.: Teen Hacker To Be Sentenced                                                      

 MONTREAL (AP) - A 17-year-old hacker who jammed major Internet sites such as Amazon and Yahoo! shows no remorse and should spend a year in a juvenile detention facility, prosecutors argued Wednesday.

 Judge Gilles Ouellet set the sentencing date for Sept. 12.

 The Montreal teen, who cannot be identified under Canadian law and is known by his Internet nickname, Mafiaboy, pleaded guilty earlier this year to 58 charges related to attacks and security breaches of Internet sites in Canada, the United States, Denmark and Korea in February 2000.

 He was 15 at the time and faces a maximum sentence of two years of youth detention. An adult convicted of the same charges could receive a 10-year sentence.

 Prosecutor Louis Miville-Deschenes told a hearing Wednesday that the seriousness of the crimes and the youth's lack of remorse made a one-year sentence appropriate.

 ``He has tried to justify his crimes in a completely illogical manner,'' Miville-Deschenes said. ``He has no remorse or no real comprehension of the crimes he committed.''

 Yan Romanowski, representing the youth, said putting him with violent offenders in a youth detention facility would only cause more harm.

 ``I'd rather risk sending him to school than risk sending him to detention with bad influences,'' said Romanowski. He called for probation and mandatory community service without further detention.

 On Tuesday, the youth's parents' asked Ouellet to spare him from further detention in the case that raised questions about Internet security.

 Mafiaboy admitted involvement in denial-of-service attacks last year against Web sites belonging to five companies, including Amazon, Dell and eBay, Yahoo! and CNN. The sites were bombarded with thousands of simultaneous messages, which prevented legitimate users from accessing them for up to five hours.

 Other charges involved illegal use of computers to help with the attacks. Those computers were located at various universities, including the University of California, Berkeley and the University of Massachusetts.

 

 .: Jailed Teen Hacker Gets Fresh Start
 

 By STEPHEN FROTHINGHAM, Associated Press Writer

 WOLFEBORO, N.H. (AP) - Dennis Moran, an 18-year-old high school dropout, earned international notoriety and a nine-month jail sentence last year for his computer-hacking exploits.

 He was accused by the FBI (news - web sites) of hacking into a computer security firm's Web site and the computer systems of four U.S. military bases. He also hacked into an anti-drug site connected to the Los Angeles Police Department, adding a cartoon of Donald Duck with a hypodermic needle in his arm.

 Now Moran, who went by the online name Coolio, runs a computer services company that a mentor helped him set up while in jail. He is chauffeured to jobs on work-release during the day and returned to jail each night. He completes his sentence on Tuesday.

 Moran says he is looking forward to building his business, DM Computer Services, into a thriving company.

 ``I'd love to fly around the country all the time doing independent consulting for large companies,'' he said. ``It's fun going from a lazy, inexperienced kid to a proprietor of a computer business.''

 Moran was briefly suspected - but cleared - of shutting down Web sites belonging to Amazon, Dell, eBay, Yahoo! and CNN by bombarding them with e-mails early last year.

 He pleaded guilty in January to three misdemeanor counts of unauthorized access to a computer system. He was sentenced to jail and ordered to pay $5,000 to each of the three victims. The judge also ordered him to work on the county's computer system while in jail.

 Moran has shorn the shoulder-length hair he had when he was arrested last year. He has also traded in the baggy jeans and hooded sweatshirt he wore to court hearings last winter for monogrammed dress shirts and chinos on his work-release job.

 The new clothes were gifts from an area businessman, Paul Zimmerman, who took Moran under his wing and helped him start the computer company.

 Zimmerman was wintering in Florida when he read about Moran. He wrote him a letter and visited him in jail on his next trip to Wolfeboro.

 Zimmerman said he was impressed with Moran's attitude.

 ``I found him to be a most delightful person,'' Zimmerman said. ``He was not angry or vindictive or mad at the system. He was taking his licks in an honorable way.''

 Every weekday at 8 a.m., Zimmerman picks up Moran at jail. Zimmerman's office must call the jail, which Zimmerman calls ``the hotel,'' when Moran arrives and whenever he goes out on a job. He has to be back by 6 p.m.

 For $50 an hour, Moran troubleshoots home and business computers, including Zimmerman's office system and those of Zimmerman's tenants and friends.

