Skip to main content

'Mafiaboy' breaks silence, paints 'portrait of a hacker'

Doug Gross
Michael Calce, once known as "Mafiaboy," shut down sites like eBay, Yahoo! and before his arrest at age 15.
Michael Calce, once known as "Mafiaboy," shut down sites like eBay, Yahoo! and before his arrest at age 15.
  • "Mafiaboy" is the autobiography of Michael Calce, a hacker who took down big sites as a teen
  • Calce's targets in 2000 included Ebay, Yahoo! and
  • Calce says hacking is far easier now than it was when he was active
  • Hackers
  • Internet
  • Books

(CNN) -- Michael Calce once briefly shut down this site.

It was February 8, 2000, and the then-15-year-old was egged on by a fellow hacker who believed would be impossible to bring down because of its "advanced networks" and "huge traffic numbers." It took Calce just a few minutes.

"The sense of power I felt was overwhelming," he wrote later of the attack, which slowed's news operations for nearly two hours. "It was also addictive."

By then, the Canadian teen better known as "Mafiaboy" had already made national headlines by toppling Yahoo!, eBay and E*TRADE with a brazen series of denial-of-service attacks, which usually involve barraging a website with so many requests that its servers are overrun.

It's a story he tells, breaking years of silence, in "Mafiaboy: A Portrait of the Hacker as a Young Man," which chronicles Calce's rise to becoming arguably the most famous, or infamous, computer hacker ever.

The book, co-written by Craig Silverman, takes Calce from the day he got his first computer at age 6 to the secretive chat rooms of a then-burgeoning hacker community.

Along the way he single-handedly prompted then-President Bill Clinton to convene a cybersecurity summit at the White House. Attorney General Janet Reno swore her office wouldn't rest until he was arrested.

Those are deep political and legal waters for a kid who, when the police finally busted him, was having a sleepover at a friend's house, staying up late eating junk food and watching "Goodfellas."

"My attacks of 2000 were illegal, reckless and, in many ways, simply stupid," Calce writes. "At the time, I didn't realize the consequences of what I was doing."

Calce eventually pleaded guilty to 56 counts stemming from hacking and attacking the sites. He was sentenced to eight months in "open custody" at a rehabilitation home for youths and spent another year on probation.

Calce's message now, a decade later? It's way easier to do what he did now than it was then.

"Twelve years ago, they actually were real hackers. You had to work and build your arsenal of tools," he said. "These days, they make hacker desktops that you just download and you have every tool out there on the market. If you're interested and you want to be a hacker, you can be a hacker in 30 minutes."

And while Calce and many of his compatriots hacked more out of curiosity than anything else, he said many of today's generation of hackers have crime, or even espionage, in mind.

"I could have launched those attacks and tried to make money off of it," said the former online bad boy, now a Montreal, Canada-based Internet security consultant. "I was more (about) running tests. Everyone at that point in time was running tests and seeing what they could do and what they could infiltrate."

Calce talked with recently about hacking, Internet security and why Facebook, Twitter and other popular online sites can be a bad thing. Below are excerpts from that conversation.

On misconceptions about the term "hacker"

"The problem is that, over the years, it's been misconstrued. The media has used it a couple of times improperly. The problem now is that anything associated with hackers or hacking is in the malicious sense when that's really not true. A hacker is anybody looking to manipulate technology to do something other than its original purpose. That's not necessarily a bad thing."

On recent hacking by "Anonymous" and "Lulzsec"

"They're a different breed. They're considered 'hacktivists.' They hack for a lot of political reasons. They believe information should be free. But some of them do have malicious intent.

"It's really hard to classify them in the white-, black- or gray-hat hacking, but if I had to pick one, I'd probably go with gray. And you're going to see a lot more of these groups. Technology being where it is, it allows people to fight back. (Compared to traditional political protests) what Lulzsec and Anonymous are doing is way more potent in actually trying to awaken people and raise awareness.

"Not that I really condone what they're doing, but I understand their point."

On the risks of Facebook

"I do have a Facebook account, but it's very, very limited. I don't use it in the same fashion that other people would. There are people putting up hundreds of pictures of themselves, updating their status every 10 minutes and adding people they don't know just so they can say they have 1,000 friends.

"We're putting too much information online. I understand the networking part. But the way it's being utilized right now is not going in the right direction. People are data-mining. (Facebook) is such a viable spot for hackers to launch viruses and trojans. People just don't understand the ramifications."

On the prospects of "cyberwar"

"We're going to see a lot more cyberattacks. .. It probably could be the next world war for all we know. It could be online.

"Places like China actually have hacker camps. They're training you to infiltrate government secrets and whatnot. The government is going to have to realize that they're going to need to fight dirty the same way. You're going to need hackers to fight hackers; that's just how the world is evolving right now.

"You're going to have to set up hacker schools to train people. Hacking can be in the positive fashion. There is a white-hat side to hacking and I think we're going to need to breed a lot of white-hat hackers right now to fight the black-hat hackers. Right now, they're winning the war."

On how to stay safe online

To be safer online Calce suggests the following:

_ Stronger passwords:

"The No. 1 problem is strength of passwords," he said." A lot of people don't use strong passwords. It's getting a bit better, because websites are forcing you now to make longer passwords."

_ Adding firewalls

Calce suggests protecting your computer with "after-market" firewall software, meaning not just relying on the ones already installed on your computer. "Without having a firewall, it's basically like leaving your home with the doors unlocked and the windows open," he said.

_ Be wary of open Wi-Fi:

"Almost every router is installed with Wi-Fi now," Calce said. "Wi-Fi is so incredibly easy to crack or manipulate and people fail to realize this. Even if you are on password-protected Wi-Fi, it's so buggy to the point where it's very easy to crack wireless passwords."


Most popular Tech stories right now