How a Bookmaker and a Whiz Kid Took On a DDOS-based Online Extortion Attack

Facing an online extortion threat, bookmaker Mickey Richardson bet his Web-based business on a networking whiz from Sacramento who first beat back the bad guys, then helped the cops nab them.

Chat sessions continued for eight weeks. Often they were jarring and discombobulated. Cyrillic characters mixed with poor English. There was foul language and other noise. Turner watched eXe attack Microsoft and probe SCO.com. But over time, eXe began to chat more freely with Hardcore. In a couple of long chats, they talked shop in detail, Hardcore always deferring to eXe and praising his skill. This seemed to put eXe at ease.

eXe: i shall be happy to see u again. welcome

Hardcore: :) thanks hehe

eXe: i's eat now. =)...maybe i will sleep later=)

Soon enough, eXe pointed Hardcore to a webpage with attack scripts on it, and he gave Hardcore an ICQ chat client user ID that he hacked. (Perhaps as a gesture of friendship, he gave the account the password "hardcore.") The ICQ account allowed Turner to chat directly with eXe, but it also led to eXe's biggest mistake when eXe conducted a file transfer over this ICQ connection. Turner nabbed eXe's real IP address and traced it to a dedicated broadband line in Russia, a cable modem that he determined eXe paid for himself.

March 1, 2004: Finding Ivan

On March 1, Hardcore and eXe chatted on ICQ. EXe had been waiting for some attack code that Hardcore had promised to write for him. It was the most productive conversation Lyon and Turner would conduct.

eXe: hi how are you?

Hardcore: hey man. pretty good...it's pretty cold here right now, what's russia like? hehe

eXe: i'm good...Russia is like the Russian vodka=)...u give me code?...

Hardcore: I still have just a little bit to do to make it functional. I'll have it for you soon dont worry :)

eXe: ok...i'm relax =)

Hardcore: i noticed you have like 4 different types of bots in there...are you testing new bots?

eXe: yes...

The two talked about zombie networks, and Hardcore pressed eXe to tell him the size of the biggest zombie network he'd ever seen. EXe bragged about a 10,000-bot network, then added, "it's no many, i seen more."

eXe: how old are you?

Hardcore: 23...how about you? :)

eXe: i am 21 =) my name is Ivan. i'm from Russia. my nationality is Russian.

Hardcore: My name is Matt :) Ive always lived in canada

eXe: i happy to meet you

Hardcore: nice to meet you too ivan :)...do you work or go to school or just do this? ive made a lot of money doing this so far :) :)

eXe: school. i'm study. inginier-mechanic. etc=) i'm learn french. my English is very bad.