This week, the country's second-largest health insurance company, Anthem, said hackers broke into a database with personal information about 80 million of its customers. It's just the latest in a string of large-scale cyber-attacks — Sony, Staples, Home Depot, and JPMorgan Chase have all been attacked in the last nine months alone.
In January, President Obama said the cybercrime laws that are supposed to protect consumers from such attacks — and give the government tools to prosecute cybercriminals — need to be updated.
Many of those laws are more than a decade old, the direct result of one hacking incident that was a wake-up call for the U.S. government.
While they might need an update, they're better than no laws at all — and for that, we have a 15-year-old to thank.
In 2000, a high school student named Michael Calce, who went by the online handle Mafiaboy, brought down the websites of Amazon, CNN, Dell, E*Trade, eBay, and Yahoo!. At the time, Yahoo! was the biggest search engine in the world.
"The New York Stock Exchange, they were freaking out, because they were all investing in these e-commerce companies," he remembers.
"And then it's like, 'OK — a 15-year-old kid can shut us down at any point? Is our money really safe?' "
For years after the attack, Calce declined to speak to the media, but he's recently begun to open up about his story. He says his goal had nothing to do with money — and that ultimately, he thinks, his attack has a positive impact.
The story begins when Calce got his first computer, at the age of 6.
"I was a pretty bratty kid. I come from a divorced family. My father had custody on the weekends and he wasn't exactly sure how to preoccupy me so he took a computer from his work and brought it home and was like 'Here, figure out what to do with it.' "
A few years later, Calce got a free trial of AOL. It was his first time on the internet, and within a few days the 9-year-old hacked the system so he could stay online past the 30-day trial period.
He got more and more involved in online hacker groups. In 2000, he launched the hack that made him famous — first taking over a handful of university networks, and then harnessing their combined computing power to attack outside websites.
"Basically when I hit enter on the keyboard, [the university networks] all respond at the same exact time and basically overwhelm websites with too much information," he explains. It's called a denial-of-service attack.
Within hours, he had taken down six major websites.
"The overall purpose was to intimidate other hacker groups," says Calce.
Back then, he says, "the whole of the hacking community was all about notoriety and exploration, whereas you look at hackers today and it's all about monetization."
For the national security apparatus, the attack was a wake-up call. President Clinton convened a cybersecurity working group. Attorney General Janet Reno announced a manhunt for Mafiaboy.
"You know I'm a pretty calm, collected, cool person, but when you have the president of the United States and attorney general basically calling you out and saying 'We're going to find you' ... at that point I was a little bit worried," says Calce.
He was right to be worried. The FBI was on his trail.
"I started to notice this utility van that was parked at the end of my street at, like, Sunday at 4 a.m.," remembers Calce.
"It was pretty obvious that they were surveilling my place."
The case eventually went to trial in Canada, where Calce is from. The Clinton administration sent cybersecurity experts to testify.
"It was a pretty big ordeal," says Calce. "It didn't really matter what I said at that point. They just wanted to make an example out of me."
He was charges with more than 50 crimes and eventually sentenced to eight months in a youth group home.
Today, Calce is what's called a white hat hacker. Companies hire him to help identify security flaws in their systems and design better security features. He says the internet is a far scarier place today than it was back in 2000. For one, there is more and more at stake as we rely ever more on online systems for our daily lives.
Looking back, he thinks some good did come from the attack he launched.
"It raised a lot of issues," he says. "It definitely advanced and created a pretty big focus on security, and the problems and inherent flaws that come with computers and internet."
Transcript
ARUN RATH, HOST:
This week, the country's second largest health insurance company, Anthem, said hackers broke into a database with personal information of about 80 million of its customers. It's just the latest in a string of large-scale cyber- attacks. So we thought we'd call up the original hacker, the one who started everything.
MICHAEL CALCE: My name is Michael Calce. I'm more commonly known by the handle of MafiaBoy.
RATH: MafiaBoy was infamous for pulling off the biggest hack ever in the year 2000. It all started with his first computer.
CALCE: I got my first computer when I was 6 years old. I was a pretty bratty kid. I come from a divorced family and, you know, my father had custody over me on the weekends. And he wasn't exactly sure how to, you know, preoccupy me so he took a computer from his work and brought it home. And he's like here, figure out what to do with it. And I was 6 years old.
