Tech Talk The latest news, reviews, and discussions for the IT professional.

‘MafiaBoy’ Michael Calce Discusses the Mindset of a Hacker

‘MafiaBoy’ Michael Calce Discusses the Mindset of a Hacker

As technology’s security features continue to evolve, hackers find new ways to outsmart them. When organizations put up a firewall, hackers find a way to tear it down. When a vendor rolls out a more secure way to connect, hackers manage to intercept that connection.

Hacking is an intricate skill that takes a curious, persistent, even rebellious mentality to properly execute. Black-hat hacking, or hacking with malicious intent, is often a felony and can result in incarceration or serious financial penalties. What’s worth this risk?

For Michael Calce, formerly known as “MafiaBoy,” it was notoriety. In 2000, at 15 years old, he executed a massive denial-of-service (DoS) attack that crippled some of the internet’s most popular websites. Calling the attack Rivolta, meaning “riot” in Italian, he brought down Yahoo!, eBay, CNN, Amazon, and other sites, causing an estimated $1.7 billion in damages.

This was a time when the internet and ecommerce were beginning to boom, so a hacker’s goal back then was to be first to market and to establish himself in the cyberworld.

In his documentary, Rivolta: Inside the Mind of Canada’s Most Notorious Hacker, Calce notes that he “correlates hacking with a drug. Just that moment when you breach a network and you have administrator access, it was intoxicating. For me, the excitement drove me to succeed.”

Hacking continues to evolve and flourish. In an interview with PCM Tech Journal, Calce contends that many more hackers exist than IT professionals today, and noted that their end goals are changing. When he pulled off Rivolta, his motive was to gain notoriety, which he says was the same for about 85 percent of the hacking back then, with the other 15 percent for profit. Today, he claims, these percentages are reversed, which is why ransomware has become more prevalent.

Here are three of the most dangerous attacks Calce says to watch out for in the months and years ahead.

  1. Ransomware

Ransomware, a type of malware that restricts access to an infected system and demands a ransom to remove, has become a prolific attack in recent years. Although financial institutions, educational organizations and government agencies have been traditionally larger targets – in fact 13 percent of educational organizations and 6 percent of government agencies faced attacks in 2016 – that doesn’t exempt other industries from being susceptible to ransomware.

A more sinister trend emerging from the ransomware scene is the healthcare industry as a target. Many medical devices are internet or Bluetooth-enabled, providing an avenue for hackers to enter from. Even pacemakers can be hacked, exemplifying one of the more life-threatening, serious attacks in which the hacker demands the user to pay a ransom or else he keeps control of the device.

Also, an increasing number of cyber-espionage activities are being orchestrated by governments worldwide that include ransomware and exhaust the resources of both commercial organizations and government agencies to contend with.

According to Calce, “Ransomware is only in its early stages and will continue to evolve. It isn’t going anywhere.”

  1. Wi-Fi and Bluetooth attacks

Wi-Fi and Bluetooth attacks are unique in that the hacker usually needs to be physically within range to intercept the connection. Evil twin hacking is a very common way to exploit Wi-Fi networks, in which the hacker can turn his device into an access point and implement malware on the victim’s devices. In addition, recent vulnerabilities known as KRACK (Key Reinstallation Attack) have been found in certain Wi-Fi protocols, further expanding the threat matrix for attacks accessing Wi-Fi.

Software to protect against Bluetooth attacks is few and far between. Until then, Calce recommends being as secure and anonymous as you can, not sending any sensitive information over these types of connections, or disabling Bluetooth if necessary. (See the accompanying PCM Tech Journal article on a potential Bluetooth attack known as “BlueBorne.”)

  1. Internet of Things (IoT) device attacks

The number of IoT devices projected by Gartner is to reach 20.4 billion by the year 2020, which could result in a hacker’s paradise. Every device gets its own IP address and comes out of the box running default ports and admin passwords, which Calce considers to be easy for hackers to access and take advantage of.

IoT device information can be found through public websites and hackers can infect them with malware, manipulating them into simultaneously flooding a target site with traffic and effectively shutting it down.

These DoS attacks, meant to shut down sites and systems from operating, are still prominent. One of the more recent, significant attacks was the 2016 Dyn cyberattack , which comprised three distributed denial-of-service (DDoS) attacks and affected more than 70 major internet platforms and services throughout North America and Europe.

The future of black-hat hacking

Calce names artificial intelligence (AI) and quantum computing as platforms that will carry out very dangerous attacks within the next decade. Malicious hackers will exploit AI to build automated hacking tools that can self-alert and figure out how to hack systems on their own. This is already  popular in computer security Capture the Flag contests, but can potentially be used as real-life attacks.

Quantum computers can process information at speeds that are a million times faster than conventional computers, and at a much more granular level. These machines, if in the hands of the wrong person, can be extremely dangerous. They have the capability to hack the most secure algorithms, such as Blockchain, making encryption as we know it obsolete. Calce says that “security and data revolve around [encryption]. We will have to rebuild certain things if encryption is obsolete.”

Why are these security threats so pervasive? Calce notes: “People don’t devote enough time to cyber training. They don’t read up on threat factors, and that’s a problem. Until we incorporate security awareness in schools or other institutions, the problem will persist. The greatest exploit is the human being.”

Mitigating security threats

Today, Calce focuses a large part of his career now on raising security awareness and white-hat hacking. He is hired by organizations to evaluate their IT environment from a hacker’s standpoint, identify where the vulnerabilities are, and provide a comprehensive report detailing his findings and recommendations on how to strengthen their infrastructure.

Calce says he has had a 100 percent success rate on these penetration tests, identifying vulnerabilities without fail. This highlights the magnitude of today’s security problem, proving that organizations are seemingly unaware of its significance and that they need to apply a deeper focus on mitigating these risks.

To do so, Calce urges organizations to equip themselves with more robust products and be cognizant of software updates and security patches. There are also boundless security features at the tips of our fingers, such as credit card chips and multi-factor authentication tools.

However, Calce warns us that “anything can be hacked. What’s important is mitigating that risk.”

“[How you use technology] is all about intent. [You] can use AI for security and defense, or for malicious hacking. This is a war that will last for a while. Whatever [technology] hackers have, we have also. We just have to hope the way we use it is superior.”


If you liked this blog and would want to read more on this topic click here to read more on our new 4th Edition Tech Journal.



Share your thoughts and questions in the comment section below. To get the latest news from PCM, follow @PCM on Twitter, join us on Facebook, or connect with us on LinkedIn. To get the latest news sent straight to your inbox, join our newsletter.