Slashdot Mirror
Louisiana Man Pleads Guilty to Creating 911 Worm
mabu writes "The United States Attorney's Office for the Northern District of California announced that, roughly a year after his arrest, David Jeansonne pleaded guilty Tuesday to two criminal counts in a scheme that sent email to users of Microsoft's WebTV Internet service containing an attachment that, when opened, reprogrammed their computers to dial 9-1-1 without their knowledge. It still unclear what motivated this 43-year-old to launch such a bizarre worm."
"Help! I'm using WebTV!"
You can have my cynical agnosticism when you pry it from my cold, dead logic.
This was a very, very, very dumb thing to do on his part. I could see the courts giving him some leniency if he was 12, but at 43 years of age I think he will get what he deserves. Does anyone know if the worm caused any delays in getting through to the 911 system that caused serious injury or death?
News Reporters Make Tasty Polar Bear Treats!
"It still unclear what motivated this 43-year-old to launch such a bizarre worm."
...
What? Mean and stupid doesn't cover it?
It's like asking why that person cut you off in traffic endangering the lives of a half-dozen others... cuz their mean and stupid. It's not some huge racist or plot
The guy probably thought he was hot shit writing a virus [instead of something productive like an OSS project that could benefit others...] and released something destructive.
The balance in me wants to say "for every good there is a bad" but fuck it. The dude's just plain mean and stupid.
Tom
Someday, I'll have a real sig.
None. He's just a dick. This isn't a cool hack or anything meaningful in computer science. It's taking an exploit of some type and messing with people's lives. Those operators on the other end and the police who are dispatched shouldn't be wasting their time with this nonsense.
Why do these people think that causing damage through an exploit is anything but stupid? It's not clever since they don't even find the exploits, they just use them.
It still unclear what motivated this 43-year-old to launch such a bizarre worm.
My guess is he wanted to flood the 911 service with useless calls, and in the long run potentially harm people because they can't get through to 911.
wow, can you say get out of your parents basement and get a girlfri....
Sorry wait, this is slashdot.
I like muppets.
..to see if he could.
That's what virus writing used to be all about. Darn kids and their spam n' such. Why in MY day we wrote virii for the pure joy of destruction and chaos!
... That only a WebTV user would be naive enough to open an attachment like that.
Sadly, I've found that the great majority of people I know apparently have the intelligence of a WebTV user.
This either means that even rudimentary computer security is far too complex for the average person, or that I need to get some new friends.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
People from Louisiana can use a computer! Who'd have thought it!!
8)
Perhaps he wanted to create a Denial of Service attack against the 911 system.
-- Thou hast strayed far from the path of the Avatar.
According to TFA, only 21 people actually received this thing. I've cause more damage most days just driving to work.
Next on slashdot: Bill Gates picks nose, AGAIN! Film at 11.
Yeah? Well I think you're overrated too.
If they ever have a reality TV show based on this, I hope they won't call Eric Estrada and tell him "CHiP's" is being remade...
CHIP unit? Never heard of it.
Sorry. I must disagree. Flooding the Larry King Show with fake calls is somewhat funny. Flooding a 911 center with fake calls is NOT.
ROTFL - seriously, if you're going to email your 25 closest friends - shouldn't you first make sure your virus doesn't directly involve the police coming to their door? Granted, it might be considered a funny prank - but at least make sure you can't be traced as easily as the from: 'Best Friend in Louisianna'.
wrong is wrong. if a 12 year old did this, it is just as much damage. hey, just a few days ago a court sent to prison a 13 year old who killed his grandparents because zoloft made him flip out. if a 13 year old gets nailed while on a doctor prescribed drug, who is going to give a 12 year old a break who is in their right state of mind?
i think what would be interesting is laws that punish parents for what thier kids do. but that could ruin a whole family, i could see someone losing their townhouse and having a mom out on the streets with 3 other kids because one of her kids is a nerd.
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
Actually, it would have been funny if it called up the local Pizza Hut. Or maybe if it randomly dialed people and asked if their refrigerator was running. This, on the other hand, was just dangerous.
Unknown host pong.
Look up. Do you see that? It's the joke. It's going over your head.
What is this dialing you speak of? Your computer dials? How does one make a computer dial? Why would one make a computer dial?
I mod down so you can mod up. Your welcome.
