Been hacked? Blame Canada

The US government claims its neighbour is a safe haven for cyber-terrorists. But could it be the case that the most powerful country in the world is being threatend by a lone teenager?

"Blame Canada", the song from the movie South Park - which Robin Williams memorably performed at the recent Academy Awards with a chorus of leggy female Mounties - looked in danger of becoming the anthem of America's policers of cyberspace. But concerns that America's northern neighbour was becoming a hotbed of cyber-terrorism seems to have subsided a little since the real Royal Canadian Mounted Police (RCMP) tracked down the suspect accused of assailing CNN's website in February.

The arrest of "Mafiaboy" was hailed on Capitol Hill last week as a triumph of US-Canadian co-operation. The US Attorney-General, Janet Reno, applauded the RCMP's role in the breakthrough. It would, she said, send a strong deterrent message to hackers everywhere that they "can't get away with something like this scot-free".

The fact that the Mounties got their man must certainly come as a relief to the FBI's director, Louis Freeh, who felt moved to denounce Canada as a "hacker haven" back in February after a torrent of cyber attacks jammed some of the biggest commercial sites on the internet, including Yahoo, Amazon and eBay. FBI agents established early on that at least one of the perpetrators had made use of a Canadian internet service provider.

America's top cop wasn't alone in blaming Canada for the growing problem of cyber assaults. Last month, the Ottawa Citizen obtained a document which showed that the US Defense Intelligence Agency (the US military's equivalent of the CIA) was convinced that 80 per cent of foreign computer attacks either originate from, or pass through, Canada. This claim met with some scorn in the Canadian capital. Colonel Randy Alward, the commander of the Canadian Forces Information Operations Group, said the apparently high percentage of cyber attacks emanating from Canada merely reflected the country's exceptional degree of computerisation. "It's because Canada is a very wired country," was his reaction.

John Thompson, a terrorism expert at the Mackenzie Institute in Toronto, agreed that the Americans were getting the problem way out of perspective. "Sure, there's been some hacking in Canada, but no more than spamming e-mail accounts or rearranging someone's website," he told The Independent, pointing out that most of the hackers in question weren't cyber-terrorists but spotty teenagers. "Mafiaboy" certainly falls into the mischievous rather than menacing category.

The "man" the Mounties got turned out to be a 15-year-old high-school pupil from an affluent suburb of Montreal, a low-skilled hacker who operated alone and had to borrow the necessary software to launch his assault on the world's largest global news broadcaster.

Still, a seven-man specialised RCMP squad in Montreal's commercial crime unit had to work flat out for two months to track the boy down. They were assisted by FBI agents in the four US states (California, Washington, Georgia and Massachusetts) where the companies targeted in February's attacks were located.

The perpetrators of the other attacks are still at large, which is why Inspector Yves Roussell, who led the Canadian end of the investigation, was careful not to trumpet last week's single arrest too loudly. "Mafiaboy was not that good actually," he commented. "He was good with computers, but he wasn't what we would call a genius in the field."

The teenager (who can't be named under Canada's Child Protection Act) doesn't even seem to fit the "sad nerd" stereotype of hackers, being athletic, outgoing and apparently popular among his classmates. Now back at school after being charged and released on bail, he got caught because he bragged to his school chums and in an online chat room about his exploits.

William Pollak, of the FBI-sponsored Computer Emergency Response Team at Pittsburgh's Carnegie Mellon University, conceded: "The arrest is not particularly reassuring. There is still no way for the ultimate victims of these attacks to prevent it from happening again."

Canada's Department of National Defence has established a special 20-man unit to develop new protective measures against hackers. Although the unit's main purpose will be to protect the Canadian Forces' own information systems, it is also designed to demonstrate that Canada isn't the "zone of vulnerability" portrayed by the US Defense Intelligence Agency. The researchers have already simulated in their laboratories February's now infamous hack attack to improve their understanding of what they are up against.

The call for the creation of such a unit was spearheaded by William Kelly, chairman of the Canadian Senate's committee on terrorism and public safety. "One of the problems we've had all along is the relative lack of concern Canadians have always had about their security," he commented.

"But I think people are gradually becoming more aware of what the risks are."

Comments