Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
The Internet

2600 Asks: Is Mafiaboy Real? 147

A couple of people sent the 2600 story that's currently running about mafiaboy, the alleged brains behind the spate of recent large-scale DoS [?] attacks. 2600 has an interesting claim - that they went on IRC as mafiaboy, and that the security expert who claims to have found mafiaboy was snowed by what they told him over IRC - snowed by lies.
This discussion has been archived. No new comments can be posted.

2600 Asks: Is Mafiaboy Real?

Comments Filter:
  • by Anonymous Coward
    Several Canadian papers are reporting today that the arrest of 'Mafiaboy' had to be rushed because the father was heard plotting an assualt on a 'business associate'. From today's Montreal Gazette:
    Montreal Urban Community police disclosed that while the RCMP investigated the suspect referred to as Mafiaboy, they wiretapped conversations about another crime being plotted.

    The boy's father is alleged to have conspired to have a business associate assaulted. The RCMP told MUC police about this around March 25. ...

    Det.-Lt. Lenny Lechman of MUC police said a decision was made to make simultaneous arrests because they felt the target of the plot was in danger.

    ``We felt the assault was very close to happening,'' Lechman said.

    Arranging the beating of an a 'business associate'? Hmmm... maybe this explains the kids nickname.

    (And why I'm posting anynonymously.)

  • by Anonymous Coward
    The girl who committed suicide went by the alias "eriss" and "x-error" and "DarkRaven" on IRC. Her real name was Cheryl and she used to hang out in #depression back in April/May of 1999. She went to Simon's Rock College [simons-rock.edu] for a little while until the school found out she tried to kill herself so they sent her back home (Honolulu, Hawaii). It's sad she had to get attached so quickly to an IRC dork like icee, but she was an extremely depressed little girl. Oh well.. If you want more details talk to ObsidianZ, Kobi_, `6, or any of the other long-time regulars of #depression on EFNet IRC. One of the ops/regs should still have logs of her last words on the channel before she jumped...
  • by Anonymous Coward
    Call him and find out, Mr. Insightful.

    Moderators, -1 for missing the blatently obvious.

    So there are too many posters. Shall the default threshold continue to be raised, drowning out the hopeful voices which made an effort to be heard?
  • by Anonymous Coward
    Let me start by saying that this post is as unofficial as it can get. This is only my opinion and does not necesarily reflect those of the RCMP.

    The DoS attacks happened between February 7 and 14, and we had already identified the place of residence (but not the identity) of the then suspect by February 15, when we started electronic surveilance, physical trailing and ultimatly perquisition and arrestation. Despite popular belief and conspiracy theories fans, we actually know what we're doing (no, really!) and didn't just go pick someone randomly only because of some chat session on IRC. It would be ridiculous to think that our whole case rest on something as shaky as an online conversation (which I have no doubt his lawyer will have a blast with, or at least try). While I won't deny the fact that we were under a lot of pressure, we took the time to build a IMNSHO solid case, which is why we didn't arrest him sonner. I would also like to point out that the boy is far from being a genius, and wasn't able to cover his tracks carefully. I can also tell you that our investigation did not stop with the arrest of this teenager and that we are looking for both additional evidence supporting further charges against him (he is currently only charged with 2 counts of criminal mischief) and for (possible) accomplices.

    And 2600 as a reliable source of information? No, seriously? =)

    As as side note, many people where looking for the identity of this teenager and assumed they simply missed it in their local newspaper. The Young Offenders Act prevents us from reveling any information that may lead to his identification in order to protect his current and future life as an adult.

    --Anonymous, but not coward (my regular account containt way to much information, and the last thing I want is a reporter at my door, which I'm not really sure my boss would appreciate).

  • by Anonymous Coward
    This security expert is simply a fraud. I know this because he was a regular in #depression and I've talked to him many many times. His ex gf was a regular there, and she killed herself by jumping out of her window because he was screwing around with some other girl that night. But thats not my point, my point is... Anyone could claim they found who did it, and he's just an example of this. He isn't a Shumormrofhrfdjdieh (however you spell that guys name who "caught" mitnick, heh), he's just a normal person on IRC who thinks "traceroute" is a secret tool (and im serious, I wish I kept the irc logs.. but then again, as 2600 was trying to prove, what do irc logs show?)
  • by Anonymous Coward
    taking someones virginity and ditching them in 3 days is hardly a normal romantic breakup, especially when the person kills herself
  • by Anonymous Coward on Friday April 21, 2000 @02:50PM (#1118141)
    Several years back, I had the pleasure of working for the ISP mafiaboy used to use as a provider. Then he managed to steal our RADIUS password file ( mind you security was very lax at the time ). He had shown us that he was cluefull to a certain degree however he was mostly blinded by his ego. I am not surprised that he could be the one who was responsible for the DDoS a couple of months back. Nor would I be surprised if he tried to take credit for it. He was liked that. During the incident, we had taken it up with his parents, who seemed not to care too much about it. His father said that he had discpined the boy but we found out that Mafiaboy was still up to no good. So in light of all this, I do believe that the RCMP did get their man and that Mafiaboy was stupid enough to get caught. On a side note, I did not read 2600's post to the world. "Keeping anonymous to protect the ... innocent ?"
  • by Anonymous Coward on Friday April 21, 2000 @12:22PM (#1118142)

    His homepage is http://www.ender.com/~icee/ [ender.com].

    He dated a girl [aloha.net] who later committed [direct.ca] suicide [altvampyres.net], partly due to his idiocy.

    He used to hang out on EFNet #depression.

