FBI looks at NZ student in DoS attack investigation

The FBI is looking at a New Zealand student in its investigation of the recent denial of service attacks on major US Internet sites.

The FBI is looking at a New Zealand student in its investigation of the recent denial of service attacks on major US Internet sites.

The name of the man came up last week along with those of others in the US, Canada and Germany. In his early 20s, he goes by the nickname Venomous and lives in Auckland.

In an interview with the US newspaper USA Today, Venomous acknowledged that he was capable of carrying out a denial of service attack, but said he was not involved in the recent spate of attacks.

"All it does is call attention to you," he told the paper.

The US federal authorities are not the only ones interested in Venomous. Those in Australia, Texas and Washington State suspect him of Website attacks. He has also claimed responsibility online for the defacing of the Website of the Indian nuclear agency.

He is known to both the police and major ISPs in this country - who suspect him of stealing dial-up account passwords - but, given New Zealand's absence of computer trespass laws, it is unclear when, if ever, allegations against him might be tested in court.

Canadian cracker named

Meanwhile, two California security analysts say they have provided the FBI with information about a Canadian computer cracker named MafiaBoy

Michael Lyle, chief technology officer at Recourse Technologies in Palo Alto, says MafiaBoy had posted messages on Internet Relay Chat (IRC) inquiring about which sites to attack.

According to Lyle, MafiaBoy is suspected of attacking sites owned by ETrade and CNN in Atlanta by breaking into academic machines, including at least one at the University of California, Santa Barbara (UCSB).

Method of Attack

Lyle says MafiaBoy allegedly exploited a hole in the WU-FTP file exchange software at UCSB and then used the breach to insert the Tribe Flood Network tool that prompts captured computers to carry out distributed denial-of-service attacks. He said the method of attack was less sophisticated than those used in the earlier assaults against Yahoo Inc. and eBay Inc. "The original breaking in could have been some time ago," says Lyle.

Fred Cost, vice president of marketing at Recourse, says authorities suspect that MafiaBoy is a 15-year-old Canadian boy who is now being investigated by the Royal Canadian Mounted Police, which has been investigating the records of Internet Direct Business Solutions, a Canadian Internet service provider in Toronto.

The FBI hasn't confirmed that it is investigating the alleged Canadian cracker. Lyle and Cost say that while they keep their ears close to IRC and other discussion areas favored by those interested in distributed denial-of-service attack tools, evidence leading to suspects in the other incidents doesn't appear to be as strong.

"Listening to the hacker community, there have been no credible claims for responsibility for those attacks," says Lyle. "There is nothing I actually believe."

UCSB officials reported that a Unix computer in a university research lab was used to help launch a distributed denial-of-service attack against CNN.com during the Web onslaught.

Join the newsletter!

Error: Please check your email address.
Show Comments
[]