He had reprogramed them to dial romanian sex chat numbers he would have been invited to join the Direct Marketing Association.
Hey, it was one way of getting his name on Slashdot. Come on, how many of us lowly cretins here in the comments section have ever been referred to by our full names in a Slashdot post? Yeah, I can count all two of you out there. The guy's a douchebag, but, by jove, he's a famous douchebag!
It still unclear what motivated this 43-year-old to launch such a bizarre worm.
Simple... Why does a dog lick his own nuts? Because he can.
hack a day
You know, there is stupid, and then there's STUPID. Let's take tings one at a time. First this fellow created and released a virus that caused WebTV devices to call 911. This, of course is stupid on it's face, because flooding 911 with a lot of fake calls can obviously cause delays for real emergencies to get through, and possibly contribute to people dying or other physical destruction that might have been avoided. As well, there's another stupidity here: did this guy think that there are actually enough WebTVs to cause mass mayhem? I'd guess they are probably widely dispersed around the country so any given 911 location might only have a few machines that would be calling in, and then only if he achieves 100% coverage. Stupid. Again. And finally, the only way I could get my parents to communicate online was with a WebTV. These folks are not really tech savvy, and they often call me on the phone to ask what to do with this attachment thingie they received. I'd guess there are a fair number of WebTV users out there who might also not know what to do with an attachment, or not notice that it's there, and might never even open it up. This will also cut back on the virus coverage. Stupid. Again. I guess this fellow either was not smart enough to figure this coverage issue out - or maybe he went for low coverage because he really was not trying to do much damage? Nah. Stupid. Just plaun stupid. smp
Perhaps we was trying to prove the concept that it is possible to DoS the 911 service. Perhaps he was doing this because he was aware of the danger to himself and others, and wanted to prove the point to the herds of people that were buying these things, not caring about the potential danger to society. Perhaps he wanted to make news in the hope of saving more lives from an even worse situation which might have been created by not doing anything at all and waiting for 10 years.
Or perhaps he was just being a dick. Oh well, I guess we will never know.
I'll probably be modded down for this...
Most likely he was motivated by sheer boredom. There isn't a lot to do in Louisiana if you actually live there (as opposed to being a tourist). I speak from sad experience.:-P
picpix image polls. create - share - vote. fun!
Metairie is the old suburb adjoining New Orleans. Jeansonne was probably possessed at the time he wrote the worm.
--
make install -not war
If you're 12 it might seem like a prank, and you don't want to ruin the kid's life but hit him hard enough that he realizes that what he did is dead serious and never thinks of doing it again. He certainly deserves to be punished, but not as severely as a 43 year old who should be capable of fully understanding the consequences of his actions.
Umm...Timbuktu used to recover stolen iMac
A prank done to annoy people results in a much greater sentence than a thousand petty crimes done for profit under a corporate banner.
If you don't get it, don't mod it.
Swirlies are SO 2004. When this master cracker is convicted and sent to prison, just put the programs that keep track of prisoner feeding schedules and parole hearings on an unpatched Windows box connected to the Internet.
No mod points, no meta-moderating/Firehose/all the other free work Slashdot wants me to do.
So dificult is to write a virus and not to be arrested?
ajf
When the worm hit the UK, the tape answer machine overheated "You have dialled an incorrect number... you have dialled an incorrect number... you have dialled an inco.....Pppppppppppppppppp"
You mean like printers should not be allowed to print images of money?
Where will it end? Frankly, I'd rather never see it get started.
As soon as the OS becomes your own personal government controlled police force, then we'll really be sorry.
Contrary to popular belief, coding is not all free blow-jobs and beer. Those things cost MONEY!
Probably something along the lines of, "I dunno..."
...and you wonder why your heart is a mess?
Hmmm.
Ummm...actually no it's not funnny at all.
That's not what I said. I said it should require explicit authorization from the user. For example, a dialog box which says "Your modem is attempting to dial 911 -- do you wish to allow this operation?"
It's no different than having a safety on a gun. The printer comparison is just a strawman.
A few years ago with an old mini-laptop type thing(Windows CE 3), I was trying to get it to dial in to my ISP. I was messing with the dial options(like dial 9 before a #, etc), and didn't notice that it would be dialing like 1-911-#... So, when I dialed I could hear the 911 person, but since I had no mic, I had to hang up and let them call me back. Definately one of those "Oh shit" moments.
