This is the incredible true cyber crime story of the 15-year-old who, from his bedroom, took down Ebay, Yahoo, E-Trade, CNN and other huge websites. Ultimately causing $1.2 BIL in harm in a rampage he called RIVOLTA. Transformed, Michael Calce today is a security expert who now protects organizations by showing them how to stay safe and protect themselves online.
CHILDHOOD TRIGGERS
Michael Calce (pronounced Cal-chay) was born in the West Island area of Montreal, Quebec in 1984.
His parents separated when he was 5 years old Michael primarily lived with his mother during the week and attended school like most kids back in the 1990’s. For Michael, the separation was hard on him. He would up spending alternate weekends at his father’s condo in Quebec proper.
He has refused to speak about the incidents discussed here until only the past few years.
In his book which he released just a little over 10 years ago, How I Cracked the Internet and Why It's Still Broken. Published by Penguin publishing in 2008, Michael Calce said He felt isolated from his friends back home at his moms house. He conceded that he was troubled by the separation of his parents. His father was a successful businessman and always busy. He wanted his boy entertained when visiting.
His father had two (2) rules:
- …don’t bother my cigars
- and don’t bother me when im eating…..(remember that later)
So to keep his son entertained, his father purchased Michael his very own computer… at the age of six (6). It instantly had a hold on Michael: he is quoted as saying "I can remember sitting and listening to it beep, gurgle and churn as it processed commands. I remember how the screen lit up in front of my face. There was something intoxicating about the idea of dictating everything the computer did, down to the smallest of functions. The computer gave me, a six-year-old, a sense of control and command. Nothing else in my world operated that way." How I Broke the internet, Calce, p. 38.
The Main Drivers
The computer gave Michael solace. At least for the moment. Hehe would play the limited games he had, though he wanted to play more fun and exciting games.
Soon he discovered the internet-online. When he first went online at the age of 6-7…he was amazed. He describes it as a community. A place to both connect and communicate. To live with other people and yet still keep anonymity. Today, some 25+ years later, things are basically the same online in that sense, though in most ways it has become much more dangerous. And in many ways… thanks to Michael Calce.
As the years progressed Michael Calce was around 10 years old and accessing online the way we all used to (at least those over 35 perhaps) through AOL “America ONLINE”. Access to the internet would came in the mail via CD Rom or floppy disk and offered what?......a 30-day free trial….after that you had to pay…literally yes…Pay to be online……in fact more than 50% of all the CD’s manufactured then were made for AOL internet use.
Michael Calce felt the paywall-this requirement to pay to get online and to have to pay to access video games- was his turning point into what initially, as a child, made him become a criminal adversary*
many mistakenly term generically as a ‘hacker” even though hacking is an act and one that we all use and need. Hackers are not bad or good. It’s not a Greek tragedy where one person is solely one character trait. Many color hats are worn depending on the ethics, cause and mission. Ok, sorry to derail, back to Michael…
Like most young boys he wanted 2 main things:
1. ….to play video games
2. and to have free unlimited online access
He faced two main obstacles. He was unsure his dad would pay for the video games he wanted and he couldn’t get online access beyond the AOL 30-day free trial.
One thing he knew…he wanted online access…
THE PUNT
So before his 30-day free trial. Ran out, Michael found an online AOL chat and was asking around on ways to get videos games and more online access before his 30-days ran out.
During one online forum chat, Michael got into a tiff with a guy online and mouthed off at him. Michael said to the guy “so what are you gonna do about it?!” and suddenly without warning BOOM….the guy had knocked him offline…
Michael Calce was taken aback…shocked…blown away..
That assault…that power exercised again Michael by forcing him and knocking him offline impressed him ….it was an act that changed the trajectory of Michael’s life…
That power, along with Michaels 2 driving needs (#1free online unlimited use of Net and #2 ability to download free video games, movies and music) would result in him becoming one of the most famous cyber criminals in history and most wanted criminals of the day.
It resulted in 16 different FBI groups hunting for him, The President of the US (Bill Clinton) and US Attorney General Janet Reno, declaring a task fork and special summit. And finally, becoming the Most Wanted for the US FBI and the RCMP (Canada’s Royal Mounted Police a/k/a Canada’s FBI) wanted for taking down CNN, EBAY, E-Trade and Yahoo at the height of the DotCom Frenzy. All eyes were on those sites and thus all eyes became fixed on Michael.
To See or Listen to the full story see the Cyber Crime Junkies Episode release here:
AOHELL
Michael Calce had found the PUNTER tool, so now he could punt people offline who make him mad….and he thought….Cool!
But that didn’t solve his problems…his 30 days was running out and he wanted video games, music and had found there was a ton of things he wanted to download.
So in the mind of this crafty 11 year old boy, he started exploring what else AOHELL could do and he soon found an ADMIN button.
This ADMIN function afforded him the ability to appear as an ADMIN on AOL. SO he went online and the first 4 people he chatted with he impersonated an AOL Administrator. He would tell them, “due to a power outage I would need to verify your AOL credentials”
The first 4 out of 4 all gave him their credentials.
Michael Calce was 11 years old.
It worked 4 out of 4 times….