 Zimmerman helped Moran set his rates and advised him to offer free visits to introduce him to clients who might be wary of giving control over their computers to a teen-ager serving time for computer crimes.

 ``He's on probation, what's he going to do? We're saying he's FBI-certified,'' he said.

 Zimmerman coaches Moran on everything from proper work dress, to placement of his attache case in a potential client's office - on a chair, not the desk.

 Moran said he hasn't made much money yet, but he's made enough to buy lunch and cigarettes. He has to pay the county $20 a day when he's out on work release.

 Moran also is sending some money to his family - his computer technician father is unemployed.

 Tony Campaigne, a stock trader and an old friend of Zimmerman, is having Moran install a wireless network in his home office.

 ``You see so few people with such creative minds,'' Campaigne said. ``He's obviously brilliant to have done what he did.''

 Moran said when he gets out of jail, he'll take his family to lunch and plan a party with family and friends in the evening.

 Getting a driver's license will be a top priority. He never got around to it before his legal troubles began.

 If Zimmerman had not written to him in jail, Moran is not sure what he would have done once he was released from jail.

 ``I don't know. I really had no plans at all,'' he said.
 

 .: Are The Goverment's Computers Secure?  

 That's what a government official is saying today at House subcommittee hearing in San Jose, Calif., as Congress scrutinizes the government's current level of security in the wake of a series of recent computer attacks.

 "Virtually all of the largest federal agencies have significant computer security weaknesses that place critical federal operations and assets at risk to computer-based attacks," said Keith A. Rhodes, chief technology officer of the General Accounting Office (news - web sites) (GAO), in testimony prepared for the session.

 Moreover, Rhodes says, more danger for Washington may lie ahead.

 "Recent attacks foreshadow much more devastating Internet threats to come," added Rhodes. "Over 100 countries already have or are developing computer attack capabilities … NSA [the National Security Agency] has determined that potential adversaries are developing a body of knowledge about U.S. systems and methods to attack them."

 As a consequence, Rhodes claimed, "there is a growing risk that terrorists or hostile foreign states could severely damage or disrupt national defense or vital public operations though computer-based attacks on the nation's critical infrastructures."

 Behind the Private Sector?

 At issue is more than just the Internet slowdowns such as those caused by the Code Red virus this summer, but the possibility that cyber-intruders could erase or alter crucial government information.

 "It's certainly a concern," said Jeff Carpenter of the Computer Emergency Response Team (CERT) at Carnegie-Mellon University in Pittsburgh, prior to his own testimony at the hearings. "As the government and other sectors increase their information on the Internet, they increase their exposure, too."

 And some computer security experts say the government has fallen behind the business world in protecting its information.

 "The private sector has to a great extent been ahead of the curve compared to the government in security," says Mark Rasche of Predictive Systems, a network consulting agency in Reston, Va., and a former prosecuting attorney for the Justice Department. "The economics dictate that it be so."

 In Rashe's view, businesses have a greater financial incentive to upgrade security. "It's not that we don't know what the solutions are," he says of the government's approach. "We're just not willing to dedicate the resources to them."

 And Rhodes is calling for cooperation between the government and the high-tech industry to work on the problem.

 "Most of the nation's critical infrastructure is owned by the private sector," Rhodes said. "Solutions, therefore, need to be developed and implemented in concert with the private sector."

 In the Wake of Code Red

 The hearings — held by the House Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations — come at the end of a summer during which government Web sites have periodically been under siege from hackers.

 The Code Red worm, intended to cause outages at the White House Web site, spread rapidly throughout the Internet starting on July 19, and then in another cycle beginning July 31. Earlier this month, a related and possibly more dangerous worm, Code Red II, surfaced on the Web.

 The White House technical staff averted a shutdown of its site, but the Pentagon had to close down numerous Defense Department Web pages on Aug. 1, and the worm ended up intermittently slowing down Internet traffic worldwide over a period of a few days.

 Ultimately, the Code Red worms did not create great damage on the Web, although they infected more than 400,000 computers — according to CERT's estimate — and took a financial toll on companies and government agencies that either were affected by the worm or had to spend money upgrading their security.

 Both worms took advantage of security flaws in two Microsoft operating systems — Windows NT and Windows 2000 — and in Microsoft's IIS server software. It is not known who unleashed Code Red on the Internet.

