupid...
Re:simple lesson (Score:3, Insightful)
yeah, and you missed it. (Score:2)
Even if he hadn't bragged, there's little doubt in my mind that he would have been tracked down and punished, and rightly so.
Good lesson for all (Score:3, Insightful)
Should be required reading for all script kiddies and wanna-bes.
It's damn difficult to totally cover your tracks. Unless you're truely elite, if the FBI wants you badly enough, they'll find you and you'll be making some hairy-backed felon a very happy man.
Re:Good lesson for all (Score:5, Funny)
It's damn difficult to totally cover your tracks
Well, Mafiaboy himself sure helped. From the article:
The administrators at the university produced a copy of the attack tool used, which was registered to a user named Mafiaboy...
Moral of the story: don't register your hacking software back to yourself. Kinda like "don't sign each counterfeit bill you make".
Re:Good lesson for all (Score:2)
Re:Good lesson for all (Score:3, Insightful)
or someone else. The FBI isn't infallable, and aren't as amazing as cop shows make them out to be. They rely on informants and the criminal screwing up, just like other police organizations. This kid got caught because he bragged and wanted everyone to know he did it...let's not go patting the FBI on the back too much.
Sometimes though, when the public wants someone caught bad enough, and there are no leads (or they aren't allowed to get the person who did it), it's time to find the person who didn't do it and convict them. There are plenty of prisoners who pled 'not guilty', and the evidence used against them just doesn't add up, but still found themselves stuffed away and never heard from again because these organizations needed to save face in the public eye.
the interesting part is right at then end (Score:3, Interesting)
Re:the interesting part is right at then end (Score:2)
ttyl
Farrell
Re:the interesting part is right at then end (Score:2, Funny)
Re:the interesting part is right at then end (Score:2)
*Wonders if he's the first to say: There's a fine line between hacking and marketing.*
Re:the interesting part is right at then end (Score:2)
It's more of a discouragement to hackers if anything.
Re:the interesting part is right at then end (Score:3, Funny)
At least in my limited experience.
Can't work at nyplgate.nypl.org through RH, but I can through MS.
Re:the interesting part is right at then end (Score:3, Informative)
I just tried it, pulled up some records, did some searches, it all seems to work fine for me within gnome-terminal.
Note that in the UNIX paradigm, telnet does not provide terminal emulation, that is up to the terminal program you run telnet from.
Re:the interesting part is right at then end (Score:1)
Commercial Availablility (Score:2)
Not the exploit of the day.
Somone else noted that most free software is commercially available, the judge didn't state he must obtain it through commercial channels.
Re:the interesting part is right at then end (Score:3, Funny)
Re:the interesting part is right at then end (Score:2, Insightful)
Sounds hard to interpret. "Your honor, I bought gcc and python from RedHat, and fed them some data that I entered" is probably a violation (in the judge's opinion, which is all that matters).
Yet, "Your honor, I bought Excel from Microsoft" is probably not a violation (in the judge's opinion) if the kid makes a spreadsheet that has a macro that adds up some numbers. But as the complexity of the macro grows from adding numbers to installing viruses, the judge's mind is going to change. At exactly what point does the "software I'm running" change from the app to the active data?
python
4+4
(Python prints 8.) Have I violated yet? Most would say no...
print 4+4 (a command instead of just an expression)
(Python prints 8.) Have I violated yet? Surely not yet...
from socket import *
(Oh dear. At what point do I cross the line?)
Small attacks (Score:1, Informative)
The funny part is that there was nothing new about the attacks. They were not especially large even, he just targeted e-commerce sites instead of IRC servers.
Attacks of gigabit magnitude happen very often. The tricky part is actually concentrating that kind of bandwidth on a target without bringing down the links halfway to the target.
moral of the story (Score:1)
Terms of interest (Score:1)
script kiddies [astrian.net]
hacker [astrian.net]
cracker [astrian.net]
Are script kiddies smart, dumb, or just lazy? (Score:4, Interesting)
Having known "Mike" for over 5 years, I can attest that he is not lacking for brains, especially with computers, but he just can't be bothered to apply himself to some productive end.
He is not especially interested in doing any worthwhile computer training now that he's finished high school. Strangely, his parents complain about this but can't be bothered with doing anything about it.
"Mike" seems to be typical of the script kiddies I've encountered... generally smart, but can't be bothered to put in the effort to do anything. Is this the experience of everyone/anyone else?
I'm also wondering if anyone has any tips for weaning people off the "warez d00d" "l33t" trip, ie. actually putting their brains to some productive use. Perhaps an AA style "five step plan"?
