ad info technology > computing
  myCNN | Video | Audio | Headline News Brief | Free E-mail | Feedback  




Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent



More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections


4:30pm ET, 4/16










CNN Websites
Networks image

FBI investigation swamped with tips, continue to seek Midwest 'Coolio'


February 16, 2000
Web posted at: 12:34 p.m. EST (1734 GMT)

ATLANTA (CNN) -- It's a name that keeps popping up as the FBI continues to seek parties believed to have information connected to last week's attacks on popular Web sites.

Agents from every FBI field office are involved in the investigation.

One hacker they are focusing on uses the name "Coolio" and is believed to live in the Midwest. He was identified by investigators at the private firm Securify and Stanford University in California.

Investigators have associated a name and address with this "Coolio."


But since "Coolio" also is the name of a popular rap artist, many Coolios pop up as nicknames.

Another popular "Coolio" the FBI has spoken with resides in Southern California, sources said, and has been linked to "Global Hell," a group of teens known for hacking into government computers.

"'Coolio' is such an incredibly popular name among the script kiddies, also being gangsta' rap wanna-be's, it could be an entirely other hacker calling himself 'Coolio,'" said B.K. DeLong, a staff member with, which chronicles Web site defacements.

"The 'Coolio' who allegedly hung out with Global Hell might have changed his nickname, because I haven't seen him since last summer."

Sources told CNN that on the Internet Relay Chat (IRC), "Coolio" claims responsibility for an attack on a server in Russia and the defacement of the Web site belonging to RSA Security, a leading Internet encryption firm.

Some chat room logs refer to "Coolio" as a "DoS kiddie," a reference to the way eBay,, Yahoo! and other Web sites were made inaccessible to users last week.

IRC, a real-time network of chat servers separate from the World Wide Web, allows a number of computer users to share a typed conversation.

The IRC conversations dealing with "Coolio" were compiled by security experts at Stanford University and at Kroll-O'Gara, a computer consulting firm.

Joel de la Garza, who works for both Securify and Kroll-O'Gara, told CNN he found information that identifies the specific way that "Coolio" broke into the Russian computer.

That method is called a network protocol exploit. Computers at both Stanford and the University of California at Santa Barbara were used in a similar way in last week's attacks on eBay and

David Brumley, a network security administrator at Stanford, said he and de la Garza believe that last week's spate of attacks were not done by "Coolio" alone.

"We believe that there are two parties. Some were done by one, some by another," Brumley said.

When he defaced the RSA Web site, "Coolio" reportedly not only signed his vandalism, he made a reference to one of his hunters in an apparent attempt to taunt the investigator.

De la Garza said he's continuing to amass data and other evidence against "Coolio" and he is "85 percent" sure that "Coolio" is responsible for many of the attacks.

De la Garza's company hosts the popular "PacketStorm" security Web site.

Another suspect considered by private investigators, "mafiaboy," described as a 15-year-old Canadian hacker, also is sought for questioning by the FBI.

However, there is much less evidence against this person. "Mafiaboy" was identified by Michael Lyle of Recourse Technologies, a company that prides itself on tracking down hackers.

"Mafiaboy" was merely heard in an IRC chat room bragging about some of the attacks and soliciting other targets. Other than the boasts, nothing else indicates "mafiaboy" is responsible.

Even if "mafiaboy" assaulted some sites last week, he is at best a copycat. Lyle describes mafiaboy's tool as Tribal Flood Net, one of the oldest and most widely available denial of service programs on the Internet.

CNN Justice Correspondent Pierre Thomas contributed to this report.

FBI follows Internet chat room leads in hacker probe
February 15, 2000
Clinton fights hackers, with a hacker
February 15, 2000
Banks warned of impending Web attacks days before they happened
February 15, 2000
President to announce creation of national cyber security center
February 14, 2000
Hacker hunters follow lead to Germany
February 13, 2000
Consulting firm says its server was used to attack AOL
February 11, 2000
FBI agents focus on university, business computers as cyber-attack launch pads
February 10, 2000
Denial of service hackers take on new targets
February 9, 2000

Stanford University
Federal Bureau of Investigation
National Infrastructure Protection Center: CyberNotes
HNN - HackerNewsNetwork

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

Back to the top  © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.