14 year old boy takes down Amazon, CNN, Yahoo!, and eBay. Also CMMC and DDoS Attacks...
September 16, 2020
A 14 year old boy took down Amazon, CNN, Yahoo!, and eBay...well 20 years ago that is, but still very impressive. Who is he? How did he do it? Why did he do it? Was he Caught? What damage did he cause? And where is he now?
Which hacker brought down Amazon, CNN, Yahoo! and eBay?
MafiaBoy, real name Michael Calce, was the hacker that brought down Yahoo!, Fifa.com, Amazon.com, E*TRADE, eBay, and CNN. He was born in 1986 in the West Island area of Montreal, Quebec. At the age of six his dad bought him his own computer, it had a profound effect on him, Mafiaboy says “There was something intoxicating about the idea of dictating everything the computer did, down to the smallest of functions. The computer gave me, a six-year-old, a sense of control and command. Nothing else in my world operated that way".
How did MafiaBoy bring down Amazon, CNN, Yahoo!, and eBay?
On February 7, 2000, MafiaBoy launched project Rivolta, meaning "rebellion" in Italian. First targeting Yahoo!, the world's top search engine and a multibillion-dollar web company. Rivolta was a denial-of-service attack in which servers become overwhelmed with requests to the point where normal traffic is unable to be processed and they become unresponsive to commands. Over the next week MafiaBoy brought down eBay, CNN, and Amazon.
Why did MafiaBoy bring down Amazon, CNN, Yahoo!, and eBay?
According to MafiaBoy, his goal was to establish himself and his hacker/cybergroup, TNT, online/in the cyberworld.
Was the hacker MafiaBoy caught for bringing down Amazon, CNN, Yahoo!, and eBay?
Soon after the attacks both the U.S. Federal Bureau of Investigation and the Royal Canadian Mounted Police conducted an investigation into who was behind the cyber attacks that brought down Amazon, CNN, Yahoo!, and eBay. MafiaBoy recounts "You know I'm a pretty calm, collected, cool person, but when you have the president of the United States and attorney general basically calling you out and saying 'We're going to find you' ... at that point I was a little bit worried,I started to notice this utility van that was parked at the end of my street at, like, Sunday at 4 a.m., It was pretty obvious that they were surveilling my place.". The case eventually went to trial in Canada and was sentenced on September 12, 2001 to eight months of "open custody," one year of probation, restricted use of the Internet, and a small fine.
How much damage did MafiaBoy cause by bringing down Amazon, CNN, Yahoo!, and eBay?
It’s not exactly sure how much monetary damage his attacks caused but estimates range from roughly $7.5 million, according to the trial prosecutor, and $1.2 billion in global economic damages, according to Matthew Kovar (a senior analyst at a market research firm).
Where is MafiaBoy today?
Today Michael Calce runs a company called Optimal Secure that tries to find weak points in company networks and helps businesses understand just how vulnerable they are.
Cybersecurity Maturity Model Certification (CMMC) and DDOS Attacks.
Some CMMC practices related to distributed denial of service attacks include incident response, firewall configuration, and logging. Companies with CMMC requirements are required to deploy a firewall. This can help prevent DDOS attacks from impacting systems on the internal network. Companies with CMMC level two or higher requirements need to have incident response procedures in place. This includes preparing incident response personnel for incidents, developing a plan to contain incidents such as DDOS attacks, and how to recover from attacks. Companies with level two and higher CMMC requirements will need to monitor their systems for signs of an attack, this includes DDOS attacks. This generally involves leveraging an intrusion detection system. If you would like more information on CMMC related requirements feel free to reach out to us at email@example.com.
Discover Our NIST SP 800-171 Solutions:
For contractors seeking compliance
For IT service providers
Supply Chain Verifier
For contractors seeking to verify partner compliance