Re:Are script kiddies smart, dumb, or just lazy? (Score:1)
Food..shelter... (Score:2)
Re:Are script kiddies smart, dumb, or just lazy? (Score:2, Interesting)
@ Inquisitive - Messing with basic commands, learning more about the operating systems etc
@ Learning - Starting to program, learning more about the deeper parts of the operating systems
@ L33t age - Using programs to make basic trojans, basically copying from people - this "l33t trip" is what you're on about.
@ Moving on - Getting bored of the earlier stage, I wanted to do something really cool - using someones program wasnt satisfying enough. You know the kind, making exploits, basic shellcodes etc, the stuff that an informed person would call "black hat"
@ Enlightened (:p) - Finally realising that there is more challenge in doing something productive (debatable, sure) and learning about things in even more depth, and understanding how to fool these "black hats". Outsmarting the smarts as it were - this was definitely more challenging and theefore a better "high".
@ ? - Where does this lead me?
Now, the transistions between the stage are not always made - most people will make the transistion from the "inquisitive" age to the "learning" age and possibly onto the "L33t age". Some people stop there, some intelligent people go on to the "Moving on" age. A lot of people stop here, some people go on to the "Enlightened" age.
I've helped a few script kiddies progress through the ages, getting them onto the "Enlightened" stage hopefully - some miss the moving on stage, realising early that what they're doing may not let them strive to their full potential. Personally, I think that its something that we all go through, and it wouldnt be a good idea to prevent the rebellious nature of newbies, rather make them realise that they can do something better than they already are...
Re:Are script kiddies smart, dumb, or just lazy? (Score:2)
he'll either end up in jail or making 50 grand a year in no time
Re:Are script kiddies smart, dumb, or just lazy? (Score:2, Interesting)
<anecdote>
I was diagnosed by a psychiatrist, a little over a year ago, with the non-hyperactive variant of ADD. In the last year, I've been a more productive programmer than ever before, and I'm actually on my way toward getting a real job based on my Linux networking knowledge.
The downside? I'll probably be stuck taking Adderall (dextroamphetamine, basically legal speed) for life if I want to keep my focus. For the last week, I've been going without in an attempt to wipe out my tolerance (FYI, take my advice and don't deviate at all from what the prescription says without first running it past your doctor, no matter how innocuous the change seems) and I've seen myself revert completely. It's been a very stark contrast between what I've considered "normal" for the last year versus what I'd considered "normal" before, and it makes me appreciate the reality of ADD that much more.
</anecdote>
Gotta love this part (Score:4, Funny)
Surely an interest in basketball and girls would make him ineligable as a hardcore cracker? I mean such wholesome interests, how could this possibly happen?!?
Phew! (Score:5, Insightful)
Re:Phew! (Score:3, Funny)
Re:Phew! (Score:2)
Judge's ruling silly (Score:5, Interesting)
What is commercially available software?? Do GPL products only available for free download count?
Also, how do you ban someone from talking with hackers??? I think the true definition of what a hacker is was lost on the judge.
Lastly, why ban someone from doing something which is illegal anyway... hacking into other websites? The ruling should be modded down to -5 reduntant. :-)
Re:Judge's ruling silly (Score:4, Insightful)
"Commercially available": if I sell commercially (or offer to sell commercially, along with a free (beer) version) some cracking tools (with or without a warning about not using them on other networks), can Mafiaboy use them?
For the "hackers", the judge probably didn't use that word, and it was probably more geared towards IRCing in crackerz (or 31337) chatrooms.
And your last point... it means if he does it again, he is liable for doing it in the first place, and then for doing it when a judge told him not to do it. I'm not sure about the name of that charge though, but it's more serious (recidivist).
Someone IS silly (Score:2)
My money is on the article. The whole thing was more a lowbrow detective story than it was a technology piece. Note how the author explained how it was possible to tell html packets but email was harder. Huh? plain text email hard to sniff? OK. Seems like the detective had a better grip on things than the author, but really the whole set up was not too sophisticated. The RCMP just happened to overhear this scrpt kiddie in the IRC nest set up to spy on people.
We can hope the judgement was more sensible. In general, your rights end on conviction. In the US, felons are not alowed to own firearms or vote and can legally be kept from positions of trust and influence. The idea is that a felon has proved untrustworthy. Maphia boy may very well have been banned from owning or using computers at all. Then again, there would be some justice to forcing him to view the world though MS internet exploder and AOL for the rest of his life. No telnet, ftp or compilers for you, kiddie! Ha ha ha!