  • See my tag line!

    Hail Eris!

  • I'm guessing that icee's real name has been in the media reports. (Haven't paid particular attention...) Check to see if that real name matches to the phone numbers given in the IRC logs.

    Yeah, someone posing as someone else could've given out that other person's phone, but why risk blowing your cover like that?
  • Yeah, and next we'll be tossing 8 year olds in jail. They should just grow up and be responsible for themselves! Just like that. All by themselves! If anything we've heard about this case is true, it sounds like the kids father is a lot more screwed up than he is. The kid should be punished, but not the way they seem to want to punish hackers these days. i.e. Lock 'em up and throw away the key. This is a kid. He deserves a chance to change. He isn't a violent criminal with no conscience. He's a kid that pulled a stupid prank. Yeah, it was a prank that caused a lot of commotion and probably caused some sites to lose some money, but I doubt the damage was anywhere near what they claim it was. They always blow hacking damages all out of proportion, usually be several orders of magnitude. Then they can never back up their claims. The kid should probably (at most) spend a month in juvie. Then they need to make sure he is taken care of. Sounds like his dad might not be around to do it.

    I don't have a problem with people being held responsible for their actions, but there needs to be some perspective on things. Destroying a kids life because he made a stupid error in judgement is not the answer.

  • You don't store the packet, you store the layer-4 flow information (address, protocol, port). It adds up to a lot in the end, but still not that much compared to what a mail and/or news-server pulls.

    Try taking a look a CAIDA [caida.org]

  • by scoof ( 2459 )
    > The internet was designed to be resistant to assault (nuclear or conventional) by rerouting around missing routers. Given the huge percentage of trafic going through Mae East and Mae West I would be sorta surprised if a well placed conventional attack couldn't all but deystroy it.

    Hi, my name is Andreas, I come from a different part of the world than the US. You might have heard of it? It's called Europe.
    For once I'd wish that people start realizing that more and more Internet traffic stays within the respective countries borders. The US is not what the internet is all about anymore.
  • Bowie, why did you shove this in a comment under a completely unrelated story? That's just bizarre, and perhaps unappropriate.

    Enough people like propaganda that I'm sure Malda would be willing to make it a Slashdot story.

    I like Propaganda, btw, and I might buy a T-shirt, but 100:1 seems kind of high. Dunno. How many shirts does copyleft push?

  • So she apparantly died in May of 1999, then I'm hoping on her homepage that "11.03.99" in the "what's new" section means MARCH 11, 1999 and not NOVEMBER 3, 1999 right?
  • Nahh... they're not seceding from Quebec until Quebec secedes from Canada. It's called partitionism. And actually, only parts of Montreal have adopted partitionists policies.

    I guess it's supposed to make Quebec scared that the rich anglos are gonna leave them and not support their economy. Nope, wait, that already happened. Well... whatever :)

    Droit devant soi on ne peut pas aller bien loin...
  • I don't know about anyone else, but I don't remember there being an awful lot of snow the day of those DDoS's. Am I wrong? Was there enough for some of the schools to have called snow days? I mean, sure, going to University, I'm not affected by the snow days as much, so a parent or high schooler would be best able to answer that.

    I'm really impressed, though, that the U.S. media have refrained from using the kid's name or his father's. I mean, technically, since they're not Canadian Media, they're not bound by the Juvenile Non-Disclosure edict. It's kinda nice to see them being respectful.

    Droit devant soi on ne peut pas aller bien loin...
  • Depends on the porn. We have an active censorship, and certain types of porn are not allowed past them. Sorry, don't remember which ones. Just remember, we don't have a first ammendment.
    Droit devant soi on ne peut pas aller bien loin...
  • And the way they used "oui" to imply he spoke French as well? Not well done. I mean, it could at least have been a "ouai".

    If they wanted to impersonate a Quebecor, they could've just asked some members here who would have gladly taught them how to swear in French, and then, when worked up, worked them in. You can usually tell whether the person swearing is from France or Quebec by this simple rule. If they're using holy words like chalice, tabernacle and so on, they're from Quebec. Anything else, and they're either from non-Quebec Canada or France. I'm not too sure exactly how the rest of the French world swears, just Canada and France.

    And about the snowday... I already mentioned that I don't remember there being enough snow for a snowday that day. But, then again, I'm not affected by them, so I'm waiting for feedback on that.

    I feel pretty sorry for the kid, though. In the Gazette(Montreal paper) they mentioned how some of his classmates said he said (check out the hearsay chain) he has to be uber careful... he can't even snark to the teachers or he'll be out on his ear. Damn, how an arrest sucks.

    Droit devant soi on ne peut pas aller bien loin...
  • Thanks for the clarification... I wasn't aware of that BC case.

    Droit devant soi on ne peut pas aller bien loin...
  • The internet was not designed to be resistant to nuclear or conventional assault. it was designed to permit people to timeshare on remote computers without the hassle of setting up direct connections each time.

    iirc, there was even the idea (briefly) of setting up a centralized switch in Omaha. packets, a relatively new idea, were just liked better for this application.

    At the time ARPANet started, ARPA financed all kinds of stuff not related to DoD. You can tell when they changed their policy to only financing DoD related work, 'cos they changed their name to DARPA.
  • So did this *security expert* actually urge someone he really thought was a teenager to use drugs and alcohol?

    Imagine being a prosecuter trying to explain to a jury how 2600's logs are proof of some crime.

  • Okay, so I'm a lamer. The only IRC channel I've been on was #hottub back in 1991. So, I have to ask, what does this mean?

