Hacker Held in Web Attacks, Sources Say

A computer hacker in Canada has been arrested in connection with the massive “denial of service” attacks that crippled Yahoo, EBay and several other leading Internet sites in February, Canadian authorities and sources familiar with the investigation said Tuesday.

The arrest represents a stunning potential breakthrough for authorities in one of the most high-profile hacking sprees in history and a crime that many security experts believed might never be solved.

Authorities would not reveal the name of the suspect. But officials from the Royal Canadian Mounted Police were scheduled to make an announcement related to the arrest this morning in Montreal.

A statement posted on the agency’s Web site said only that “charges were laid [Monday] against a person stemming from cyber-attacks” in early February, which also targeted CNN, Amazon.com, Excite and E-Trade.

Canadian officials declined to elaborate, and FBI and Justice Department officials refused to comment.

Throughout the two-month investigation, there has been speculation in Internet security circles that a Canadian hacker may have been involved in the attacks. Much of that speculation centered on a hacker who goes by the pseudonym “mafiaboy” and who was recorded in chat rooms soliciting orders to shut down Web sites that were victimized.

But authorities and many experts subsequently expressed skepticism about mafiaboy’s involvement, saying it was possible that he was merely trying to capitalize on the attacks by drawing attention to himself.

Sources would not say whether mafiaboy was the suspect arrested in Canada. Nor would they rule out future arrests in the case, which some experts believe was too extensive to have been the work of a lone hacker.

The arrest to be announced today involves “one individual, not a bunch of individuals,” said one source familiar with the investigation. “This is someone the investigation has focused on for some time. It is a person who is responsible for at least one of the attacks. That doesn’t mean this person is not responsible for more.”

The arrest is the culmination of a massive investigative effort involving Canadian authorities and the FBI. Sources said a number of FBI agents, including some from Los Angeles, had recently spent time in Canada pursuing several leads.

Shortly after the attacks, Canadian papers reported that authorities had searched files at the country’s largest Internet service provider, Bell Canada’s Sympatico Internet service.

Irene Shimoda, a Sympatico spokeswoman, declined to comment on the matter late Tuesday, except to say that she was unaware that charges had been filed against a hacker in Canada.

Much of the Internet community still is recovering from February’s attacks, which caused millions of dollars in disruptions and damage, affected millions of Internet users and prompted such alarm among security experts that President Clinton held a White House summit on the issue and pressed for greater funding to fight “cyber crime.”

The hacking incidents are referred to as “denial of service” attacks because targeted sites are bombarded with so much artificially generated traffic that they buckle under the load, unable to handle the incoming requests from legitimate users.

Experts say the attacks were not sophisticated technologically, but required elaborate planning and coordination. Using hacking programs available online, the attackers secretly took control of hundreds, if not thousands, of computers around the country, then directed them to flood the targeted sites with millions of phony data requests.

One of the programs possibly used in the attacks is a hacking tool called “Tribe FloodNet” that was created by a German computer expert who goes by the name Mixter. In interviews in February, Mixter denied playing any role in the attacks, and speculated that they were probably the work of teenage “morons . . . wanting to gain popularity.”

He said it was technologically possible to launch denial of service attacks that were entirely untraceable. Indeed, many security experts said that denial of service tools are so effective that it was possible the crimes might never be solved.

Faced with that disquieting possibility, the FBI launched an investigation involving field offices around the country, with cooperation from authorities in Canada, Germany and other countries.

Part of that effort focused on the slim hope that the hackers had slipped up somehow, leaving the equivalent of a digital fingerprint on the computers used in the attacks, or were unable to resist the temptation to take credit in postings online or with hacking friends.

The other main investigative front has involved poring through the massive log books of the sites victimized by the attacks, methodically tracing the incoming packets of data back across the Internet--often through multiple networks--in the hopes that the trail would eventually lead to the guilty hackers.

*

Times staff writer Joseph Menn contributed to this report.