One of the hackers the FBI wants to question in this month's spam-bomb Web jams involving high-profile sites seems to have a history of hacking big media Web sites.
He calls himself Coolio, presumably after the rap star whose signature hit was "Gangsta's Paradise", and he hasn't been accused explicitly of taking part in the spam-bombings. But MSNBC says Coolio and his cronies in a now-infamous Internet Relay Chat room known as #goonies have caused trouble on MSNBC's own chat server for at least a year.
Coolio's #goonies associates are also said to use a Web server dedicated to anti-World Trade Organization sentiments, www.sith-lord.org. "This site is not, nor will it ever be, an advocate of anti-capitalist sentiment," says an announcement on its main Web page. "It is specifically the subversion of democracy that is being carried out by groups like the WTO that this site is taking a stand against - We do not promote or condone anti-capitalist ideas or behavior."
The e-mail link on that page identifies its author as spectre. He says that page began as a bid to discredit and mock protesters who snarled the recent Seattle WTO conference. But it has "turned into my personal crusade to bring the truth to everyone…Laugh if you want, but the preservation of rule by the people depends on you knowing this. Did you know that the policies of the WTO affect our laws?"
Meanwhile, MSNBC says investigators are also looking at Canada-based hacker mafiaboy, thinking he tried some copycat hacking last week and toppling both CNN.com and eBay at the height of the spam-bombing denial-of-service attacks. He hasn't been named a suspect officially, but APBNews says sources close to the probe tell MSNBC mafiaboy is suspected actively of launching both the first attack on Yahoo and the CNN and eBay attacks.
MSNBC reporter Chris Donohue says computer vandals with nicknames matching those in Coolio's IRC room have used sith-lord.org's server to cause trouble on the MSNBC chat server, including one said to have been impersonating Coolio, though he wouldn't talk about last week's spam-bombing DOS attacks.
"We believe Coolio and other members who joined our chat have been able to flood users off our chat server," Donohue tells APBNews. "At this time we also believe they have not caused any permanent damage to our computer systems or to systems of the users they have flooded off."
Donohue also says several MSNBC chatters have threatened outright to disconnect users from the service before they were cut off. But sith-org's administrator has reportedly e-mailed MSNBC denying the server was used for any DOS attack.
"I was never made aware of my users acting in an inappropriate manner," the e-mail says. "Frankly, I find it hard to believe that people have been using my server to do these things for 'about a year,' since sith-lord.org hasn't even been registered for a year."
The spam-bombing sorties began Feb. 7, when Yahoo was frozen for three hours. The next day, Amazon.com, eBay, CNN, and Buy.com Web sites were jammed. A third day's attacks included two stock-trading Web sites. And on Feb. 15, as President Clinton and top Internet bigs were huddling on Web security questions, the federal Transportation Department's Web site was vandalized.
Coolio's name has popped up before regarding a number of cases of online mayhem. Last November, APBNews says, he claimed responsibility for hacking the school anti-drug program DARE and the Commerce Department's home page for the Chemical Weapons Convention.
Meanwhile, the FBI may believe the spam-bombing attacks cut a wider swath than first believed - an agency spokesman tells MSNBC about seventeen companies altogether were hit, thirteen with denial of service attacks directly, and four others unwittingly made to host software used to launch attacks. The spokesman also tells MSNBC some of the companies don't want their names exposed for fear of effects on stock.
And the Associated Press reports the FBI's Internet crime cases are quadrupling. The AP says the bureau and other investigators are checking into whether more copycat attacks are aiming at lesser-known Web sites.
New FBI computer hack probes have quadrupled since Yahoo was hit Feb. 7, with four new investigations coming since, involving those possible seventeen total attacks or conduits.
FBI Director Louis Freeh has identified three tools which likely were used in the attacks, the AP says: TFN for Tribal Flood Net, Trinoo and Straceldraht, some of which can be downloaded free at some Internet sites. Investigators also say dozens, even hundreds, of middlemen computers, known as zombie computers, were used unwittingly used in past distributed denial of service attacks, but only three have been identified in the current round - a computer at University of California Santa Barbara, a router at Stanford University, and a home business computer in the Portland, Oregon area, the AP says.
Attorney General Janet Reno has said she will ask Congress to tighten cybercrime laws, but she didn't quite back Freeh's suggestion that officials consider extending the Racketeering Influenced and Corrupt Organizations (RICO) law to cover cybercrime.