    =icee= okay, we need to solve this trust problem, and prove you are who you say you are.. so the name of the channel.. it starts with a m. can you tell me it?

    =icee= #bifemunix is a rival.

    [mafiaboy] 3090

    [mafiaboy] good enough?

    So what does 3090 mean? It's just clicks and whisles to me...

  • by Logan ( 7529 ) <logan@vt.edu> on Friday April 21, 2000 @01:01PM (#1118158)
    You're just seeing how BitchX formats messages. =icee= is a dcc chat message from icee, *icee* is a regular message from icee. Same with [mafiaboy].


  • by Zen ( 8377 )
    Actually, Mafiaboy is not supposed to have been working alone. The general media has been getting it completely wrong. According to the article in the Wall Street Journal that I read about way back & posted [slashdot.org] earlier this month (look for Zen), there are supposedly two, count 'em TWO people involved in the DoS attacks. One extremely bright individual, who took down Yahoo for an incredibly long time, and one not so bright cracker who decided that it was kewl to do copycat crimes, and got himself caught. This second individual is Mafiaboy, not to be confused with the genius that took down Yahoo! Mafiaboy apparently left his fingerprints all over the place, and the original culprit did not. But for some reason, the media is not making the distinction between the two, and while I have not read a report that claims that he is directly responsible for the Yahoo! attack, I have read many articles that say that he was involved in the attacks that took down yahoo, etc, etc... Leading everyone to believe that he was the 'real' cracker. Food for thought.
  • I'm Mafiaboy and so is my wife!

    (with apologies to Monty Python)


  • heh, make what you will of this, but here's a /wi mafiaboy from efnet at about 1:15am 4/20 edt. me, i'm going to sleep.

    [mafiaboy.] (7777777@HSE-Toronto-ppp95609.sympatico.ca) [Canada ]
    [channels.] #irc.core.com #kznetworks #syndicate99
    [server...] irc.nethead.com ([] DOWN WITH PANTS)
  • by sammy baby ( 14909 ) on Friday April 21, 2000 @05:44PM (#1118163) Journal
    Legend has it that the really good crackers never say anything and are never known to the world. I don't know if thats really true or not (how could you verify it, really?), but everyone else brags a lot.

    Someone one asked Alfred Hitchcock what the ultimate crime was. His response: "The one we haven't heard about yet."

    Seems apropos.
  • Why does the log even have to be real, its a collection of text anybody could simply type into vi. IRC logs are not evidence, especially without at least some server headers or something.

    justin@jplt.com - http://www.jplt.com
  • I realize this is a bit offtopic, but interesting none-the-less. Has anyone paid attention to what Janet Reno has had to say about this whole thing? Here's [theregister.co.uk] an article at The Register. She says that this proves that the US can catch 'cybercriminals' but they haven't proven anything yet as Mafiaboy has not gone to trial. Reno is ready to let the kid hang. Anyone else thing that the US gov't is getting a little to crazy about this whole 'cybercrime' thing? IMHO, security belongs in the hands of the admins, not the gov't. If your computer is on the internet, secure it!
  • All the Reuters article says is that someone named Mafiaboy, like countless other "script kiddies", was looking for DoS programs. This is not exactly a smoking gun.
  • by Shoeboy ( 16224 ) on Friday April 21, 2000 @12:07PM (#1118167) Homepage
    Someone on IRC lying about their identity? It defies belief. I'd write more, but this 19yr old 36DD nympho I met online wants to meet me "alone and unarmed". I'm so excited!
  • Because i'm in school, you nugget. Now scurry back into your cave, troll. Sheesh

    Bowie J. Poag
    Project Founder, PROPAGANDA For Linux (http://metalab.unc.edu/propaganda [unc.edu])
  • Because I dont want _that_ much feedback. 800,000 people dont need to know that i'm scratching my chin today. That puts me on a level with Elian Gonzales coverage. :)

    I honestly dont know how many shirts Copyleft is has made. I havent recieved any cashflow from them, although they have told me that sales were "moderate". Heh.

    100 shirts means $300 bucks in my pocket from royalty checks. That would make me happy. My landlord too. :)

    Bowie J. Poag
    Project Founder, PROPAGANDA For Linux (http://metalab.unc.edu/propaganda [unc.edu])
  • I did the same thing for a year, actually. Except I wasnt Fry Clerk at McDonalds. I was the Network Manager for the Chem department's visualization lab.

    Oh, and by the way, you're welcome. I'm glad you enjoy my work.

    Bowie J. Poag
    Project Founder, PROPAGANDA For Linux (http://metalab.unc.edu/propaganda [unc.edu])
  • I love how icee says that he's a 20 year old, sitting around, eating pizza. Then a bit further down the chat log, he starts in with this long diatribe about how back in the day, when he was "in the scene," things were different, and there was respect, and a bunch of other holier than thou stuff. Wow, those 20 years made him pretty wise, huh? I'm 21 now, and was following the hacking scene for a bit as a teenager, and it wasn't much different. Except people were using DOS instead of Win98. Big deal.
    It cracks me up to see how much bragging some of these dumbasses do.
  • Sort of hard to tell given that we haven't been shown the evidence.

    This really tells us absolutely nothing but NPR was just reporting that the father of the kid has been arrested too. Apparently on an unrelated charge: the phone was bugged because of mafia_boy and during the surveillance they heard the father planning an assault on a "business colleague"!

  • > Looks a bit like 'resume enhancement' for some has-been/never-was at some company..

