| & |
The hacker claiming to be a Canadian teenager who took down some of the Internet's most popular sites is well-connected but has never played in the big leagues before, security experts say.
That has investigators suggesting the hacker who calls himself "mafiaboy" is just a dupe for other, more experienced hackers.
"I don't think it's him", said John Vranesevich, a hacking expert the U.S. Federal Bureau of Investigation called in to work on the case. "I think it's someone he knows."
"He really hasn't done anything significant. At this point he's pretty much unknown."
Vranesevich's doubt illustrates the difficulty of tracking people on the Internet and verifying their identity.
Vranesevich, who maintains a database of more than 7,000 hackers, said he's been following mafiaboy's online chats with other hackers for more than six months through mafiaboy's Chicago Internet account.
While mafiaboy's Montreal account, with a firm now owned by Canadian provider Internet Direct, was closed more than a year ago, other investigators say they have linked him to another Canadian account.
Mafiaboy, Vranesevich says, is like the wannabe bank robber who's never done the big heist. While he wouldn't provide details on the hacker's other, smaller hits, a University of Washington network administrator told The Star that someone using the name mafiaboy had broken into the school's computers to access Internet chat lines without being traced.
The FBI wants to speak with mafiaboy but has been careful not to label him a suspect. A U.S. news network also reported last night that the FBI spoke yesterday with "coolio", a California hacker linked to the attacks.
The report said coolio had denied participating.
Another Justice official said investigators also are interested in talking to a hacker known as "nachoman."
In other developments yesterday:
Mafiaboy given sketchy identities |
Hacking consultants and upstart "experts" have been trying to assign sketchy identities to mafiaboy. Some are sticking better than others.
Michael Lyle, chief technology officer with Recourse Technologies, a California security firm, said he has transcripts of mafiaboy's Internet conversations with other hackers.
He said in an interview that he's confident mafiaboy either launched attacks against CNN.com and E*Trade himself, or that he was able to tell his friends to do it. He also said he believes the hacker is Canadian.
According to Lyle, in chat-group sessions, mafiaboy took instructions about which sites to hit. Moments later, the sites were flooded. Lyle said the person using the name was logged on to a Canadian Internet server.
Lyle also said mafiaboy admitted to him that he was the culprit.
Still, the Internet can hide identities. The person Lyle spoke with and that university network administrators say they have monitored could be one of many mafiaboys; he could live anywhere and be lying about his exploits.
Before last week's attacks, "mafiaboy" was a popular pseudonym. Vranesevich says it's only grown more so.
Even upstart security firms hoping to score publicity have gone online as mafiaboy, in hopes of luring hackers into revealing evidence.
Also, other hackers have begun using the name, Vranesevich said.
"They think it's funny when they sign on as mafiaboy and 20 reporters send them messages."
The RCMP was drafted into the investigation Friday to identify Canadian servers that might have been used.
"The FBI believe that one or more Canadian servers was used in the communication or to launch one of the attacks", Corporal Stephane Bonin said Tuesday. "So this is what our basis is, to try to identify the servers and people behind it."
Michael Gibson, of Internet Direct, said the RCMP approached him Monday night about mafiaboy.
Gibson said yesterday afternoon that the RCMP had not yet come to search the company data in Montreal, and that he would not give them access without a search warrant.
"We're starting to think it's a lot of hullabaloo about nothing."