Re:Judge's ruling silly (Score:1)
Most people don't understand (or care to understand) that there is a difference between "commercially available software" and GPL shit.
The Judge probalby believed (rightfully so) that the individual used the Internet to learn about, discuss, and carry out his attacks. To the judge, limiting his access was the best way to limit most of his methods.
If he didn't "ban" him from doing it again, the individual might feel it was a slap on the wrist and think the ruling at FACE VALUE and do it again b/c the judge didn't specifically say he could not.
Re:Judge's ruling silly (Score:1)
Re:Judge's ruling silly (Score:4, Insightful)
Spare me the sob story. If it were up to me, I'd keep this kid away from any general-purpose computer and have him complete his studies in juvie the old-fashioned way, with paper and pencil. Perhaps I would have allowed him to use a computer, but only if the computer had no modem, no NIC, no anything - I'll bet this kid never did anything off-line except play games.
We don't have the judge's actual ruling, only a snippit from a reporter, so we shouldn't even be discussing this - the judge may have given a very specific definition. If that definition excludes some possibly useful and harmless program, well then tant pis; the judge was generous enough allowing the kid anywhere near a computer as this kid has never used his computer for anything useful (Starcraft, IRC and launching DOS attacks are not useful nor educational).
I think the true definition of what a hacker is was lost on the judge.
This "true definition" is completely rejected by mainstream America, and in fact, by most of the computing world, both in academia and the business world, both inside and outside of the US. The definition of hacker that you'll find in the New Hacker's Dictionary is an MIT-ism. Nobody outside of MIT ever uses it, and the FSF is so intimately intertwined with MIT that they don't realize this.
The old-school "hackers" that you're talking about never dwelled in the script kiddie community. RMS was a math prodigy at Harvard; ESR was math and philosophy guy and never took a computer class; Larry Wall was trained as a linguist at Berkeley during the time when BSD was created, but he never touched Unix at Berkeley. And yet you would claim that barring this kid from using a specific set of software is going to stunt his growth?
So let's be honest: the warez hoarders and the script-kiddies on IRC - nothing useful has ever come out of these communities. All it has done is sully the reputation and the arguments of those who actually do any useful work: when Johannsen claims to a judge that he had a legitimate purpose for writing DeCSS, the judge won't believe him as he (and his peers) have already heard the same argument a thousand times from warez kiddies and the script kiddies trying to "show off" bad security.
My point here is that there is very little overlap between the kiddies and the "hackers" your talking about - all your insistence on propagating this MIT-ism of "hacker" does is confuse people as to which is which.
Re:Judge's ruling silly (Score:2)
Ya know, conditions of parole/probation are that you A. not break the law and B. not associate with people that do. And usually, you are also assigned restrictions to some excess related to the crime you were convicted of. If you get a DUI, you'll probably be banned from drinking, during the period of your probation. That's NORMAL.
So the poor little script kiddie has a laundry list of "you can't do this" kinda things in exchange for not having to sit in a jail cell for several years. My heart goes out to him. No really.
-Restil
inaccurate? (Score:5, Funny)
But what font size did they use?
Idiots (Score:1)
He let his ego get in the way after the Yahoo and Amazon attacks... he deserved to get caught. If he had just layed low he probably coulda got away with it.
Re:Idiots (Score:2)
Peachy.... (Score:4, Insightful)
I think one of the single best ways we could discourage this crap would be to take anybody we catch doing this, and cane them on national TV. Show the piss running down their legs, show them crying for their mommies. Then follow up on them in prison - ask them how many times they've been the woman. Make sure they look as uncool as possible. That way, when the other would-be script kiddies see this, they won't think it's cool - they will think it's most uncool.
(/me continues to whack hornets' nest known as Slashdot)
There was a good reason for punishments like the stocks - it made everyone in the community see that breaking the rules was BAD, and that BAD things happened to those who broke the rules. Yes, it was cruel to the individuals in the stocks. News flash - IT WAS SUPPOSED TO BE! It tended to make even the lowest miscreant reconsider his actions. I'm sorry if it offends you, but who better to suffer the consequences of negative actions but the moron who committed them!
Look - if somebody makes an honest mistake, cut them some slack - I'm not for throwing somebody into the stocks because they missed a stop sign, or because they accidentally didn't secure their computer. But if somebody with malice aforethought commits an act against the community, I say "Nuke them 'till they glow, shoot them in the dark, and let $deity sort 'em out".