    More importantly, resume enhancement for some politician / law enforcement officer, who has just sent out a strong We Will Protect Your Money (TM) message to the .com.owners, .com.consumers, .com.shareholders, and venture capitalists of the world. It's OK, folks. We have the highwayman in custody. You can spend your money safely now.

    Any time you have a crime (or even a prank) that causes hysteria, The Man will gladly imprison anyone he can pin the blame on, guilty or no. This has been true from long before the Lindberg kidnapping right up to the latest child-care "reconstructed memory" witch trials.

    In this case, they'll happily string up a Kipt Scriddie, so long as the media covers it well.

    If^H^H When it happens again, well, there's always another Kipt Scriddie found easily enough. Sure beats having to find the brains that make it possible.

  • Uhh...
    DHCP servers keep logs. Easily. Web servers keep logs. Many firewalls keep logs.

    IT's sort of like doing a manual phone trace.. but one CAN, with cooperation from admins along the way, find out *exactly* where packets are coming from.

    And the guy bragged about it too... to top it off.
  • I'm probably not alone. My corporate proxy server does not allow access to 2600's web site. Could some kind soul mirror the article on a site that I can reach?
  • by toofast ( 20646 ) on Friday April 21, 2000 @12:01PM (#1118176)
    I fail to see how they can trace this type of DDoS back to a single individual. With all the firewalls, DHCP's and other addressing schemes, good luck finding him. I think that it's all made up for the media, and to put businesses and people at ease, thinking that "if you screw the Internet you can get caught."
  • by starling ( 26204 )
    We do. You just can't see them any more.
  • Have you been moderated up *once* so far as funny, insightful, informative, or even underrated?
    Yes [slashdot.org]
  • The Internet was very well designed to stop any one entity to do that.

    A few years ago 'free DNS' person managed to reroot the entire DNS system. All he did was rename internic.net and netsol.com. But there would have been able to do just about anything to non-IPaddress based communication. Of course IP address based communication can be spoofed very easly. The internet was most certanly not very well designed to stop any one entity to [shutting it down].Infact the internet you could even say that the internet wasn't designed at all, but rather that it grew organicaly, with connections from thousands of people. Some of whome knew more then others.
  • think more clearly
  • It's not. Of all places, it's absurd to think that icee "guessed" Canada from the phrase "Sunny palo alto".

  • What relevance do any of these tidbits have to the article? Sweet FA, execpt they're about the same guy.

    It's gossip. It adds nothing to the story, or to whether mafiaboy exists or not.

  • Poor sucker, his home phone number is now posted
    all over the net.

    Anyone try calling him yet?


  • Considering how Hasbro has been stingy with their circumstantial intellectual property [slashdot.org] not to mention unhelpful to hobbyist programmers [biglist.com], I'd say they aren't the real "Stella" [atarihq.com] either!

  • by SwissPope ( 33213 ) on Friday April 21, 2000 @03:35PM (#1118186)
    The nickname being used was mafiaboy, not [mafiaboy]. The brackets are convention used to notate private messages sent from the client user to someone else. Similarly, enclosing the nick in asterisks is used to notate private messages received from another user. And enclosing the nick in equal signs is used to notate DCC chat messages received from another user.

    From the log:
    >>> icee [icee@dragon.ender.com] requested DCC CHAT from mafiaboy

    If the nick were [mafiaboy] this line would read:
    >>> icee [icee@dragon.ender.com] requested DCC CHAT from [mafiaboy]

    Got it? Good.
  • specially since they traced the logs on the routers..as the "security expert" who got trolled by 2600 pointed out, the QoS logs on the routers dont lie.
  • Mafiab0y even has an homepage!
  • [Also, no one from Quebec was arrested in this case; the 2600 people used some French to imply someone from Quebec
    (as there are more people speak French in Quebec then anywhere else, except France). The "security expert" didn't catch on, apparently. Mafiaboy is from Montreal.]

    Um...Montreal *is* in Quebec.
  • Isn't this wired tapping "illegal search and seisure" and the arrest based on "Prior restraint?" This type of arrest is Barbaric.

    No. The wiretap was in place because the boy was a suspect. The RCMP would have had a warrant, signed by some judge or another, allowing them to put the wiretap in place.

    Any evidence of any crime found in a legitimate investigation is permissable. This is why someone pulled over for speeding can be busted for, say, possession of a narcotic.


  • No, Woodlark, but our (I'm Canadian) Charter of Rights and Freedoms grants us as much.

    Section 2: Everyone has the right to the following fundamental freedoms:
    (a) freedom of conscience and religion;
    (b) freedom of thought, belief, opinion, and expression, including freedom of the press and other media of communication;
    (c) freedom of peaceful assembly; and
    (d) freedom of association.

    If you will recall, there is currently a case which is awaiting trial in the Supreme Court of Canada regarding posession of child pornography. The defendant has been let off by both the BC Supreme Court and the BC Court of Appeal. Both Courts have said that the laws against posessing child pornography are in fact a violation of the Charter right to freedom of expression.

    As to which kinds of pornography are stopped by Canada Customs, it's generally homosexual literature... They can't stop it any longer, though, thanks to a recent SCC decision which again referred to Section 2(b).

    Also, in answer to the AC who is a parent to the comment you replied to: I was talking about Canada, actually. Once you have given the police reasonable cause to investigate/question you, you are subject to prosecution on evidence found.


  • This is interesting, I'd like to know the details.

    I mean, how exactly was he partly responsible for her suicide?

    Oh, and one of the links is to a page which no longer exists.

  • It's a sad story, chat's are dangerous that way (so are MUCKs, I speak from bitter personal experience. Still, I have the experience to thank for turning me into the hard-hearted, misanthropic loner I am today, so I'm happy I went through it.)

