14 year old boy takes down Amazon, CNN, Yahoo!, and eBay. Also CMMC and DDoS Attacks...

MafiaBoy, real name Michael Calce, was the hacker that brought down Yahoo!, Fifa.com, Amazon.com, E*TRADE, eBay, and CNN. He was born in 1986 in the West Island area of Montreal, Quebec. At the age of six his dad bought him his own computer, it had a profound effect on him, Mafiaboy says “There was something intoxicating about the idea of dictating everything the computer did, down to the smallest of functions. The computer gave me, a six-year-old, a sense of control and command. Nothing else in my world operated that way".

On February 7, 2000, MafiaBoy launched project Rivolta, meaning "rebellion" in Italian. First targeting Yahoo!, the world's top search engine and a multibillion-dollar web company. Rivolta was a denial-of-service attack in which servers become overwhelmed with requests to the point where normal traffic is unable to be processed and they become unresponsive to commands. Over the next week MafiaBoy brought down eBay, CNN, and Amazon.

According to MafiaBoy, his goal was to establish himself and his hacker/cybergroup, TNT, online/in the cyberworld.

Soon after the attacks both the U.S. Federal Bureau of Investigation and the Royal Canadian Mounted Police conducted an investigation into who was behind the cyber attacks that brought down Amazon, CNN, Yahoo!, and eBay. MafiaBoy recounts "You know I'm a pretty calm, collected, cool person, but when you have the president of the United States and attorney general basically calling you out and saying 'We're going to find you' ... at that point I was a little bit worried,I started to notice this utility van that was parked at the end of my street at, like, Sunday at 4 a.m., It was pretty obvious that they were surveilling my place.". The case eventually went to trial in Canada and was sentenced on September 12, 2001 to eight months of "open custody," one year of probation, restricted use of the Internet, and a small fine.

It’s not exactly sure how much monetary damage his attacks caused but estimates range from roughly $7.5 million, according to the trial prosecutor, and $1.2 billion in global economic damages, according to Matthew Kovar (a senior analyst at a market research firm).

Today Michael Calce runs a company called Optimal Secure that tries to find weak points in company networks and helps businesses understand just how vulnerable they are.

Some CMMC practices related to distributed denial of service attacks include incident response, firewall configuration, and logging. Companies with CMMC requirements are required to deploy a firewall. This can help prevent DDOS attacks from impacting systems on the internal network. Companies with CMMC level two or higher requirements need to have incident response procedures in place. This includes preparing incident response personnel for incidents, developing a plan to contain incidents such as DDOS attacks, and how to recover from attacks. Companies with level two and higher CMMC requirements will need to monitor their systems for signs of an attack, this includes DDOS attacks. This generally involves leveraging an intrusion detection system. If you would like more information on CMMC related requirements feel free to reach out to us at info@lakeridge.io.