 Cat and Mouse in Cyberspace

 While the effects of Code Red have been generally contained, security experts warn that the pair of worms are a harbinger of growing sophistication among rogues in cyberspace.

 "Over past 10 years, we've seen intruder community continue to develop their techniques," notes Carpenter. "They've increased their use of worm behavior to propagate attack of machines at exponential rates."

 However, considering all the different functions of the government, it's also clear that some agencies, like those involving defense and national security, are already using far more sophisticated security techniques than others.

 In those areas, notes Rasche, "there are classified networks that are reasonably secure. They come from a culture where security is paramount. But are they totally secure? No."

 Still, Rasche adds, "One would hope that the computers carrying the nuclear codes are more secure than those at the Bureau of Land Management."

 .: Hacker Cracks Site,Forces Trade Halt.                                                           

 By Steve James

 NEW YORK (Reuters) - In the latest in a spate of corporate cyber-invasions, a hacker broke into a paintball company's Web site and sent out phony financial statements Thursday, forcing the Nasdaq stock market to halt trading in the company's shares for more than two hours.

 After discovering its computer security had been breached overnight, Brass Eagle Inc. (Nasdaq:XTRM - news) notified law enforcement officials, including the FBI (news - web sites), which has a special unit that investigates computer crimes. An FBI spokesman in Little Rock, Arkansas, said only that the agency was aware of the case.

 The hacker sent out misinformation about the company's finances in ``hundreds, if not thousands'' of e-mails, said Chief Financial Officer J.R. Brian Hanna.

 The attack prompted the maker, marketer and distributor of paintball weapons and clothing to reaffirm its earnings guidance for fiscal 2001.

 ``On the surface it appears to be a hoax,'' Hanna told Reuters by telephone from Bentonville, Arkansas. Asked if it appeared the attack was aimed at manipulating Brass Eagle's stock to gain a financial advantage, he said that was apparently not the motive.

 ``But after consulting with Nasdaq, we felt it was prudent to make a statement.''

 Brass Eagle said it continues to expect fiscal 2001 sales of $100 million to $105 million and diluted earnings per share of about $1.00.

 ``Everything was fine at the close of business yesterday,'' said Hanna. He said the hacker had apparently entered Brass Eagle's Web site and sent e-mails ostensibly from the company, to addresses of people registered to receive company mailings.

 This could include everyone from paintball enthusiasts -- of which there are an estimated 7 million in the United States -- to potential investors and Wall Street analysts.

 A spokesman for the Nasdaq stock market declined any specific comment about Brass Eagle. But he said under Nasdaq rules, ``when a company has material news that might affect its share price, as this (case) would, they are required to publicize it as widely as possible.

 ``They must notify the Nasdaq usually about 10 minutes before (announcing the news) and we work together on the timing of the trading halt,'' the spokesman said.

 Trading in Brass Eagle shares was halted around 10.40 a.m. EDT Thursday and resumed more than two hours later. The stock closed on Thursday up 28 cents, at $6.24.

 Hanna said computer security was being tightened at the company, which employs about 150 people at a plant in Neosho, Missouri, and another 50 in Chula Vista, California, where Brass Eagle makes masks and clothing for paintball -- a manhunt-like game that is also used by some companies to test management skills.

 The company also operates an ``X-treme'' sports facility, Challenge Park Extreme, in Jolliet, Illinois.

 This was just the latest case of cyber-invasion in the information age.

 This month, a student who issued a fake press release that triggered frenzied selling of shares in data storage equipment maker Emulex Corp. (Nasdaq:EMLX - news) and sent Wall Street into a panic, was sentenced to three years and 8 months in prison.

 And a day trader accused of posting fake press releases on the Internet claiming Lucent Technologies Inc. (NYSE:LU - news) would not meet earnings projections, agreed to settle civil fraud charges with federal securities regulators.

 Earlier this summer, hackers entered a computer system that controls much of the flow of electricity across California, and in Toronto, JDS Uniphase Corp. (JDU.TO) said a hacker broke into its Web site and gained access to a draft of its fourth-quarter financial results.

 Overseas, Infosys Technologies Ltd , one of India's biggest software companies, said one of its corporate banking Web sites was down for several hours after hackers broke into it.