    Well, for an appropriate quote, "I certainly hope someone stabs him [icee] in the eye."

    Maybe he'll get sued into oblivion by the kid and his Dad. That would be some justice, better than none.

    (Incidentally, for those who think I'm being a little hard on icee when I've never met him, let me just say, "I know his type." )

  • Hmm, It's always really interesting when someone who has lived a sheltered life, who thinks he/she understands words like heartbreak and predation responds to something like this. It's sort of like people who think they can't be conned. You can only go on believing that until you are conned. Everytime you trust another person, you open yourself up to being preyed upon. If you are lucky, you only open up to decent people who won't take advantage of you. If you are unlucky you get ripped off in a "love con."

    Cheryl had something valuable, something icee wanted. It is obvious that if the story really played out the way it seems to have, she was a notch on his belt and a sexual experience to store away for the future. Of course she shouldn't have committed suicide, but should he have done this to her? Although, from some cultural perspectives that would allow her to hold on to her honor. No, and just because he hasn't been punished for his crime (which may not fall into the realm of law) doesn't mean he shouldn't have to suffer for it.

    This guy pretended to care about her to get something from her, and then dropped her when he got it. It isn't helpful to anyone to allow a creature like this to go on in the world, unmarked and unscathed feeling no remorse for his actions.

    Actually, the most disturbing thing about this story, to me, is how close it is to the famous opera, Madame Butterfly it's almost the exact same story. I liked it much better when it was just an opera.

    I wish she hadn't killed herself, because that makes the nasty effects of one bad experience permanent. If she had survived it, she might've had a bright future. So, I would like to let anyone who has been used that it will get better and you can survive it. If you survive long enough, you may even get even, or have a chance to forget the thing because it becomes irrelevant. But this does not give people the right to use other people, it would be a really stupid world that allowed a guy like this to get away with no sanctions.

    If I had been her, I wouldn't have committed suicide, I'd have followed the road of Hell and chosen vengeance over honor... ... ...

  • Informative? Funny, maybe. Informative, not a chance.

  • Well..the guy they caught was on TV the other night and didn't ever deny he did it.
  • All the Reuters article says is that someone named Mafiaboy, like countless other "script kiddies", was looking for DoS programs.

    Maybe he just has a very old, pre-Windows PC...
  • Who is this masked marauder known simply as mafiaboy, you ask? Well, if you must know, he's my Canadian dwarven father. You got a problem with that? He lives in a subteranean cave covered by snow and he's being sustained by moose droppings. If you are still reading this, you are obviously a media whore, looking for his latest scoop, not unlike the one who supposedly captured this notorious hacker.

  • Wow, I thought that the only diff between Canadians and americans are those floppy heads.

    Isn't this wired tapping "illegal search and seisure" and the arrest based on "Prior restraint?" This type of arrest is Barbaric.
  • Call the phone number say, "Is icee there? This is mafiaboy."
  • Bwahahahahahaaahh! Well, if 2600 says it's true, then it's gotta be!! Of couse, what they're saying is true is that they were lying ... like that classic Star Trek episode where Spock frags an android by saying "Now listen carefully: everything McCoy says is a lie..." and McCoy says "I'm lying ..."

    It's a recursive prank! ;)

    Hmmm, maybe 2600 is being secretly sponsored by a certificate authority ...

  • No, you're right, it's Montreal BC, an old railroad town just outside Kamloops.

    Just kidding.

  • by ZahrGnosis ( 66741 ) on Friday April 21, 2000 @12:32PM (#1118203) Homepage
    Did anyone actually read this page before it got posted to SlashDot? The intro portion includes the following text:

    as you can see from the IRC logs below, we dropped a few clues that the person was in a country with snow and at one point "accidentally" spoke French to imply the province of Quebec. We were amazed when the blame actually landed on someone from Montreal.

    The snow reference referrs to the following block of text:

    =icee= but WHY do it?
    [mafiaboy] snowday
    [mafiaboy] haha

    And the French referred to a single use of the word "Oui", late in the chat log. Now, the first use of the word "Canada", appears way at the top and comes not from 2600 (mafiaboy), but from *icee*.. again, before 2600 mentions snow or french:

    *icee* oh, did you listen to our radio stuff up there in Canada, too?

    That's it. The rest of the conversation is harmless, and this portion would be harmless except for the statement that 2600 made implying that these comments helped lead researchers to Canada. Give me a break.

    I've got no idea who *icee* is, and 2600's claims that mafiaboy is fake or at least not the right guy are fine with me, but this conversation makes 2600 look less like they have a clue than the FBI who at least are talking about routing logs and web logs and real data. At least I got a laugh out of this:

    =icee= okay, we need to solve this trust problem, and prove you are who you say you are..
    [mafiaboy] 3090
    [mafiaboy] good enough?

    Yeah. Good enough. :-P

    1. The Internet was very well designed...
    Hah, no it wasn't. It was designed to facilitate the sharing of data. Noone put a great deal of thought into the security of IP -- this is very evident if you read many RFCs (there's one in particular that says, "This is not a bug. Do not fix it.") They had no idea they needed to create a virtual Fort Knox.

    Locks only keep the honest people out.
  • You can format messages how ever you want them formated. My format is somewhat of an "information overload" :-)
  • Canadian? Everyone knows the real mafiaboy is italian. Damn you oppressive government, leave our teenagers alone.
  • When Michael Lyle, chief technical officer of Internet-security firm Recourse Technologies Inc., first accused Mafiaboy of the attacks,(just a couple weeks after they happened) he based it on chat-room talk. People were very skeptical then, and I recall someone making similiar claims - that they had impersonated the DoS perpetrator in chat rooms.