Every time you post an article on Slashdot, I kill a server. Think of the servers!
Or we could just outright ignore them, and they'd go away.
Some people have a reason to use the AC - in case they're posting about something they don't want blatently linked to, etc.
But yes, ACs can be annoying. Usually it's just trolling though....
Karnal
Uhhh
what's your point?
If you're implying that this guy shouldn't be sent to jail because he is probably "weak" and will get beat up; then THAT is funny. This isn't some harmless prank or victimless crime. By flooding the 911 lines real emergencies are not responded to.
This guy is an idiot. I have little sympathy for him.
Or maybe you're trying to say that autodialing 911 is somehow like beating up the neighborhood weird kid? I don't know.
so to sum up:
This guy is an idiot, and should go to jail.
A phone shouldn't be allowed to call any number it's dialled to call? Does that sounds a little big-brother-ish? What if I bring my computer over to the UK, where the emergency number isn't 911? How we just build a system that makes it difficult for people to run arbitrary attachments and unsafe programs? Oh, wait... that's just not running as administrator and/or using something like Linux. But by all means, let's make MORE laws. Just what we need.
My blog. Good stuff (when I remember to update it). Read it.
How does this have anything to do with my rights online?
And I should clarify that I am not advocating a law here, just saying it would be nice if OS makers would voluntarily add this sort of safety feature. As I said to the other person who responded to my comment, this is no different than a safety on a gun. It doesn't restrict your use, it simply helps prevent accidents.
Imagine if there was a radio signal you could emit that would cause all handguns in the vicinity to fire -- that's essentially what this virus did. How is it unreasonable to put a safety system in place?
Something funny comes to mind, where a modem could be DOSed by a virus that tells the OS that ALL numbers are emergency.
It's a tradeoff. It seems preferable to DoS people's modems than the emergency response service.
He references the very funny Terrible Secret of Space.
What exactly does that mean? If you dial '911' in the UK, do you get called back by someone saying "You have dialled an incorrect number"? That's awfully strange.
Don't unfairly truncate my statement. I said without explicit authorization. And I never mentioned the word "law" anywhere, nor had I even imagined making this a law. That came from YOUR mind.
What if I bring my computer over to the UK, where the emergency number isn't 911?
In that case you would presumably be running the UK version of Windows which would be programmed with the appropriate emergency number.
See also:
http://www.attrition.org/security/denial/w/mod-at
The operating system should not allow a modem to dial an emergency response number without explicit authorization from the user
;)) , like dial 911 if the microphones in your yard detect a shotgun going off or if your paranoid enough , no one refreshes the /. page for 15 mins (in case of a kidnapping or something u know)
I dont think so. First of all, 911 is not an emergency number everywhere in the world. For example in may countries 100 is the emergency number. And 100 (at least with my provider ) links me to the directory service or something. So we would need to select the blocked numbers based on the country of residence. Which jest means more complications. And ofcourse ppl might want to use the computer as an emergency service (Not with MS Win though
I wonder if someone could argue that he is liable for any deaths or sustained injuries caused because people could not get through to the 911 service while these attacks were going on?
Thus my use of the term "emergency response number" instead of "911" in the very sentence you quoted. Why are people so quick to criticize when they haven't even read my statement carefully?
And ofcourse ppl might want to use the computer as an emergency service (Not with MS Win though ;)) , like dial 911 if the microphones in your yard detect a shotgun going off
Then, of course, it could be disabled. I never, anywhere, suggested that this should be legally mandatory. It is precisely the same concept as a safety on a gun (except than gun safeties, I think, ARE mandated by law).
Honestly, I don't see why everyone is so riled about my comment. They are reading into it what they want to see, not what I actually meant.
I dont know..
Well, for Linux at least, perhaps making a requirement in the driver so that when X number is dialed, it requires root passwd.
So, even if youre root, you get re-authorization that you actually intend to call 911.
He's an asshole?
....why does the WebTV allow an attachment to reprogram itself?