Re:P(r)eachy.... (Score:5, Insightful)
Bonnie, R.J. (1985). The efficacy of law as a paternalistic instrument. Nebraska Symposium on Motivation, 29, 131-211.
Wilde, G.J.S. (1981). A critical view of countermeasure development and evaluation. In L. Goldberg, Alcohol, drugs and traffic safety. Stockholm: Almqvist and Wiksell, pp. 1145-1159.
In short, punishment generally causes people to be more anti-social, resentful, angry, vindictive, and prone to committing acts of sabotage. (Hundreds of years of increasingly punitive laws certainly haven't eliminated crime.)
Pillorying someone never stopped anyone else from doing the same thing (ever read The Scarlet Letter?); it only drove them deeper underground.
Now enough with this ridiculous "mild punishments don't work, so let's punish them more!" attitude. (That poison made me sick; I'm gonna eat more to see if it'll make me better!) In order to stop someone from behaving in a certain way, you have to stop the causes, not the symptoms. People in occupational safety and health have known about this one for years, and I'm not even going to get into the politics behind prisons...
Re:P(r)eachy.... (Score:3, Informative)
A small point, but negative reinforcement is *not* the same thing as punishment. This is a very common misconception. Negative reinforcement is a concept relating to operant conditioning and learning theory.
Examples?
Positive reinforcement: If a mother gives her child candy for being good, this is positive reinforcement. By rewarding the child, she is reinforceing the child behaving well.
Negative reinforcement: Your car is filthy and it drives you crazy. You decide to clean it out, and it feels great to have a clean car. Cleaning the car removed the adversive stimulus, making you more likely to clean it next time. This mechanism is theorized to be involved in many forms of drug addiction. (Life is difficult, drugs remove anxiety, more likely to use drugs later.)
See the following pages for more details:
What is Negative Reinforcement [maricopa.edu]
Negative Reinforcement, Escape, and Advoidance Learning [mentalhelp.net]
Re:Peachy.... (Score:2)
Yes, the good ole "it will never happen to me anyway...".
So, even if you did cut off some felons balls and made them eat them, it would not stop the next burglar/murderer/script-kiddie. Show me one country where harsh punishments have helped diminishing crimes and... I will be very suprised.
Choose your target wisely (Score:1)
Re: (Score:1)
The best part.... (Score:1)
Guys who do stupid things usually get caught because they do other stupid things, like bragging about it. Case closed.
This is the problem right here: (Score:2)
If the FBI cannot tell the difference between a trace of e-mail and HTML how are they going to track real hackers and not just the really really stupid ones like Mafiaboy (who even had trouble typing the commands to launch the scripts)?
Re:This is the problem right here: (Score:2)
You see, that's the problem. There often isn't any difference between email and HTML.
(Anyone want to place odds on Mafiaboy using LookOut Express?)
blacked out part (Score:2)
Dont really see any reason it was 'censored', but anyway.
In terms of the script-kiddie charge people are making, it seems hard to tell from this article. They did say that he mistyped some commands, and received accounts from others, but they also said that the tool used to take over the boxes seemed to be written by him and contained his alias in the warning. I'd say he was a little bit of both, but then again what malicious hacker isnt?
Why he did it (Score:2)
Are you curious? Do you want to know WHY he did it? After all, maybe he had a good reason. Well, here it is:
Someone else in his 'l33t irc group' said "hey I bet you can't take down yahoo". There you are, folks, the modivations of a script kiddie. These people will do anything if their peers dare them to. Truely deserving of the title 'kiddie' which they've been given.
Re:Why he did it (Score:2)
Luser 1: You must be the new office rebel we heard about....Nice bathrobe.
Luser 2: We're called rebels because we're easily manipulated into doing stupid things
Luser 1: Give it up for us! Whoo Whoo!
Dilbert: I date you to use branding irons on each other right now.
Luser 2: Start the fire!
Hey, maybe he really was designing a firewall... (Score:3, Funny)
This kid is a serious dimwit.
Was this as big as they think it was? (Score:3, Insightful)
Okay, obviously this was big news but honestly not many people were exactly surprised where they? The tools that allowd this kid to pull this off had been identified already, the theory was pretty well established. Was knocking out Yahoo for 12 hours really a disruption of the "Internet Economy"?
The article was interesting, a good read. There was really any surpising information in there, punk toublemaker kid out to cause shit, surprise. THe fact that the author went to great length trying to paint this as some super mega massive disruption or something was very anoying. Yes this was an important event because of the new level of media attention but it was not an especially shocking event in a technical sense. Nobody was surprised it happened.
