A BORED teenager “broke the internet” in one of the most infamous hacking attacks of all time – turning him overnight into one of the world’s most wanted men.
Michael Calce was just 15 when he brought down the biggest sites on the web, became the target of an FBI manhunt, and landed himself in prison.
2
2
The teenager managed to temporarily topple some of the world’s largest websites, including Amazon, eBay and Yahoo!
Now 39-years-old, Michael told The Sun Online how since breaking the internet, he’s spent the rest of his life trying to protect it.
The former hacker turned cybersecurity chief warned the world is not ready for a new terrifying frontier in cyber-warfare, which “scares the living daylights” out of him.
The need for protection of online services is greater than ever, with so many critical services and systems dependent on the tech.
He warned that hackers now have the power to weaponize infrastructure against whole populations – something as simple as hacking into a water treatment centre could poison thousands.
“The shock factor of a missile hitting a power grid has an immediate effect,” Calce explains. “A hacker sitting behind a computer and shutting down the grid doesn’t have the same effect, but the reality is the same.”
These current threats, he says, are far more serious than his own “internet breaking” onslaught back in 2000.
Michael’s hack attack caused an estimated $1.2billion worth of damage and landed him in a youth prison for eight months.
Most read in Tech
But havoc-causing aside, he exposed just how weak and vulnerable those early years of the internet were.
In a little less than a few minutes, a talented kid playing around on his computer had sent America spiralling with the knowledge that a new frontier of warfare had arrived – cyberattacks.
“Imagine you’re 15 years old, and the president of the United States is talking about you and saying that they’re looking for you,” he tells The Sun Online.
Michael, who went by the online alias of Mafiaboy, had become public enemy number one in North America.
It would be the wake up call that cemented phrases like “hack attacks” and “cybercrime” into public consciousness.
As a restless kid trapped in Canadian suburbia, Michael was given his first computer in 1990 at the age of six and was mesmerised.
At 9, the internet landed on doorstep in the form of a floppy disk sent in the post.
No one had ever seen this style of attack before
Michael Calce
It was only a free trial – but the creative youth managed to trick adults into giving up their logins and passwords so he could get unlimited access.
“I was like a very energetic kid, I loved to explore,” he says, but importantly: “I spent all my time on the computer – I just wanted to know how everything worked.”
The internet was now his for the taking. From there, he joined secret online backrooms with hackers working to distribute video game software and music to the masses.
And, so began Michael’s lurch into low-level cybercrimes.
“I became absorbed in this hacker culture. And it got to a point where I started to create a name for myself.”
It was here that Michael earned his moniker “MafiaBoy” and at only 13-years-old would be recruited by a mysterious “elite” Russian hacker group known as TNT Force.
With his skills and reputation growing, Michael was addicted to the darker corners of the online world and plotted his most ambitious operation yet – one he dubbed “Project Rivolta”.
Battling against other hackers was a game for Michael, not a method of causing harm.
“The ethos of hackers back in the day was not about monetary gain, it was more about who is the number one hacker, who’s the best hacker group.”
Approaching the year 2000 and a new style of attack had emerged – shutting off someone else’s network, known as a distributed denial of service – or DDoS.
And so Michael sent “Project Rivolta” – rebellion in Italian – in motion, a massive DDoS attack on some of the world’s biggest internet giants, Yahoo!, Amazon, eBay, CNN and Dell.
He combined 50,000 networks around the world into one, creating himself a potent cyber-weapon that could barrage websites until their servers shut down.
“No one had ever seen this style of attack before, especially at this level. So I needed to run a test.”
It didn’t end up being much of a test, Michael shut down Yahoo! – the biggest search engine in the world at the time and for extra measure he paralysed the sites of CNN, eBay, E*TRADE, Amazon and Dell.
In total, he temporarily toppled 11 of the biggest internet companies, inconvenienced millions and cost his targets potentially billions in losses.
Looking back, Michael wasn’t even sure it would work. “I simply was testing it.”
The goal was, he admits, to use this “super weapon” against his competitors, not the corporate world.
“So it became a sort of alleyway fight that got thrown into a shopping mall,” he says.
The world sat stunned – the internet had just become the newest battleground, and panic was setting in.
And, for Michael, things got real very quickly. He was sat at home with his parents watching the news of then-President Bill Clinton vowing to catch whoever was responsible and bring them to justice.
“I was 15 years old when I launched these attacks. And the internet was sort of like the wild wild west,” says Michael.
“So I knew what I was doing and from a technical standpoint, but I didn’t realise the world-ranging ramifications of what I had done until I was watching the news.”
Michael had exposed just how easy it was to wreak havoc on the internet and just how unprepared for it everyone was.
Trying to calm an anxious population, Clinton told America: “I think it was an alarm, I don’t think it was Pearl Harbor.”
Clinton rallied the best of the FBI to hunt for the cyber-attacker, asked congress for $9 million to fund a national internet security centre and set up the world’s first cybersecurity summit.
After a few months and thousands of minutes of wiretapping, the FBI and Canadian police caught up with Mafiaboy, raided his family home and arrested him.
He ended up on trial for a year and a half in Canada accused with hundreds of data mischief charges.
Michael pleaded guilty to 55 of them, received a maximum fine for a minor of £150 and and ended up serving time in a young offenders facility.
“I was in Canada, thank God, because I think things might have turned out differently for me,” he says.
In fact, he admits that it even landed him a job offer from the Canadian government, which he turned down.
The cyber-prodigy was pounded by the press who camped outside his school and home, but kept silent for many years. “I think because I was so young. And they were going to ask a lot of hard questions.”
“Still to this day, some people are like, ‘oh, you’re a criminal’ and I’m like, ‘Listen, you don’t understand. I was a misguided child. But I was simply exploring the unknown. That’s what it was, to me. That was the thrill.’”
He continues: “So, fast forward a little bit….and I wanted to use my talents for good.”
Now more removed from the burgeoning internet hacking paradises, he could see what a dangerous problem his former colleagues-in-crime were, and that large companies were woefully uneducated on the risks they posed.
He joined the other side of the problem and launched an internet security company, wrote a cautionary memoir, started providing expertise for fortune 50 companies and educating children to raise awareness of online harms.
Eventually, he landed a role of chairman of HP’s Security Advisory Board and for years worked to make their products more safe and secure for users.
Always ahead of the game, he now works in the Web3 space, running Decentraweb. It’s a company that aims to empower people to protect their data, wallet and identity using blockchain and NFT technology.
“It’s very hard to compromise somebody’s wallet or identity because it’s held behind encrypted keys,” he explains.
It hopes to be a decentralised enterprise solution for business – cracking down on possible fraud, fakes and cyberattacks.
Michael’s been to the dark underworlds of the internet and back and the destruction capable through it “scares the living daylight out of me”.
What’s needed is a wake up call. And this time, maybe not in the form of a seriously skilled 15-year-old terrifying corporate America – but “through communication and awareness,” says Calce.