Coder's Stone: The programming language quick ref for iPad
Wait a moment here. Just because this fool was from Louisiana doesn't really justify all the Louisiana jokes. As a Brit who has lived in this State for 8 years and taught in a University, I can tell you that not everone here is dumb. Not only that, of any State I have been to Louisiana is one of the most interesting. We have Cajun food, Cajun music, Zydeco music and Creole music. We have amazing festivals, many of which are completely free (see http://www.festivalinternational.com -- the site sucks, but the festival rocks). OK, the place is a bit ferral and rough at the edges and our politics can be a little 'interesting' (as the saying goes, 'We have the best politicians money can buy'), but that helps make this a unique State. It sure beats the strip mall culture that you find elsewhere. On our campus, we have 'gators -- this is wild and wierd. Perhaps some of you should come visit. But please do not insult a place you do not know because of one fool.
We already have that option. Check prferences -> comments -> set the AC mod to -6 and your threshold preference to 0. Bam, you don't have to see ACs anymore -- but that doesn't mean they aren't there...
Click that button marked "Preferences". Yep, that one. Click that. Now, "Messages"...good. Now see that "threshold" button? Set it to the "1". There, look at that, no more AC's unless someone's seen fit to mod 'em up!
Unfortunately, that doesn't always ENTIRELY solve the problem of, say, people ranting way the hell off the topic. But it sure helps.
To fight the war on terror, stop being afraid.
Why is the parent +4 Insightful?????? This should be -2:Redundant. Or at least -1:Idiotic. Or maybe, just maybe, +5:Droll Brit Humor.
All moderators who modded the parent comment up should be dragged into the street and shot.
"Thank you. Please spellcheck your genitalia references though.
What does it say about your intelligence; that you would get so obviously upset about some silly comments on a website. Oh cares! Why would you arbitrarily attack someones intelligence? Does it make you feel like a big man? Oh yeah, way to post a AC "Big Man".
via a modem perhaps?
Mo-dem? What is this mo-dem of which you speak?
-Forrest Cameranesi, Geek of all Trades
"I am Sam. Sam I am. I do not like trolls, flames, or spam."
It still unclear what motivated this 43-year-old to launch such a bizarre worm.
Like he's going to pull some great reason out of his ass. What could he possibly say that would make reasonable people say "Ohhh! No wonder!"?
It still unclear what motivated this 43-year-old to launch such a bizarre worm.
One problem with offshoring is that idle, bored, lonely programmers are not something you want to have too much of as a nation.
Table-ized A.I.
But perhaps such a safety feature should be incorporated directly into all modems
It reminds me of some tech support story where someone enabled dial 9 for an outside line, long distance so dial 1 and for the number they used the syntax 1-xxx-xxxx. So the modem would end up dialing 9-1-1. I don't know if it's a true story but it sounds possible.
I'm not sure it would be a good idea to have modems start restricting your ability to dial 911.
It would be a damn useful feature for an alarm system. Someone breaks in triggers an alarm and boom 911 gets dialed.
And also while 911 a popular emergency number... not everyone uses 911 in the same way. You could be restricting calling legit numbers.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
Now watch as parent and this post go down as "offtopic".
Dave was in my drug class and I was in a halfway house with him until he was sent to California in November. hope he gets out of it...somehow. Still learned a few things from him before he left >:)
I have always thought some of these guys do it to draw attention towards their programming "skills".
They may do it in order to get a job later on working for an anti-virus company ( think of the retired burglars on that new discovery channel show " it takes a theif").
-William
God is everything science has yet to explain.
Yes, viruses designed by idiots for computer systems with security evidently designed by morons. How fitting.
He just saved 15% on his car insurance!
I think it's been stated before that he released this primarily as a POC and since 911 automatically sends officers to the doorstep, they are guaranteed to call Microsoft and complain.
Unlike other viruses where nothing damaging happens, this one actually got Microsoft to get their rears in action fixing real issues.
It doesn't help that IE exploits come out once a month and Microsoft takes anywhere from one to two months to fix them. Or in the case of some exploits, just ignores them.
One extremely egotistical type generated a great deal of dislike, if not outright hate. Jeansonne was part of this individual's clique. The actual "exploit" is very simple to do and well known. Jeansonne was just the first person to combine the requisite amount of vindictiveness and stupidity to actually do this. Almost all WebTv users have html signitures that rival web pages in their complexity. A simple
was all that was necessary.
Having the police arrived unexpectedly at their door was very unsettling for the mostly female recipients of the email. Some were accused of making the calls on their own and threatened with arrest for missusing the 911 system.
This was not a virus, but a direct personal attack against the victims of the email.