He will never be found! Erh.... (Score:2)
Every time there is a virus attack the press rushes to report that the culprit likely "will never be found". Yet quite often, they are found.
Anybody care to explain the discrepancy?
Re:He will never be found! Erh.... (Score:2)
Mussolini used to be a journalist. He proved that you can directly contradict yourself in different articles and noone would ever notice. Well, not enough people to matter, anyway.
tracking a loser (Score:2)
hacking session (Score:5, Funny)
--
C:/> hack yahoo.com
Select hack type:
1) Denial of Service
2) Packet Trace
3) Steal Accounts
4) Get Root
Selection: 1
Enter Name: MafiaBoy
Proceed with hack #1 by MafiaBoy? [y/n]: Y
Hacking yahoo.com... please wait
...................FBI trace detected!
*abort*
C:\> cd 1337
C:\1337>
--
Thats pretty much all of the trace that the FBI released. I wasn't sure about the syntax of the hack command, but I guess this helps.
funny but true (Score:2)
Competent law enforcement? (Score:3, Interesting)
Yup, a DoS attack with enough punch to take down Yahoo. Originating from ... erm ... a dialup line. Hmmmm, sounds plausible to me.
Ok, sarcasm over.
The kind of tools s'kiddies use are made to be installed on compromised systems with a lot of bandwith. However, they can be triggered with very little traffic from the cracker (often via IRC since then the s'kiddie only has to make one connection.)
They knew when he was surfing a web page because they could see the HTML tags? Although it was 'more difficult' they could tell if it was an e-mail? They thought game traffic might be a DoS?
ffs! Have they not heard of port numbers?
It would be the first thing I would check! Kinda narrows down the options doesn't it - knowing what kinda traffic you would expect it to be.
It sounds from the article like they were literally just watching just raw body data from the packets.
Perhaps they could do with a touch more expertise and some better tools? Then again, maybe it was due to misunderstanding and/or inaccuracy by the journalist - the writer doesn't sound like they quite know what they're talking about.
Julian
Re:Competent law enforcement? (Score:2)
It's called a smurf attack actually and it is quite plausible (or at least, was before most routers began blocking spoofed ICMP broadcast echo packets).
It's a pretty simple attack. Just spoof the source address of an ICMP echo packet to your target machine, and then broadcast it to a whole shit load of hosts. Each of the hosts will respond to the spoofed address and you will have N packets per packet you send where N is the number of hosts. Usually, one would pick a thousand or even ten thousand hosts and from a dialup, you could bring down an oc3 in a matter of minutes.
Very few people were stupid enough to actually use this because 1) Most routers tracked these broadcast packets so you were likely to get caught if the receiver complained and 2) This was such a devistating attack that you were likely to do enough damage for someone to complain.
It is not exploiting or "hacking" the host machines though. It surely isn't turning them into "zombies" either. It's a very lame exploit.
BTW: For those interested, here is a link [attrition.org]. (Like I said before, this doesn't work any more and if you actually are dumb enough to use it, you will get caught very quickly).
Not exactly. (Score:3, Insightful)
I also assert that a smurf attack is not "easy" to trace. It's actually very time consuming and troublesome, especially if the person does something like launch an attack from a machine that is set up, cleaned of all evidence, and abandoned (permanently) and uses a diverse list of broadcasts so that each broadcast address is only used a couple times. Almost every person that has gotten in trouble for such attacks has been detected by their own upstream usage (i.e., highly aberrantbehavior that invites further investigation by their own provider or upstream provider(s)) and/or a result of bragging about their exploits, ala mafiaboy and company. That said, it is a stupid and highly unoriginal attack (but just because it's stupid and foolish doesn't mean it can't be used to great effect) Anyone that launches an attack from their OWN modem or similar traceable equipment is both especially stupid and doomed.
Re:Not exactly. (Score:3)
Ten thousands is not impossible. A thousand fold was not horribly uncommon either (although I guess much lower figures were more common).
Still though, considering a 56k modem has an uplink of about 3k, using 500 hosts this translates to about 1.5MB which is enough to do some serious damage.
I also assert that a smurf attack is not "easy" to trace.
It is easy to trace via upstream usage as it is a horribly uncommon thing to do. After the fact though, I agree that it is quite difficult to trace. Of course, the people who are tracking most of this stuff are pretty dumb so it would be pretty easy to get away with if enough time was put into preparation.
Of course, as you point out, it's not a very elegant attack.
