FBI supertechs gather evidence for service-denial hacking case

FBI supertechs gather evidence for service-denial hacking case

By Shruti Dat'

GCN Staff

A joint FBI and Canadian law enforcement investigation led to the arrest of a suspect in the February denial-of-service attacks on commercial Web sites, the FBI said.

After the arrest, the FBI Computer Analysis and Response Team (CART) stepped in to help examine evidence and identify links from the suspect to his victims.

Canadian law enforcement officials have charged a 15-year-old Quebec resident, known online as Mafiaboy, with two counts of mischief against data. The defendant is scheduled to appear in a Montreal juvenile court June 6, said Jean-Pierre Roy, a Royal Canadian Mounted Police staff sergeant.

Roy heads the Montreal Computer Investigation and Support Unit, which conducted the investigation. It is the unit's first service-denial case, he said.

The Canadian unit worked with the FBI National Infrastructure Protection Center in Washington on the international investigation.

The attacks, which overloaded sites with requests for information, were directed at the Web sites of Amazon.com Inc., Cable News Network, eBay Inc., E*Trade Securities Inc., Excite Inc. and Yahoo Inc.

Roy said Canadian law requires that the police to provide defense attorneys with a copy of the evidence collected from three to four computers in Mafiaboy's residence.

He said he could not estimate the amount of information gathered. But, he added, 'if they want it in paper, they better get a truck ready.' The attorneys can also request the data on disk or CD-ROM.

In early February, the FBI began a coordinated effort with agents at numerous field offices, but especially with agents at bureau offices in Los Angeles and Atlanta, where CNN headquarters is located, NIPC director Michael Vatis said.

'By Feb. 14, we knew through information provided by private-sector sources that the attacks were coming from or through Canada,' Vatis said.

Link on logs

Receiving logs from the sites hit by the distributed attacks was a critical factor in solving the case, he said.

'For example, a bad guy takes over numerous sites and plants malicious software and uses them to launch attacks,' Vatis said. 'It's important the victims keep the logs. We examine those logs.'

Officials from both the Canadian and U.S. law enforcement agencies continue to analyze the evidence seized from a computer in the suspect's Quebec residence, FBI officials said.

For this analysis, CART officials and Canadian officials are working together closely. Mark Pollitt, CART unit chief at the FBI, said he could not comment on the specifics of the ongoing Mafiaboy investigation. CART plays a vital role in NIPC investigations of cybercrime cases, including denial-of-service attacks, he said.

NIPC investigators tap the technical expertise of CART agents to determine computer evidence needed, Pollitt said.

Then the investigators provide evidence'all data gathered from the attacker, the victim and from trails left along the Internet'for examination, Pollitt said.

CART determines the source code, and the FBI Special Technologies Applications Unit finds out how the attacker was connected to the victim, Pollitt said.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected