"Mafiaboy," the Canadian teenager responsible for a series of massive Distributed Denial of Service attacks in February 2000, was sentenced to eight months detention by a Canadian judge in Quebec Thursday, according to Robert Currie, leader of the Royal Canadian Mounted Police's (RCMP) Computer Investigative Support Unit in Montreal. Mafiaboy had faced up to two years in prison and a fine of up to CA$1,000 ($1200).
Mafiaboy's sentence is actually two consecutive four-month sentences, said Currie, who also worked on the investigation into Mafiaboy's crimes. The sentence requires Mafiaboy to spend those eight months in open custody, which is essentially a strict reform school in which the population can gain privileges through good behavior, Currie said. The alternative, closed custody, is more like juvenile detention, he said.
In addition, Mafiaboy will be on probation for one year, Currie said. The terms of that probation include that Mafiaboy must advise the RCMP of what ISP (Internet service provider) or other communication service he is using to access the Internet, even if it is the account of a friend, relative or employer, Currie said. Mafiaboy is also barred from owning any software that is not commercially available, from associating with cracker (malicious hacker) groups online or offline and from visiting hacking Web sites, Currie said.
He must also have a job or be in school and cannot receive financial benefit from his crimes through books, movies or speaking engagements, Currie said. At the end of the year's probation, if Mafiaboy has followed these guidelines, the probation will be terminated, Currie said.
The now-17-year-old cracker, known only as Mafiaboy because Canadian law prevents the naming of underage offenders, pled guilty in January to 55 counts of mischief in connection to the Distributed Denial of Service attacks that brought down CNN.com, Yahoo.com, Amazon.com and other major Web sites in February 2000. In total, 11 sites were knocked offline for between hours and days, causing substantial losses.
A Denial of Service (DoS) attack is one in which false requests for service are sent to target systems so frequently that they are overloaded and are unable to answer legitimate traffic requests. A Distributed Denial of Service (DDoS), as was used by Mafiaboy, is one in which multiple computers worldwide are taken over and used to launch DoS attack. The distributed nature of such attacks makes them more damaging and harder to block.
Mafiaboy's exploits were among the first massive and well-publicized DDoS attacks and have led to substantial industry focus on the problem of Denial of Service attacks and how to combat them. A number of companies have arisen in the wake of Mafiaboy's attacks to offer products to aid in the detection and blocking of such attacks.