Mandatory restrictions (Score:2)
I have seen many "They should do that" posts from people that are 13-17 years old. The whole idea is to try and gleam knowledge from your elders. [And here is the eternal problem- young people ALWAYS know better than every elder; regardless if the elder went through the exact same thing]
I know that both the eld and young both will ignore me, but I post this in the hope that maybe one, just one, person will actually think about the morality of the stories they convey to their children. Maybe stories of lore, where honor actually meant something? (For the young here, the word "honor" meant that what you said is what you would do, no matter what. If you said you would heal your mortal enemy, you would, and then send him home to his family.) Because "honor" is now second place to "winning".
And our world shudders.
Re:Mandatory restrictions (Score:2)
So your argument is that people who are not undergoing an experience have no right to comment on that experience? I would tend to strongly disagree with this. If anything, typically individuals who are undergoing an experience become bias towards that experience and are unable to objectively view the situation.
One would think that the individuals who's criticism would be most valued by people raising children are those without children as it would be the most objective.
The whole idea is to try and gleam knowledge from your elders. [And here is the eternal problem- young people ALWAYS know better than every elder; regardless if the elder went through the exact same thing]
Well, there is a bit of truth in your statement, but there's a less common problem that you point out in it. Age--and experience--does not automatically create wisdom. In fact, the arrogance typically associated with age tends to be it's greatest downfall. Just as a high school student is arrogant because they are now the oldest ones in school, middle aged folks tend to believe all-the-sudden, they've inherented the knowledge of the world. This just simply isn't true.
Maybe stories of lore, where honor actually meant something?
You describe honor as something that I should never wish to possess. If honor is keeping one's word at any expense, then it is fatally flawed. If I pledged my aid to a friend who, at the time, seemed honorable but then found out he was selling drugs, should I continue to aid him for the sake of honor? I think encouraging objectivity and rationalization is far more important than honor...
Mafiaboy is only part of the story (Score:2)
Having a front row seat to the whole ordeal, I can say that mafiaboy is only a small part of the overall story, which is far more interesting and would make for a much better book. I'd be glad to tell it in detail if someone offered a book deal.
The real people involved are probably too incapable of doing it themselves, so I figure it'd be better to write it myself and give them a cut of whatever I make.
It's a miracle they were able to catch mafiaboy (Score:2)
The RCMP officers mentionned in the article once busted a scammer operating from Canada; when they seized the computers and server, they brought them to the supplier to "fix them". Thing is, they swapped hard-disks, and the server hard-disk ended-up in a workstation. Needless to say, the tech was really surprised to see a server come up on that workstation...
So, it only shows that the RCMP are royal-class fumblers and it's a miracle that their evidence was able to stand-up in court... (Or the scammers' defense was totally inept - or the court stupid).
Re:hhmm (Score:2, Funny)
Re:hhmm (Score:2)
For those who don't know, the RCMP have a few different functions. Originally the Northwest Mounted Police, they were created in order to have a Canadian presence in the western territories, out of fear that the US would just annex the whole damned thing if we didn't actually have any armed people there. That, and those pesky Metis rebels I suppose. They have a few different roles: They are domestic investigative law-enforcement force, kind of like the FBI. In addition, they act as a regular police force in provinces that don't have their own provincial police. So they're also like State Troopers. They don't actually wear those red uniforms except for show.
Re:The FBI exists only for the FBI's sake (Score:1, Insightful)
Re:Layman's Terms (Score:2)
What's an average e-mail message? 1 gigabit = ~125 MB When I archive (yes... outlook) my older emails I can barely fit a month on a CD... and I'm nowhere near 3.5 million emails. I guess this would make sense if a person never received any images or Pr0n.... err ya right.
When I did the math, I determined that the "average" email used for that calculation is about 2.1 kilobytes. Seems like about right for an average. Remember that Outlook stores a whole bunch of indexes and stuff which would make your email archives a lot bigger than the actual content of the email.
Re:Script Kiddies (Score:3)
A script kiddie is someone who only is capable of using pre-written exploits.
A cracker is someone who, although may use existing exploits, has the ability, and uses this ability, to create new exploits.
Software development books do preach code reuse but it is also understood that a software developer could never survive if they had no ability to write software and instead, just banged on the keyboard hoping something would eventually be created. In programming circles, these people are called "code monkeys" as they are about as useful as a monkey pounding on a keyboard.
So, script kiddie is to cracker as code monkey is to hacker.
Re:Why is OSS dangerous in the eyes of Candian law (Score:2)