True Crime
This story first appeared in The Coast on Nov 13, 2008:
A Halifax film crew is trailed while shooting a cybercrime doc. It’s no surprise to hacker mafiaboy.
By Chris Benjamin
In 2000, when Michael Calce was 15, he used his superpower to take down yahoo.com, cnn.com, ebay.com, dell.com, etrade.com and amazon.com. Calce’s power is this: He can hack computer networks and turn them into an army of mechanized zombies—a “botnet,” in hacker parlance. His alter ego: mafiaboy.
Calce was always a natural with computers. “The computer gave me, a six year old, a sense of control, of limitless possibility,” he writes. But when the FBI and RCMP traced his crimes back to his Pentium 133 in Montreal, he spent eight months in a youth correctional facility.
In the eight years since Calce has swapped his black hat for a white one, he co-authored a book, Mafiaboy: How I Cracked the Internet and Why It’s Still Broken, with Halifax native Craig Silverman (a former Coast intern). Before he agreed to help Calce make his story as compelling and interesting as possible, Silverman sat down for a coffee with the retired hacker-hero to make sure he was sincere. “He didn’t care for fame,” Silverman says. “He already had work and money.”
Calce’s message to the world is far more than personal: He wants to save the world wide web. “The motive of hackers has drastically changed,” Calce explains over his cellphone. “Before, they mainly targeted universities and corporations. Now they target the general user.”
The motivation of hackers has also shifted from the thrill of power to simple profit. Cybercrime was a $400 billion racket in the US alone in 2006, and it grows about 50 percent a year. Hacking is a growth industry complete with its own conferences and media.
Halifax’s own Tell Tale Productions explores this illicit industry with its documentary Web Warriors, directed by Jay Dahl (There Are Monsters) and produced by Edward Peill. It airs on CBC’s Doc Zone on Thursday, November 20.
The film paints the internet as a wild west complete with black-hat robbers, white hat security agents, grey hat guns-for-hire who will hack or protect for the right price, and the rest of us: happy-go-lucky users armed with powerful tools and barely a clue about how to use them. The black hats are watching us closely as we enter our banking and credit information on online forms. And they are hijacking our increasingly powerful personal computers, computer-napping them into “botnets,” networks of compromised computers used collectively to attack websites with millions of messages per second until they crash. More than 10 percent of personal-use and 75 percent of business-use computers are hijacked each year in this way.
Peill, who came up with the idea for Web Warriors while reading an IT journal in Sweden five years ago, says that in some cases large public utilities in South America have been held hostage by hackers working for the Russian mafia. “Literally,” he says, “they say, ‘Pay us or we’ll cut your power.'” Cybercrime of this nature is so lucrative and low-risk that it has surpassed the drug trade in global value. That is partially because most critical systems (water, power, oil and gas drilling and transportation systems) are connected by Windows-based PCs and left online at all times. Some IT experts have recommended creating a separate, highly secure cable system for critical infrastructure.
To show how hard it is to catch a modern hacker, Peill and Dahl followed an American hacker named Donnie to Russia as he sought the source of a relatively simple virus. As it turns out, the former KGB isn’t a fan of film crews asking questions about cyber-security and shooting footage of government buildings, even if their visas say “tourist.” Peille and Dahl’s crew were followed by two mysterious suits from breakfast to their opening shot and eventually right to the airport.
Still, they managed to covertly film a meeting between Donnie and a Russian hacker, in which Donnie gets no closer to the source of his virus but learns that the Russian mafia actively recruits talented young hackers, and that he can buy a virus for $400 to $1,000 and use it to extort cash from other victims. When Donnie implies that such a virus could be used toward political ends, his source is clear that this is not his area of interest.
Yet Russia is the source of the most distinctive cyber-attack on a nation state yet. In 2007, when Estonia removed a Soviet war memorial from the centre of its capital, Russian hackers took revenge by attacking banks, broadcasters, newspapers and government offices, virtually shutting down the highly connected Estonian economy. When Tell Tale’s crew reached the site of the former memorial, they were shocked to see four more mysterious suits, “two in grey and two in black,” according to Peill. One of their pursuers calmly told them they were Estonian secret police following ex-KGB officers, who in turn were following the film crew.
Meanwhile China’s military is recruiting and training hackers to mine US government computers of millions of documents. In 2007 the United States claimed that China cyber-attacked the Pentagon. According to Calce, “American hackers do the same to China and Russia but they are a lot more discreet about it.”
Most frightening are inexplicable viral attacks like the storm-worm, which has already compromised 50 million PCs without the users noticing any effects. No one knows its purpose, but at some point we will find out and, according to Web Warriors, it will most likely be “a very bad thing on a very big scale.”