Michael Calce (born 1986, also known as MafiaBoy) is a high school student from West Island, Quebec, who launched a series of highly publicized denial-of-service attacks in February 2000 against large commercial websites, including Yahoo!, Fifa.com, Amazon.com, Dell, Inc., E*TRADE, eBay, and CNN. He also launched a series of failed simultaneous attacks against 9 of the 13 root name servers.
Calce was born in the West Island area of Montreal, Quebec. When he was five, his parents separated and he lived with his mother after she had won a lengthy battle for primary custody. Every second weekend he would stay at his father's condo in Montreal proper. He felt isolated from his friends back home and troubled by the separation of his parents, so his father purchased him his own computer at the age of six. It instantly had a hold on him: “I can remember sitting and listening to it beep, gurgle and churn as it processed commands. I remember how the screen lit up in front of my face. There was something intoxicating about the idea of dictating everything the computer did, down to the smallest of functions. The computer gave me, a six-year-old, a sense of control and command. Nothing else in my world operated that way."
On February 7, 2000, Calce targeted Yahoo! with a project he named Rivolta, meaning “riot” in Italian. Rivolta was a denial-of-service attack in which servers become overloaded with different types of communications to the point where they shut down completely. At the time, Yahoo! was a multibillion-dollar web company and the top search engine. Mafiaboy's Rivolta managed to shut down Yahoo! for almost an hour. Calce's goal was, according to him, to establish dominance for himself and TNT, his cybergroup, in the cyberworld. Buy.com was shut down in response. Calce responded to this in turn by bringing down eBay, CNN, Amazon and Dell.com via DDoS over the next week.
In a 2011 interview, Calce claimed that the attacks had been launched unwittingly, after inputting known addresses in a security tool he had downloaded from a repository on the now defunct file-sharing platform Hotline, developed by Hotline Communications. Calce would then have left for school, forgetting the application which continued the attacks during most of the day. Upon coming home Calce says that he found his computer crashed, and restarted it unaware of what had gone on during the day. Calce claimed when he overheard the news and recognized the companies mentioned being those he had inputted earlier in the day, that he had "started to understand what might have happened".
The U.S. Federal Bureau of Investigation and the Royal Canadian Mounted Police first noticed Calce when he started claiming in IRC chatrooms that he was responsible for the attacks. He became the chief suspect when he claimed to have brought down Dell's website, an attack that had not been publicized at that time. Information on the source of the attacks was initially discovered and reported to the press by Michael Lyle, chief technology officer of Recourse Technologies.
Calce initially denied responsibility but later pleaded guilty to most of the charges brought against him. His lawyer insisted the child had only run unsupervised tests to help design an improved firewall, whereas trial records indicated the youth showed no remorse and had expressed a desire to move to Italy for its lax computer crime laws. The Montreal Youth Court sentenced him on September 12, 2001 to eight months of "open custody," one year of probation, restricted use of the Internet, and a small fine.
Matthew Kovar, a senior analyst at the market research firm Yankee Group, generated some publicity when he told reporters the attacks caused US$1.2 billion in global economic damages. Media outlets would later attribute a then-1.45:1 conversion value of CAD $1.7 billion to the Royal Canadian Mounted Police. Computer security experts now often cite the larger figure (sometimes incorrectly declaring it in U.S. dollars), but a published report says the trial prosecutor gave the court a figure of roughly $7.5 million.
While testifying at a congressional hearing in Washington, D.C., computer expert Winn Schwartau said that “Government and commercial computer systems are so poorly protected today they can essentially be considered defenseless - an Electronic Pearl Harbor waiting to happen.” Whether it be banking, business or social networking, most people have various amounts of personal information online. Mafiaboy was the first to demonstrate how accessible this information is to the public and how easily it could be retrieved. The fact that the largest website in the world could be shut down by a 15-year-old created widespread panic. By this time, the internet had already become an integral part of the North American economy. Consumers lost confidence in online business and the American economy suffered a minor blow as a result. Former CIA agent Craig Guent credits Mafiaboy for the significant increase in online security that took place over the decade.
On October 26, 2008, he appeared on the television program Tout le monde en parle to discuss his book. The entire interview (in French) can be seen at the Télévision de Radio-Canada website. An English-language interview is available at: Mafiaboy interview on The Hour. The book received generally positive reviews.
Michael appeared on a TV show, Last Call with Carson Daly, MafiaBoy talks to Carson about his days as a hacker, how President Clinton became involved, and how it ultimately landed him in jail all at age 15.
In 2014, Calce appeared on the twelfth episode of the Criminal podcast which can be listened to on the podcast's website.
- FBI Facts and Figure 2003, archived from the original on 2007-03-26, retrieved 2007-03-27
- "Excerpt - Mafiaboy: How I Cracked the Internet and Why It's Still Broken".
- Calce, Michael. Mafiaboy: How I Cracked the Internet and Why It's Still Broken. Toronto: Penguin Group, 2008.
- Majid, Yar. Cybercrime and Society. Thousand Oaks: Sage Publications, 2006.
- Davis, Wall. Crime and the Internet. New York: Routledge, 2001.
- Hot On the Trail of Mafiaboy, Wired (magazine), 2000-02-15
- "February 7, 2000: Mafiaboy's Moment", Wired magazine, 2007-02-07, retrieved 2007-03-27
- "Prison Urged for Mafiaboy", Wired magazine, 2001-06-20, retrieved 2007-03-27
- "Mafiaboy given eight months", The Register, 2001-09-13, retrieved 2007-03-27
- Niccolai, James (2000-02-10), Analyst puts hacker damage at $1.2 billion and rising, InfoWorld, archived from the original on 2007-11-12, retrieved 2007-04-22
- Harris, James K. (2006), "Ethical Perspectives in Information Security Education" (PDF), Issues in Information Systems VII (1): 181
- Robert, J.M.; Cosquer, F. (2002), "Protecting Data Network Availability" (PDF), Alcatel Telecommunications Review 2002 (Q3): 2
- Dept. of Computing Science, Computer Crime (lecture slides) (PDF), University of Alberta.
- "Mafiaboy's columns", Le Journal de Montréal, 2005, archived from the original on 2005-12-03, retrieved 2007-03-27
- Mafiaboy: How I Cracked the Internet and Why It's Still Broken, 2008
- "Canadian teen hacker reveals secrets in tell-all book". Retrieved 2008-10-09.
- "Mafiaboy to appear on Tout le monde en parle". Retrieved 2008-10-26.