Michael Calce (born 1984, also known as MafiaBoy) is a security expert and former computer hacker from Île Bizard, Quebec, who launched a series of highly publicized denial-of-service attacks in February 2000 against large commercial websites, including Yahoo!, Fifa.com, Amazon.com, Dell, Inc., E*TRADE, eBay, and CNN. He also launched a series of failed simultaneous attacks against nine of the thirteen root name servers.
Calce was born in the West Island area of Montreal, Quebec, Canada. When he was five, his parents separated and he lived with his mother after she had won a lengthy battle for primary custody.[1] Every second weekend he would stay at his father's condo in Montreal proper. He felt isolated from his friends back home and troubled by the separation of his parents, so his father purchased him his own computer at the age of six. It instantly had a hold on him: "I can remember sitting and listening to it beep, gurgle and churn as it processed commands. I remember how the screen lit up in front of my face. There was something intoxicating about the idea of dictating everything the computer did, down to the smallest of functions. The computer gave me, a six-year-old, a sense of control and command. Nothing else in my world operated that way."
On February 7, 2000, Calce targeted Yahoo! with a project he named Rivolta, meaning "rebellion" in Italian. Rivolta was a DDoS (distributed-denial-of-service) attack in which servers become overloaded with different types of communications to the point where they become unresponsive to commands.[2] At the time, Yahoo! was a multibillion-dollar web company and the top search engine.[3] Mafiaboy's Rivolta managed to shut down Yahoo! for almost an hour. Calce's goal was, according to him, to establish dominance for himself and TNT, his cybergroup, in the cyberworld. Buy.com was targeted in a similar attack afterwards that has been attributed to Calce. Calce claims he was not responsible and that a different hacker performed the DDoS as a challenge to coax him into targeting other websites. Calce responded to this in turn by bringing down eBay, CNN, Amazon, and Dell via DDoS over the next week.[4]
In a 2011 interview,[5] Calce claimed that the attacks had been launched unwittingly, after inputting known addresses in a security tool he had downloaded from a repository on the now defunct file-sharing platform Hotline, developed by Hotline Communications. Calce left for school, forgetting the application which continued the attacks during most of the day. Upon coming home Calce says that he found his computer crashed, and restarted it unaware of what had gone on during the day.[6] Calce claimed that when he overheard the news and recognized the companies mentioned being those he had inputted earlier in the day, he "started to understand what might have happened".
The U.S. Federal Bureau of Investigation and the Royal Canadian Mounted Police first noticed Calce when he started claiming in IRC chatrooms that he was responsible for the attacks. He became the chief suspect when he claimed to have brought down Dell's website, an attack that had not been publicized at that time. Information on the source of the attacks was initially discovered and reported to the press by Michael Lyle, chief technology officer of Recourse Technologies. Australian News Anchor Sandra Sully reported that it was apparently an Australian coder that initiated the sting performed in the IRC channel. Unreported using the nickname Ocker.
Calce initially denied responsibility but later pleaded guilty to over 50 charges brought against him.[7] His lawyer insisted the child had only run unsupervised tests to help design an improved firewall, whereas trial records indicated the youth showed no remorse and had expressed a desire to move to Italy for its lax computer crime laws. The Montreal Youth Court sentenced him on September 12, 2001 to eight months of "open custody," one year of probation, restricted use of the Internet, and a small fine.
Matthew Kovar, a senior analyst at the market research firm Yankee Group, generated some publicity when he told reporters the attacks caused US$1.2 billion in global economic damages. Media outlets would later attribute a then-1.45:1 conversion value of 1.7 billion CAD to the Royal Canadian Mounted Police. Computer security experts now often cite the larger figure (sometimes incorrectly declaring it in U.S. dollars), but a published report says the trial prosecutor gave the court a figure of roughly $7.5 million.
While testifying at a hearing before members of the United States Congress, computer expert Winn Schwartau said that "Government and commercial computer systems are so poorly protected today they can essentially be considered defenseless - an Electronic Pearl Harbor waiting to happen."[8] The fact that the largest website in the world could be rendered inaccessible by a 15-year-old created widespread concern. By this time, the internet had already become an integral part of the North American economy. Consumers lost confidence in online business and the American economy suffered a minor blow as a result. Former CIA agent Craig Guent credits Mafiaboy for the significant increase in online security that took place over the decade.
During the latter half of 2005, he wrote a column on computer security topics for Le Journal de Montréal.
In late 2008, with journalist Craig Silverman, Calce announced he was writing a book, Mafiaboy: How I Cracked the Internet and Why It's Still Broken.[9]
On October 26, 2008, he appeared on the television program Tout le monde en parle to discuss his book.[10] [11] [12] The book received generally positive reviews.[13]
Calce appeared on a TV show, Last Call with Carson Daly, talking about his days as a hacker, how President Clinton became involved, and how it ultimately landed him in jail all at age 15.[14]
In 2014, Calce appeared on the twelfth episode of the Criminal podcast.[15]
. Scott J. Shapiro . Fancy Bear Goes Phishing: The dark history of the information age, in five extraordinary hacks . 2023 . Farrar, Straus and Giroux . 978-0-374-60117-1 . 1st . New York . 252.