Hacker known as 'Mafiaboy' pleads guilty on 55 charges
buddy_holly
several major Internet sites including CNN, Yahoo and Amazon.com, pleaded
guilty on Thursday to 55 charges of mischief."
http://www.cnn.com/2001/TECH/computing/01/18/mafiaboy.ap/
Tim Haynes
Since when was hacking involved in `crippling' `Internet sites', whatever
they might be?
Since when was mischief something to be "charged" for?
Curse of the over-anal beaurocrats strikes again.
~Tim
--
Another day, |pig...@glutinous.custard.org
Another kernel recompile |http://piglet.is.dreaming.org
Barry Margolin
Tim Haynes <pig...@glutinous.custard.org> wrote:
>"buddy_holly" <buddy...@younameit.orgy> writes:
>
>> "MONTREAL, Quebec (AP) -- A teen-age computer hacker accused of crippling
>> several major Internet sites including CNN, Yahoo and Amazon.com, pleaded
>> guilty on Thursday to 55 charges of mischief."
>>
>> http://www.cnn.com/2001/TECH/computing/01/18/mafiaboy.ap/
>
>Since when was hacking involved in `crippling' `Internet sites', whatever
>they might be?
He was involved in a DDOS attack against those sites, wasn't he? Isn't
that a type of hacking? Remember, the lay press uses the term "hacking" to
refer to just about all types of computer abuse; the distinctions between
cracking and DOS attacks are not significant to most people.
>Since when was mischief something to be "charged" for?
"Mischief" is the name of a crime, just as "fraud" and "theft" are.
--
Barry Margolin, bar...@genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
Alun Jones
>
> > "MONTREAL, Quebec (AP) -- A teen-age computer hacker accused of crippling
> > several major Internet sites including CNN, Yahoo and Amazon.com, pleaded
> > guilty on Thursday to 55 charges of mischief."
> >
> > http://www.cnn.com/2001/TECH/computing/01/18/mafiaboy.ap/
>
> Since when was hacking involved in `crippling' `Internet sites', whatever
> they might be?
Since the media determined that they liked the idea of "hacker" being a term
for malicious malfeasance against other people's computers, and since they
figured that much of the general population can't tell the difference
between Web and Internet. And can you blame them, given the marketing
generated by the computer industry?
> Since when was mischief something to be "charged" for?
Read your dictionary. Mischief ain't limited to childhood pranks. Perhaps
you've not heard of the term "criminal mischief".
> Curse of the over-anal beaurocrats strikes again.
Curse of the lack of dictionary is more like it. While you're buying one, a
spell-checker wouldn't go amiss.
Alun.
~~~~
[Note that answers to questions in newsgroups are not generally
invitations to contact me personally for help in the future.]
--
Texas Imperial Software | Try WFTPD, the Windows FTP Server. Find us at
1602 Harvest Moon Place | http://www.wftpd.com or email al...@texis.com
Cedar Park TX 78613-1419 | VISA/MC accepted. NT-based sites, be sure to
Fax/Voice +1(512)378-3246 | read details of WFTPD Pro for NT.
JWMeritt
>Since when was mischief something to be "charged" for?
Since quite a while ago. Maybe you'd better look at the law before something
unpleasant happens to you.
James W. Meritt, CISSP, CISA
National Security Team
Booz*Allen & Hamilton
Tim Haynes
> >> http://www.cnn.com/2001/TECH/computing/01/18/mafiaboy.ap/
> >
> >Since when was hacking involved in `crippling' `Internet sites',
> >whatever they might be?
>
> He was involved in a DDOS attack against those sites, wasn't he? Isn't
> that a type of hacking?
Not really. It sounds like brute force to me, zero elegance requried.
> Remember, the lay press uses the term "hacking" to refer to just about
> all types of computer abuse; the distinctions between cracking and DOS
> attacks are not significant to most people.
Since when was `most people' a determinant of correctness?
> >Since when was mischief something to be "charged" for?
>
> "Mischief" is the name of a crime, just as "fraud" and "theft" are.
Balls to that, then. I ain't migratin' any time soon.