RATH: And do you remember the first time you encountered the Internet?
CALCE: Yeah, absolutely. I was 9 years old the first time I went on the Internet thanks to an AOL CD that they mailed to you, and it offered 30 days of free Internet.
RATH: Just a few days later, 9-year-old Calce hacked the AOL system so he could stay online past the 30-day free trial. As a teenager, he got involved in the first online hacking communities. And in the year 2000, at the age of 15, he launched an attack that would turn cybersecurity into a front-page issue. He took down the websites of Amazon, CNN, Dell, E*Trade, eBay and Yahoo!. Here's how he did it.
CALCE: Basically, I compromised tons of educational networks - all the top universities and colleges in the United States of America. I breached all their networks and was able to combine them all to make one massive network. So basically when I hit enter on the keyboard, they all respond at the same exact time and basically overwhelms websites with too much information and render people offline.
RATH: Now, in the - when this case ended up going to trial, there was controversy over what you had actually intended to do. What were you intending to do with that - on that day?
CALCE: Right. The truth of the matter is - is that the overall purpose was to intimidate other hacker groups.
RATH: What's the aim of that, though, of that power? Like, you're king of the hackers in the end?
CALCE: Yeah, pretty much. I mean, at this point, when I was hacking and pretty much, you know, the whole of the hacking community was all about notoriety and exploration, whereas, you know, you look at hackers today, it's all about monetization and how can they get money.
RATH: So there was a manhunt. The FBI was looking for MafiaBoy. How did you hear about that at first?
CALCE: Well, I had figured at this point that people were going to be looking for me. But I wasn't worried about getting caught at that point. But when Janet Reno and President Clinton started, you know, publicizing and convening cyber-summits based on what I had done, I started to get a little worried at this point.
RATH: What's going through your 15-year-old brain at that point?
CALCE: Oh [bleep].
RATH: (Laughter).
CALCE: Yeah. You know, I'm a pretty calm, collected, cool person, but, you know, when you have the president of the United States and the attorney general basically calling you out and saying we're going to find you, I mean, you know, at that point I was a little bit worried and...
RATH: And then what was the moment of truth for you when you knew that you'd just been found out?
CALCE: I started to notice this utility van that was parked at the end of my street at like Sunday at 4:00 a.m. and stuff. And I'm like OK, like, I don't think they're fixing TV and Internet problems at 4:00 a.m. on a Sunday. So, I mean, it was pretty obvious that they were surveying - you know, surveying my place.
RATH: And talk about what happened with the trial, because you ended up serving eight months in open custody, but there were more than 50 charges against you.
CALCE: It was a pretty big ordeal. You know, they called in, like, supervisors and, like, IT professionals from Bill Clinton's circle and, like, an IT advisor from Washington under Bill Clinton came to testify. But at the end of the day, I ended up getting eight months in a group home facility because they didn't want me mixing with more hardened criminals. You know, I figure the whole thing was fixed anyways. It didn't really matter what I said at that point. They just wanted to make an example of me.
RATH: This attack showed what a single hacker could do, you know, taking down Yahoo!, which was bigger than Google back then. I know you think about these issues still a lot in your professional life. I'm wondering if it hadn't - if it hadn't been you back in 2000 that had done that huge annihilation of service attack - those attacks, how do you think the history of the Internet - Internet security - would be different?
CALCE: I think there would be less attention focused on it, and some good did come from the attack that I launched. You know, the New York Stock Exchange - I mean, they were like freaking out because they were all investing in these e-commerce companies, and then it's like oh, OK, a 15-year-old kid can shut us down at any point? Like, is our money really safe? So it raised a lot of issues, and I think that it definitely advanced and created a pretty big focus on security and the problems and inherent flaws that come with computers and Internet.
RATH: Michael Calce went by the online alias MafiaBoy. He pulled off the biggest hack ever in the year 2000. Now, he is what you might call a white hat hacker for companies. Michael, thanks very much, very interesting speaking with you.
CALCE: No problem. Transcript provided by NPR, Copyright NPR.
300x250 Ad
300x250 Ad