In the HP powered documentary, RIVOLTA, Michael tells the details of his next steps.
Since he was 11 and now had unlimited free online access for life, he went to solve his second issue-access to all the free video games, music and other things that were online.
The problem was this: The sites and forums that had all this free (and illegal) access were run by criminal hackers. And there was a long line to access any of it. They essentially were like the bouncers to get into the cool club.
IRC CHATS & RUSSIAN CYBER GANGS
Access to these free downloads of video games, cheats, access to all of that stuff was run by hackers. Michael realized he could skip the line if he found a way to work with them.
So in this IRC Chat he was on, at the top it said they are currently recruiting…so he sent a message to someone he thought was in charge. Mike Calce: And he said, Oh, sorry, look, we're only looking for experienced hackers and not kids.
He was persistent and asked for a 2-week trial and said he would prove himself. The hacker agreed and gave Michael some tests.
Michael was good and passed. He was in.
What Michael soon learned is this hacker cyber crime group was the notorious TNT Russian Cybercrime gang and they were elite.
They would talk daily and even get together in weekends by phone, talking about new exploits and hacks they had achieved.
SEE EPISODE ON EVENTS OF THOSE CALLS and crazy stories about how they remotely turned off all the electrical power at people’s homes.
MASTER-SERVANT
As part of the TNT elite hacking group Michael began demonstrating his hacking skills. He began breaking into university networks. He would go to school during the day and then stay up all night hacking with his Russian friends. He eventually hacked into over 30 university networks all undetected.
He created a platform of networks that all acted as what he called “servants”. They all would be forced to use their bandwidth and processing power for his “Master” network.
Michael believed he could harness all their power and point the Master network at any site and essentially Punt it offline: a DDOS attack.
Over time, Michael built up this Master Servant platform and waited until the right time to show the world….
See back then hacking was much more about locker room talk and one-upmanship, today it’s all about money….
Back then Michael felt like he had to prove himself and show the hackers in the ICF forum what all he could do…..
It was boastful
It was ego-driven
And it was dangerous…
And he was just about 15 years old…
TAKING DOWN THE INTERNET
In February of 2000, Michael made his move.
He harnessed his Master-Servant platform and targeted the biggest sites on the planet.
He took down eBay, CNN, E-Trade, Dell, Yahoo and Amazon.com..
His first target was the biggest of all: YAHOO.
When he launched the initial Yahoo attack, he created a timer so it wouldn’t happen when he was online. It happened when he was at school. He later heard about it all over the news.
When Michael jumped back on the IRC chat to see what people were saying he saw that many others were claiming they had done it and not Michael.
He was upset. So he started calling out which one he would do next, and then proceeded over the next 8 days to take them all down as he called them out.
He took down eBay, then CNN, then E-Trade, Dell and even Amazon.
He was famous. He had bragging rights among the international hackers.
He was only 15.
Back then, the DOTCOM Bubble was huge. And it just burst. The stock markets crashed as people withdrew their money and stopped using these huge sites all of a sudden, since confidence was shaken. This was the era of Y2K after all. This caused the international community, investment banks and wall street to crumble to it’s knees.
All in all, Michael caused over $1.7 Billion US in damages and caused an international Manhunt.
Bill Clinton, US President at the time, and Attorney General Janet Reno, both called for an emergency Cybersecurity Summit and vowed to Catch the “team” or “country” who had done this.
He was only 15.
The international manhunt began and it was in the news daily throughout the US and Canada.
Michael states later that wen he saw the President of the United States (Bill Clinton) and the Attorney-General Janet Reno on TV saying they are going to hunt him down, he realised how serious it really was.
He felt guilty he says in his books and interviews.
WHat's key here too is that all of this was done 100% using slow DIAL UP internet he had at his dad’s house in his bedroom…at night while going to school….
HOW HE GOT CAUGHT
In the End, his young ego brought him down. It's wasn't due to digital footprints left behind. There essentially were none.
There is some belief, in part, that one of the hackers on the IRC chat exposed his real identity through DOXXING, where hackers disclose another's true identity out of spite or to show their own technical prowess.
The general consensus is that Michael's own bragging about the events on these IRC chat rooms and forums, out of ego and so that others would not claim to have accomplished the feat, ultimately led to him being identified and caught.
In particular, he had been bragging about taking down the DELL site. The issue was that it had not been publicized, so when federal law enforcement saw that they aimed to take him down. There was sting operation involving an Australian coder using the nickname Ocker on the IRC channel.
Today, Michael Calce is an in-demand security expert who helps organizations stay safe online. He speaks publicly about the events and does ethical hacking, Red Teaming and Penetration testing.
His worry is about societal infrastructure compromise and fears the motivations today are so monetarily driven that it has become skewed negatively-a common statement we hear often in the security community.
This true cyber crime story is researched in our efforts to set course to create awareness in an open form for dialogue around this topic.
This is why we created a podcast and research team, cyber crime junkies. More importantly, we have been fortunate enough to be able to continue our ability to speak with some of the worlds most celebrated in infamous hackers, security researchers, chief information security officer and leaders in federal, state and local law-enforcement on this topic.
-David Mauro
Regional Director, Konica Minolta/All Covered-North America