    It appears the RCMP don't have much more. Maybe the arrest was just so they could search his computer for evidence, because from what's been reported in the press, there isn't any real hard evidence against him.
  • From the Yahoo article:

    James M. Atkinson, president and senior engineer of the Boston-based Granite Island Group, a technical counterintelligence firm, said computer logs show that Mafiaboy was looking for a "script" program and asking for information and assistance in IRC chat rooms last summer about how he can launch a denial-of-service attack

    From Granite Island Group [tscm.com] website, Mr. Atkinson's qualifications [tscm.com]:

    James M. Atkinson is a communications engineer, security consultant, and instructor with a reputation for designing and installing some of the most powerful secure communications systems used by both government agencies and major corporations.


    He is also a prolific computer programmer with over 142 published software titles ranging from accounting packages and databases to TSCM, cryptographic, signals intelligence and electronic warfare software.

    Mr. Atkinson has been trained by the U.S. Government in Intelligence, Covert Operations, Technical Surveillance, and Cryptanalysis; and is a graduate of the Defense Intelligence School with extensive field experience.

    A military veteran with eight years of service, followed by several years of employment with a U.S. intelligence agency, and holds a Top Secret security clearance.

    James M. Atkinson is one of a small number of people who have been formally certified and trained by the NSA as a TEMPEST Engineer, and Cryptographic Technician. He has extensive experience with the design and development of SIGINT systems to exploit and/or control compromising emanations. Additionally, he has many hours of experience working deep inside highly classified U.S. and NATO cryptographic, communications, and computer systems.


    Also, he maintains the worlds largest private reference library regarding technical surveillance devices, and TSCM protocols used internationally. Included in this library is a computerized database of almost a quarter million eavesdropping devices. This computerized database includes complex mathematic models which permit the evaluation and analysis of eavesdropping devices.

    In addition to a strong background in intelligence operations and electronics he also has extensive training in tactical operations, including Instructor and Master Instructor certifications for: Pistol, Shotgun, Rifle, Sniper Weapons Systems, Assault Weapons, Grenade Launchers, Chemical Weapons, Explosive Breaching, Stun and Distraction Devices, Straight/Expandable and Riot Baton, Non Lethal Use of Force, Specialty Impact Munitions, Riot Control, Vehicle Operations, and related tactical subjects.

    Reminds me of this college application essay [engr.mun.ca].

    Didn't somebody already mention that April Fool's is long past? Or is this the real life James Bond? What I can't figure out is why he's so eager to publicize his credentials... if I were he, I would imagine it would be more profitable to be invisible...

    Here's an interesting quote:
    James M. Atkinson has completed more Formal Technical Training (from Apple) than anyone else we have on record.
    - Apple Computer Training Department, Austin TX, Fall 1995

    And the kicker:
    In order to remain proficient, Mr. Atkinson attends at least 500 hours of formal security and technical training each year (a average of one day a week). He has currently completed over 12,500 hours of advanced security and technical training with industry leaders such as: Microsoft, Apple, AT&T, Sun, Silicon Graphics, Digital, Watkins Johnson, Hewlett Packard, Northern Telecom, Rolm, Cisco, IBM, Motorola, Toshiba, and dozens of others (including multiple government schools).

    He must be a God. (Or maybe he has a really boring life).

    Sheesh. Am I the only one who laughed at this?
  • Has anything ever happened regarding the Internet that 2600 wasn't _completely sure_ was a conspiracy?
  • Has anything ever happened regarding the Internet that 2600 wasn't _completely sure_ was a conspiracy?

    Ehh, can't think of any, but that doesn't mean they are not right. You know: "Just because you are paranoid doesn't me they are not out to get you."

    Naturally, we always have reason to be somewhat doubtful whenever the authorities claim to know the first thing about the Internet.

    I appreciate 2600's cynical attitude and they do have a point, don't they:

    There is (yet) no way to validate the authorities' claims. (Somebody please correct me if I'm wrong.)

    The log (if it is real) seems like a lot of coincidence.

    Still, I'm left with a "so what" feeling. So what if the authorities have/have not captured a cracker?

    So what if the authorities do not have a clue?

    So what? What's the story here?

  • The Reuters article [yahoo.com] mentions
    Police said investigators were able to nab Mafiaboy because he bragged about his exploits in online chat rooms.

    Yeah, right! 'Cause nobody ever lies on IRC.

    The story also mentiones the same conspiracy theory:

    Computer security consultant Brian Martin said the alias Mafiaboy was mentioned almost immediately after the denial-of-service attacks.

    "Mafiaboy was a name thrown out the first week," Martin said. "The question is ... was it the same one? Was he a glorified patsy or something? One arrest, three months ... a single charge? Sounds like the [FBI] was under a lot of pressure for a high-profile bust. Not the first time."

    I guess we'll never know...?

  • [I have never seen a place that allowed a nick longer than 9 characters..]

    Uhh, try irc.nevernet.net, for example..
  • by LordNimon ( 85072 ) on Friday April 21, 2000 @12:06PM (#1118213)
    In the article, they claim that just because their nickname was "mafiaboy", that several people, including the "security expert" who pointed out the Montreal teenager. Their evidence is an IRC log that shows someone named icee identified "mafiaboy" as the Montreal teenager.

    Well, if 2600's mafiaboy isn't the real mafiaboy, then how do we know that they were talking to the real icee?

