This week, the country’s second-largest health insurance company, Anthem, said hackers broke into a database with personal information about 80 million of its customers. It’s just the latest in a string of large-scale cyber-attacks — Sony, Staples, Home Depot, and JPMorgan Chase have all been attacked in the last nine months alone.
In January, President Obama said the cybercrime laws that are supposed to protect consumers from such attacks — and give the government tools to prosecute cybercriminals — need to be updated.
Many of those laws are more than a decade old, the direct result of one hacking incident that was a wake-up call for the U.S. government.
While they might need an update, they’re better than no laws at all — and for that, we have a 15-year-old to thank.
In 2000, a high school student named Michael Calce, who went by the online handle Mafiaboy, brought down the websites of Amazon, CNN, Dell, E*Trade, eBay, and Yahoo!. At the time, Yahoo! was the biggest search engine in the world.
“The New York Stock Exchange, they were freaking out, because they were all investing in these e-commerce companies,” he remembers.
“And then it’s like, ‘OK — a 15-year-old kid can shut us down at any point? Is our money really safe?’ ”
For years after the attack, Calce declined to speak to the media, but he’s recently begun to open up about his story. He says his goal had nothing to do with money — and that ultimately, he thinks, his attack has a positive impact.
The story begins when Calce got his first computer, at the age of 6.
“I was a pretty bratty kid. I come from a divorced family. My father had custody on the weekends and he wasn’t exactly sure how to preoccupy me so he took a computer from his work and brought it home and was like ‘Here, figure out what to do with it.’ ”
A few years later, Calce got a free trial of AOL. It was his first time on the internet, and within a few days the 9-year-old hacked the system so he could stay online past the 30-day trial period.
He got more and more involved in online hacker groups. In 2000, he launched the hack that made him famous — first taking over a handful of university networks, and then harnessing their combined computing power to attack outside websites.
“Basically when I hit enter on the keyboard, [the university networks] all respond at the same exact time and basically overwhelm websites with too much information,” he explains. It’s called a denial-of-service attack.
Within hours, he had taken down six major websites.
“The overall purpose was to intimidate other hacker groups,” says Calce.
Back then, he says, “the whole of the hacking community was all about notoriety and exploration, whereas you look at hackers today and it’s all about monetization.”
For the national security apparatus, the attack was a wake-up call. President Clinton convened a cybersecurity working group. Attorney General Janet Reno announced a manhunt for Mafiaboy.
“You know I’m a pretty calm, collected, cool person, but when you have the president of the United States and attorney general basically calling you out and saying ‘We’re going to find you’ … at that point I was a little bit worried,” says Calce.
He was right to be worried. The FBI was on his trail.
“I started to notice this utility van that was parked at the end of my street at, like, Sunday at 4 a.m.,” remembers Calce.
“It was pretty obvious that they were surveilling my place.”
The case eventually went to trial in Canada, where Calce is from. The Clinton administration sent cybersecurity experts to testify.
“It was a pretty big ordeal,” says Calce. “It didn’t really matter what I said at that point. They just wanted to make an example out of me.”
He was charges with more than 50 crimes and eventually sentenced to eight months in a youth group home.
Today, Calce is what’s called a white hat hacker. Companies hire him to help identify security flaws in their systems and design better security features. He says the internet is a far scarier place today than it was back in 2000. For one, there is more and more at stake as we rely ever more on online systems for our daily lives.
Looking back, he thinks some good did come from the attack he launched.
“It raised a lot of issues,” he says. “It definitely advanced and created a pretty big focus on security, and the problems and inherent flaws that come with computers and internet.”