~Tim
--
The sun is melting over the hills, |pig...@glutinous.custard.org
All our roads are waiting / To be revealed |http://piglet.is.dreaming.org
Tim Haynes
> In article <86ely0c...@potato.vegetable.org.uk>, Tim Haynes
> <pig...@glutinous.custard.org> wrote:
> > "buddy_holly" <buddy...@younameit.orgy> writes:
> >
> > > "MONTREAL, Quebec (AP) -- A teen-age computer hacker accused of
> > > crippling several major Internet sites including CNN, Yahoo and
> > > Amazon.com, pleaded guilty on Thursday to 55 charges of mischief."
> > >
> > > http://www.cnn.com/2001/TECH/computing/01/18/mafiaboy.ap/
> >
> > Since when was hacking involved in `crippling' `Internet sites', whatever
> > they might be?
>
> Since the media determined that they liked the idea of "hacker" being a
> term for malicious malfeasance against other people's computers, and
> since they figured that much of the general population can't tell the
> difference between Web and Internet. And can you blame them, given the
> marketing generated by the computer industry?
Yes, I can, and do, for not doing their research properly.
> > Since when was mischief something to be "charged" for?
>
> Read your dictionary. Mischief ain't limited to childhood pranks. Perhaps
> you've not heard of the term "criminal mischief".
Perhaps you've not read the original quote, up above.
> > Curse of the over-anal beaurocrats strikes again.
>
> Curse of the lack of dictionary is more like it. While you're buying one,
> a spell-checker wouldn't go amiss.
Interesting, that's the first time anyone's suggested that. Get a proper
sig-sep, as well.
~Tim
--
The light of the world keeps shining, |pig...@glutinous.custard.org
Bright in the primal glow |http://piglet.is.dreaming.org
Mike
AFAIK he was involved in some brute force access, not in DDOS.
Mike
Alun Jones
<pig...@glutinous.custard.org> wrote:
> Barry Margolin <bar...@genuity.net> writes:
> > Remember, the lay press uses the term "hacking" to refer to just about
> > all types of computer abuse; the distinctions between cracking and DOS
> > attacks are not significant to most people.
>
> Since when was `most people' a determinant of correctness?
Since the English language began.
> > >Since when was mischief something to be "charged" for?
> >
> > "Mischief" is the name of a crime, just as "fraud" and "theft" are.
>
> Balls to that, then. I ain't migratin' any time soon.
Criminal Mischief is a legal term in Canada, the US, and England. Who says
you have to migrate?
ell...@virgil.chaos.net
> DOS or DDOS is NOT hacking.
> AFAIK he was involved in some brute force access, not in DDOS.
He was charged with a denial of service attack against cnn, yahoo,
ebay, amazon, excite, and etrade.
--
Matt Gauthier <ell...@crosswinds.net>
Barry Margolin
Mike <your_a...@pharma.novartis.com> wrote:
>DOS or DDOS is NOT hacking.
>AFAIK he was involved in some brute force access, not in DDOS.
The article was in the lay press, not a computer security journal. They
don't know the difference, and since it's irrelevant to their target
audience, I don't expect them to bother making such a distinction. They're
all just forms of computer abuse, which are lumped in general terminology
under the broad term "hacking".
Tim Haynes
> In comp.os.linux.security Mike <your_a...@pharma.novartis.com> wrote:
> > DOS or DDOS is NOT hacking.
> > AFAIK he was involved in some brute force access, not in DDOS.
>
> He was charged with a denial of service attack against cnn, yahoo, ebay,
> amazon, excite, and etrade.
The media's idea of DOS might not be ours, of course...
~Tim
--
4:15pm up 25 days, 18:27, 14 users, load average: 0.19, 0.11, 0.03
pig...@glutinous.custard.org |There's a lighthouse, Shining in the black,
http://piglet.is.dreaming.org |A lighthouse, Standing in the dark
Trųütmån
>The media's idea of DOS might not be ours, of course...
The websites were not accessible for several hours thanks to the little
hooligan. That - in my book - is a Denial Of Service.
Fine his parents and take his playstation away!
