A fifteen-year-old boy known online as Mafiaboy faces two counts of mischief for his alleged part in the early February spam-bomb denial-of-service attacks, which paralyzed some of the Internet's heaviest hitters.
Yahoo!, CNN, eBay, Amazon, eTrade, and other high profile websites were frozen at various times with massive barrages of messages generated by hackers, attacks which both put millions of Web surfers at a loss and raised new questions about security on the Internet.
The Royal Canadian Mounted Police say the boy had bragged about his part in the spam bombings in various Internet chat rooms, with police getting a search warrant and going to his home April 15, according to published reports. They seized computer equipment and software and arrested the boy, who is free on undisclosed bail.
But his freedom on bail carries severe conditions, including restrictions on computer use to school grounds and only under tight supervision. He's also banned from visiting any stores dealing in computer equipment.
The spam bombings involved Mafiaboy's use of unknowing "middleman" computers and ordering them remotely to flood targeted websites with phony traffic. Damage estimates from the attacks could run into the millions. Three computers - at the University of California Santa Barbara, Stanford University, and a Portland, Oregon home business computer - were identified as some of the unwitting conduits.
Authorities believe dozens if not hundreds of computers were used in that manner. The Mounties believe Mafiaboy might have used a California computer for his part in the attack, leaving enough traces for law enforcement to track him.
Meanwhile, there's some thought that the spam-bombers were little more than "amateurs too dense to be hackers," as Jeff A. Taylor wrote in the current issue of Reason. "More than anything," he wrote, "these attacks show that the U.S. government's long war against powerful encryption has kept such tools out of the hands of exactly the wrong people: One of the programs thought to have been used to launch the attacks uses encryption to mask what it is doing."