  • I was thinking the same thing. I doubt that 2600 would be so naive to write an article when they were guilty of the very thing that they point out:
    The answer is to prove a point. That all one needs to do to be considered a suspect is change a nickname on IRC.
    I don't spend a whole lotta time in IRC, but it seems to me that 2600 might have made a silly mistake. I hope not though, anyone know more about this?

  • by Denor ( 89982 ) <denor@yahoo.com> on Friday April 21, 2000 @12:19PM (#1118215) Homepage
    Other posters have commented that this seems a bit paranoid, what with the evidence and all. 2600 is claiming that the FBI doesn't have the real Mafiaboy.
    Well, I claim that they're not the real 2600! We've been paying attention to a fake! Through subtle manipulation over an extended period of time, "2600" has usurped the rightful entity behind the name!
    The true 2600 is, and always has been, here [atari.com]

  • by ContinuousPark ( 92960 ) on Friday April 21, 2000 @12:40PM (#1118216)
    And his dad's too. I turns out [msnbc.com] that while they were after this canadian teenager, they discovered while wiretapping his house, that his 45-years-old dad was planning with a hitman to assault or scare the hell out of one of his business associates.

    So, be careful, you never know when the police is coming to get your son =)

    What a strange (and offtopic, I admit) coincidence.

  • that 2600 might actually be responsible for the arrest of that teenager in montreal? am i the only person this was suggested to by their writing? i mean, ok, they go on IRC and pose as someone from quebec. then someone from quebec gets arrested. maybe i missed something in 2600's write-up, but it seems to me they ought to be paying the kid's lawyer fees.

    i'm hoping someone proves me wrong on this...

  • by xant ( 99438 )
    I don't give a fuck about icee, mafiaboy, 2600 or any of this, but your comments I had to respond to. You're calling this guy a predator because of a failed romantic relationship. Grow up. Relationships fail in the real world with just as much regularity as they do on IRC. Nobody's a predator - I've had my heart broken in almost exactly the manner you describe above, and I've broken at least one heart, as has almost every adult alive. I'm a stronger, more complete person because of it - all of it. I've never been "preyed" on or "preyed" on anyone else.
  • > *icee* oh, did you listen to our radio stuff up there in Canada, too?

    >That's it. The rest of the conversation is harmless, and this portion would be harmless except for the statement that 2600
    >made implying that these comments helped lead researchers to Canada. Give me a break.

    You weren't following the script closely enough! Here's the bits relevant to the Canada revelation.

    [mafiaboy] i know you're not a fed. you're with Recourse Technologies in sunny palo alto
    *icee* oh, did you listen to our radio stuff up there in Canada, too?
    [mafiaboy] you were on the radio too???
    *icee* i think they're the only people i talked to who called it sunny palo alto

    2600 cleverly plants the radio clue which crafty *icee* picks up on.
  • by Carnage4Life ( 106069 ) on Friday April 21, 2000 @12:07PM (#1118226) Homepage Journal
    According th Reuters [yahoo.com] there are all sorts of ICQ, Usenet and IRC logs that connect Mafiaboy with the crime.

    PS: Read the articles linked to the above article and judge for yourself if Mafiaboy is the real culprit or not.

  • by Machina ( 110989 ) on Friday April 21, 2000 @01:09PM (#1118229)

    I won't anonymous coward this

    I happen to have been a friend of Cheryl's and I know this, for a fact, is true. Essentially the story goes like this

    • They meet on #depression
    • they fall in love (She REALLY fell for him)
    • Brings her to cali from Hawaii
    • He becomes her "first" (And for Cheryl, this was a MAJOR ordeal/moment in her life).
    • She goes home, happy, and absolutely in love.
    • A few days later, he tells her that he is still in love with his ex, and is getting back with her.
    • Her, being the emotional wreck and depressive girl she is, can't cope and ends up killing herself by throwing herself out th 17th story window of her apartment building

    Needless to say, I have the problems with the man, and I distrusted and disliked him during the brief time she was with him, when I got to talk to her, and I believe he truly did use her and preyed on her weaknesses. She had her problems, but Cheryl was truly a special girl, and I'm still angry for what she did to herself. I don't blame him so much for her suicide, but for his preying upon her.

    Nonetheless, I don't think I've ever hated someone as much as I hate "icee", and I've got no problem discrediting and ruining this predator. I just can't believe I've run into him again, now in the media... it makes my skin crawl. Nothing can repay for what he did to Cheryl.

  • Je ne sait pas pourquoi tout le mond parle de 'mafiaboy'? Il ne pas un 'mafiaboy', il est un 'mafia-garcon'!

    Have you ever being in Montreal? I spent 2 years there. Very nice downtown, it's called the "Old City" etc. On the other hand I think Canada has one of the highest rates of suicide among teenagers. Some of them commit suicide quitely and some become "Mafia-Garcons".

    On the other hand, I don't believe this story has any merit and BTW. why would a serious person cracking into some servers try to remove all his/her trails just to leave huge foot-steps all over IRC channels?
  • by MorboNixon ( 130386 ) on Friday April 21, 2000 @12:15PM (#1118236)
    ...he lives in the heart of you and me, in anyone who's every sat bleary-eyed in front of a CRT at 3-am, anyone who has subsisted on Pop-tarts, Zingers, and Mountain Dew, anyone who has been shunned by society only to find acceptance in the warmth of a x86 processor! Yes, he even lives in you, Scarecrow! Every time you lick the neon Cheet-o residue off your fingers so you won't get it lodged in your keyboard...MafiaBoy is with you...each time the BSOD causes you to flop on the ground like a Pokemon-induced seizure...MafiaBoy is there flinching too!...every time you've told a newbie to try 'this really cool command, rm -r *'...MafiaBoy was laughing right along! Don't you see, Timmy? You can't touch or see MafiaBoy, he surrounds us, invisible yet guiding us. So, when those kids tell you there ain't such thing as MafiaBoy, you tell em' what ol' MorboNixon told ya! And that, ya see, is the real meaning of MafiaBoy. Now let me tell ye how I invented the question mark...
  • To WAVE And win a free big screen!