--
___________________________________________
Mike Trųütmån
http://www.troutman.org
http://www.zen-data.com
Tim Haynes
> pig...@glutinous.custard.org (Tim Haynes) graced us with the following:
>
> >The media's idea of DOS might not be ours, of course...
>
> The websites were not accessible for several hours thanks to the little
> hooligan. That - in my book - is a Denial Of Service.
Precisely. That's a denial of service, but whether you want to regard it
the same as a brute-force DoS or not is debatable.
> Fine his parents and take his playstation away!
Leave the sites down; they didn't have anything useful on them anyway ;)
~Tim
--
We stood in the moonlight |pig...@glutinous.custard.org
and the river flowed |http://piglet.is.dreaming.org
Barry Margolin
Tim Haynes <pig...@glutinous.custard.org> wrote:
>mikė@trųütmån.org (Trųütmån) writes:
>
>> pig...@glutinous.custard.org (Tim Haynes) graced us with the following:
>>
>> >The media's idea of DOS might not be ours, of course...
>>
>> The websites were not accessible for several hours thanks to the little
>> hooligan. That - in my book - is a Denial Of Service.
>
>Precisely. That's a denial of service, but whether you want to regard it
>the same as a brute-force DoS or not is debatable.
What difference does it make what technique he used? DOS is the result,
not a mechanism. It's not like the news report claimed that he used SMURF
when it was actually a SYN-flood (these are just examples -- I have no idea
what technique he actually used).
Tim Haynes
[snip]
> >Precisely. That's a denial of service, but whether you want to regard it
> >the same as a brute-force DoS or not is debatable.
>
> What difference does it make what technique he used? DOS is the result,
> not a mechanism. It's not like the news report claimed that he used SMURF
> when it was actually a SYN-flood (these are just examples -- I have no
> idea what technique he actually used).
Enough difference that I can brace myself for being woken up at 4am to find
the copy-cat attack techniques against my own servers...
~Tim
--
8:34pm up 25 days, 22:46, 12 users, load average: 0.03, 0.08, 0.03
pig...@glutinous.custard.org |Triggered to power, wired to pain,
http://piglet.is.dreaming.org |Direct-inject pleasure when the going gets tough
Barry Margolin
Tim Haynes <pig...@glutinous.custard.org> wrote:
>Barry Margolin <bar...@genuity.net> writes:
>
>[snip]
>> >Precisely. That's a denial of service, but whether you want to regard it
>> >the same as a brute-force DoS or not is debatable.
>>
>> What difference does it make what technique he used? DOS is the result,
>> not a mechanism. It's not like the news report claimed that he used SMURF
>> when it was actually a SYN-flood (these are just examples -- I have no
>> idea what technique he actually used).
>
>Enough difference that I can brace myself for being woken up at 4am to find
>the copy-cat attack techniques against my own servers...
You mean they can copy one type of attack, but not another type? Can't
script kiddiez download scripts to perform all of these attacks?
JWMeritt
>Enough difference that I can brace myself for being woken up at 4am to find
>the copy-cat attack techniques against my own servers...
If the individual pleads guilty, it doesn't matter at all.
And you may be suprised to find out that convictions come not from you, not
from the media, and not from judges but from juries. Maybe a glance at the law
would be in order.
Alun Jones
> Barry Margolin <bar...@genuity.net> writes:
>
> [snip]
> > >Precisely. That's a denial of service, but whether you want to regard it
> > >the same as a brute-force DoS or not is debatable.
> >
> > What difference does it make what technique he used? DOS is the result,
> > not a mechanism. It's not like the news report claimed that he used SMURF
> > when it was actually a SYN-flood (these are just examples -- I have no
> > idea what technique he actually used).
>
> Enough difference that I can brace myself for being woken up at 4am to find
> the copy-cat attack techniques against my own servers...
Then perhaps your news source should be CERT, not CNN.
Walter Roberson
JWMeritt <jwme...@aol.com> wrote:
:And you may be suprised to find out that convictions come not from you, not
:from the media, and not from judges but from juries.
MafiaBoy is in Canada. "Part XIX Indictable Offences -- Trial Without
Jury", paragraph 553, of the Criminal Code of Canada sets out several
conditions under which a provincial judge has an absolute right
of trial without jury.
