|myCNN | Video | Audio | Headline News Brief | Free E-mail | Feedback||
FBI investigation swamped with tips, continue to seek Midwest 'Coolio'
ATLANTA (CNN) -- It's a name that keeps popping up as the FBI continues to seek parties believed to have information connected to last week's attacks on popular Web sites.
Agents from every FBI field office are involved in the investigation.
One hacker they are focusing on uses the name "Coolio" and is believed to live in the Midwest. He was identified by investigators at the private firm Securify and Stanford University in California.
Investigators have associated a name and address with this "Coolio."
But since "Coolio" also is the name of a popular rap artist, many Coolios pop up as nicknames.
Another popular "Coolio" the FBI has spoken with resides in Southern California, sources said, and has been linked to "Global Hell," a group of teens known for hacking into government computers.
"'Coolio' is such an incredibly popular name among the script kiddies, also being gangsta' rap wanna-be's, it could be an entirely other hacker calling himself 'Coolio,'" said B.K. DeLong, a staff member with Attrition.org, which chronicles Web site defacements.
"The 'Coolio' who allegedly hung out with Global Hell might have changed his nickname, because I haven't seen him since last summer."
Sources told CNN that on the Internet Relay Chat (IRC), "Coolio" claims responsibility for an attack on a server in Russia and the defacement of the Web site belonging to RSA Security, a leading Internet encryption firm.
Some chat room logs refer to "Coolio" as a "DoS kiddie," a reference to the way eBay, CNN.com, Yahoo! and other Web sites were made inaccessible to users last week.
IRC, a real-time network of chat servers separate from the World Wide Web, allows a number of computer users to share a typed conversation.
The IRC conversations dealing with "Coolio" were compiled by security experts at Stanford University and at Kroll-O'Gara, a computer consulting firm.
Joel de la Garza, who works for both Securify and Kroll-O'Gara, told CNN he found information that identifies the specific way that "Coolio" broke into the Russian computer.
That method is called a network protocol exploit. Computers at both Stanford and the University of California at Santa Barbara were used in a similar way in last week's attacks on eBay and CNN.com.
David Brumley, a network security administrator at Stanford, said he and de la Garza believe that last week's spate of attacks were not done by "Coolio" alone.
"We believe that there are two parties. Some were done by one, some by another," Brumley said.
When he defaced the RSA Web site, "Coolio" reportedly not only signed his vandalism, he made a reference to one of his hunters in an apparent attempt to taunt the investigator.
De la Garza said he's continuing to amass data and other evidence against "Coolio" and he is "85 percent" sure that "Coolio" is responsible for many of the attacks.
De la Garza's company hosts the popular "PacketStorm" security Web site.
Another suspect considered by private investigators, "mafiaboy," described as a 15-year-old Canadian hacker, also is sought for questioning by the FBI.
However, there is much less evidence against this person. "Mafiaboy" was identified by Michael Lyle of Recourse Technologies, a company that prides itself on tracking down hackers.
"Mafiaboy" was merely heard in an IRC chat room bragging about some of the attacks and soliciting other targets. Other than the boasts, nothing else indicates "mafiaboy" is responsible.
Even if "mafiaboy" assaulted some sites last week, he is at best a copycat. Lyle describes mafiaboy's tool as Tribal Flood Net, one of the oldest and most widely available denial of service programs on the Internet.
CNN Justice Correspondent Pierre Thomas contributed to this report.
FBI follows Internet chat room leads in hacker probe
|Back to the top||
© 2001 Cable News Network. All Rights Reserved.|
Terms under which this service is provided to you.
Read our privacy guidelines.