    Come to papa!


  • by typedef ( 139123 ) on Friday April 21, 2000 @01:09PM (#1118241)
    Taken from Phrack #47

    Danny: Hosts a boring local radio program

    Emmanuel: Hosts a boring local radio program

    Danny: Quasi celebrity status among '70's freaks

    Emmanuel: Quasi celebrity status among telephone phreaks

    Danny: Periods of heavy drug usage

    Emmanuel: Periods of heavy drug usage

    Danny: Involved in sex scandal with another man

    Emmanuel: Involved in sex scandal with another man

    Danny: Last name is "Bonaduce"

    Emmanuel: Friends with Phiber Optik whose first handle was "Il Duce"

    Danny: Supplements income by doing desperate local talk shows whenever he can

    Emmanuel: Supplements income by doing desperate talk shows whenever he can

  • It seems to me everytime an alleged hacker is caught the media seems to just assume they are guilty. In the newspaper I see mafiaboy described as the hacker that did the DoS attacks. Meanwhile, on the front page I see a story about an ALLEGED shooter who shot and killed two people in front of a room full of people. I guess some guy who kills two people in front of a room full of people deserves a greater presumption of innocence then some 15 year old kid who brought down a couple of web sites.

    The media also seems to imply that these attacks had to do with some sort of great computer skills; any person with basic computer competence could do these attacks, most of us just aren't stupid enough to actually do it :P
  • Remember L0pht's saying they could bring down the internet quickly? It's probably true..

    I doubt it. Like all hackers/crackers, they are heavily inclied to braging. The Internet was very well designed to stop any one entity to do that. Its trivial to take down a few servers; its nearly impossible to take down the entire Internet, unless you have a good portion of the net working with you (we're talking 10%-40% or maybe more of the entire network).

    I think L0pht was just trying to scare a cupple of big suits. Remember, L0pht is hired by buisnesses to do cracks on thier system.

  • by hardburn ( 141468 ) <hardburn&wumpus-cave,net> on Friday April 21, 2000 @01:07PM (#1118251)

    In all the mainstream Mafiaboy stories, they point to IRC logs. Where are these logs? Why aren't they linked to, if they exist? If they aren't allowed to, then why not? Shouldn't that be evidence to show the press? Or is the FBI worried that anyone viewing the logs might see holes in their case? Or do the logs not exist? Is some FBI lacky makeing fake logs now to show later?

    What about Twinkies? When can I DoS a Twinkie? Will it work with fat free Twinkies? The people want to know!!!

  • As soon as a person is accused of an internet crime, create and publish some believeable yet absolutely fake backstory that brings the evidence into doubt

    to be fair, though the govt. was asking for it. Arresting somebody based on something as unsubstantial as an irc chat was bound to backfire.

    I know that when I was a kid I would have gladly claimed responsibility for some hack if it made complete strangers admire me. But I was young and stupid then. Fortunately, I'm not young anymore.

  • by meff ( 170550 ) <meff@[ ]erevision.org ['sph' in gap]> on Friday April 21, 2000 @12:05PM (#1118269) Homepage
    There are many, many distributed DoS systems. One person could indeed do this, and do it quickly, with the knowledge required..

    Remember L0pht's saying they could bring down the internet quickly? It's probably true..

    By certain buggy routers, etc.. amplifying the DoS affect, surely it could be done, and it would be like dominos.
  • by Ho-Lee-Cow! ( 173978 ) on Friday April 21, 2000 @12:46PM (#1118270)

    ...that basically this whole deal is going to turn into a huge media circus to make some opportunist, -somewhere-, some beaucoup cash. It might just be me, but everytime I see some 'expert' on computer security talking to the media at large, that we're probably dealing with some half-wit who can string the words together to get he sound bite.

    Looks a bit like 'resume enhancement' for some has-been/never-was at some company who'd look really good with some press attention, not investigation, n'est ce pas? Too bad that some 15 year old kid in Canada is probably going to take the fall so they can fatten their bottom line.

    But I'm an old fogey who checks my electronic fences, writes my letters to congress, opts out of as much as I can, and keeps my nose clean.

  • by bob1000 ( 174146 ) on Friday April 21, 2000 @01:59PM (#1118272) Homepage
    I didn't see this yet. http://dailynews.yahoo .com/h/is/20000421/bs/20000421028.html [yahoo.com]

    A quick quote:" Montreal police hauled the father in last week after investigators, who were monitoring his 15-year-old son via tapped telephones, overheard the father and another man make plans for the assault, police officials said"

  • by Analysis Paralysis ( 175834 ) on Friday April 21, 2000 @12:23PM (#1118273)
    There are a number of http proxies listed on this page [ijs.co.nz]. Filtering can be bypassed by using SSL encryption on URLs requested through these servers.
  • by mafiaboy ( 177449 ) on Friday April 21, 2000 @12:26PM (#1118279) Homepage
    Hey, let me set the record straight. I was framed.

Computer programmers do it byte by byte.