553(a)(v) in particular includes "mischief under subsection 430(4)",
which refers in turn to 430(1.1) "Mischief in relation to data"
"(c) obstructs, interrupts or interferes with the lawful use of data;"
which pretty much includes the MafiaBoy attacks.
Thus, MafiaBoy did generally fall under a section of Canadian law
that would have required a conviction from a judge (not a jury).
The reason he did -not- fall under this section was that the claimed
value of the damage was more than $5000, and 553(a) limits the scope
to cases of at most $5000.
If one continues on in the sections immediately after 553, it appears
that because of the $5000 limit, MafiaBoy would have falled into the
category of offences that would give him the right to chose whether
to have a trial by judge only, or by judge and jury. If he had
choosen trial by judge, then his conviction would have been by a judge,
with no jury involved at all.
:Maybe a glance at the law would be in order.
Provided, of course, that one glances at the *applicable* laws -- which
in this case are those of Canada, where it is entirely possible for
convictions to come from judges alone in these kinds of cases.
JWMeritt
>
>MafiaBoy is in Canada. "Part XIX Indictable Offences -- Trial Without
>Jury", paragraph 553, of the Criminal Code of Canada sets out several
>conditions under which a provincial judge has an absolute right
>of trial without jury.
My error. However, he is still not convicted on the face of the media, which
one of his contentions.
All of which is irrelevant - the individual pled guilty.
>Provided, of course, that one glances at the *applicable* laws -- which
>in this case are those of Canada, where it is entirely possible for
>convictions to come from judges alone in these kinds of cases.
Very true, and I thank you for the information.
MP
"Mike" <your_a...@pharma.novartis.com> schrieb im Newsbeitrag
news:3a68...@guardhouse.chbs...
> DOS or DDOS is NOT hacking.
> AFAIK he was involved in some brute force access, not in DDOS.
>
> Mike
>
tools from others, they write their own.
Marc
>
>
Barry Margolin
You keep forgetting that the quote came from the *lay* press. In common
terminology, "hacker" means what we call "cracker".
Alun Jones
> In article <94jdlr$6h1$1...@news.stadt-frankfurt.de>,
> MP <marc.p...@stadt-frankfurt.de> wrote:
> >
> >"Mike" <your_a...@pharma.novartis.com> schrieb im Newsbeitrag
> >news:3a68...@guardhouse.chbs...
> >> DOS or DDOS is NOT hacking.
> >> AFAIK he was involved in some brute force access, not in DDOS.
> >>
> >> Mike
> >>
> >..it's only a lame sort of script kiddies, real hacker don't use finished
> >tools from others, they write their own.
>
> You keep forgetting that the quote came from the *lay* press. In common
> terminology, "hacker" means what we call "cracker".
. . .And what we call "hacker", they call "computer whiz". Then again,
they also use that term for the guy who gets a high-score on their Nintendo
boxes.
Arguing here about what the press should, or should not, be calling
individuals is a real waste of time. As far as this particular story is
concerned, it doesn't matter whether he lay a sophisticated plan involving
hacks to the C compiler source code in order to preserve and protect a
hidden master password, or simply told a bunch of his friends' computers to
hammer away with crappy network signals. He deliberately and repeatedly
used unauthorised access to cause a severe denial of service - and whether
the systems affected were adequately protected or not, that is a criminal
act. By pleading guilty, he even acknowledges that this is so.
Does it really matter _what_ they call him?
Matthew Montchalin
|Arguing here about what the press should, or should not, be calling
|individuals is a real waste of time. As far as this particular story
|is concerned, it doesn't matter whether he lay a sophisticated plan
|involving hacks to the C compiler source code in order to preserve and
|protect a hidden master password, or simply told a bunch of his
|friends' computers to hammer away with crappy network signals. He
|deliberately and repeatedly used unauthorised access to cause a severe
|denial of service - and whether the systems affected were adequately
|protected or not, that is a criminal act. By pleading guilty, he even
|acknowledges that this is so.
What was the name of the lawyer or law firm that represented him?
Bill Hudson
>
> Does it really matter _what_ they call him?
>
'scumbag' works too.
--
Bill Hudson