I don't care what he says. Dialing HIS OWN PHONE and then publishing the call stats would be a proof of concept. Dialing 911, taking police away from other situations where people really need them is not a proof of concept, it's called "being an asshole."
Not true- if you have to dial 9 to reach an outside line, you have to dial 9-911 to call 911.
But... if you don't have to dial 9 to reach an outside line, and do it anyway... click the checkbox to prefix with a 1, and in the number field have 1-xxx-xxx-xxxx, the end result would be 9,1-1-xxx-xxx-xxxx.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
1. This was sent to -25- people. As a deliberate attack.
2. If you want it installed in YOUR computer go ahead.
3. My computer doesn't dial any number's that -I- don't want it to.
4. Don't give the government more power then it's already trying to take.
If you're running a remote heart monitor on a platform which is susceptible to viruses, you already have significant problems.
Your desire is not thought out at all and that sort of knee jerk "it shouldn't be allowed to do that" reaction is what is taking us down OS/application/ISP regulation rules hell.
For I think the fourth time now, I NEVER said this should be a law or required by regulation. It's just common sense. If you require your computer to be able to dial the emergency response number for whatever reason, you could just disable the interlock. Which is all this is -- a safety interlock.
If you think I'm advocating regulation, you're hallucinating.
Or, more specifically, the ICQ prank on which that flash movie (I assume that links to the flash movie) is based. You may find it at www.somethingawful.com in the ICQ pranks section (I believe it is called Attack of the Space Robots or something like that).
Bob.
GAAAAAH. Please excuse my profanity for a moment: where the FUCK did I mention the government? Where did I mention a law? Where did I ever indicate that this should be anything other than a safety feature, enabled by default, which could be disabled by the user if they want?
Do you have a problem with safeties on guns? Those are MANDATED by law. This wouldn't be.
Oh, and don't even TRY the argument that you shouldn't be forced to turn off a setting if you don't want to -- if you use Windows you ALREADY have to do a ton of shit just to make the system secure. This is one little tiny thing you would have to disable if you are one of those very rare people who needs emergency dialing ability.
Trolling here like you did also shows a tremendous inteligence... Grow up man
The AACS key is NOT 0xF606EEFD628B1CA427BEA93A9CA9773F
As well as Girls Gone Wild.
I didn't know they had access to the Internets down there.
He could have done this a bunch of different ways if he wanted a private chuckle. He could have had virus call any number even a number at a public place where he could see it happening. Set it to happen at a particular time.
He didn't do that. He had it call one of the few places the would make it certian that the police would come after him. He had it call the police.
If it had called the local Denny's he could have sat there and watched and after it was all over most people would not care to persue it.
No, it would not be damn useful- if your alarm system dialled 911 to my center, you'd be well on your way to not having a phone line. Automatic diallers should be set to a non-emergency 10-digit number. Alarms are well over 99% false calls. That's why most places will start charging you for a police response after your 3rd false alarm. 911 in the U.S. is reserved for emergency calls only- there is no other use for that string of numbers.
"Never pet a burning dog."
Ever since we switched to a new phone system in the office a month or two ago, this has accidentally happened (while people were trying to dial numbers in the UK from Canada) at least half a dozen times so far. We ended up having to change the emergency number to '9911' since everytime someone would accidentally call, the police would visit the office and said that if it kept happening they would start charging us for the false visits.
You mentioned government by referring to something that should be included in all OS's, therefore some sort of regulation should be enforced. Sorry if I took it to the extreme, but honestly, people should be able to take care of themselves.
In the end, it was a mistake of implication.
I don't see this as affecting a whole lot of people, he directed it to people he disliked for whatever reason. Web-TV seems like the only thing truly vulnerable to this sort of attack(easily mind you). Anything else would be more of a click on an attachment/download type thing.
I apologize for reading into you post more than I probably should have.
I was once a WebTV user, before and through the time that Bill Gates bought it (he gave us copy and paste). It was one of my first internet experiences and I genuinely enjoyed it, I even used irc heavily at that time without knowing it. This was probably 10 years ago though.
Anyway, the point I want to make is that you can't do much security-wise with WebTV. There is no third party software. Period. You dial up, it downloads updates every now and then, and you use their browser, their mail client, their everything with no choice (except for web-based stuff). The only thing to watch out for is phishing scams.
Who would have thought that a WebTV user would mature to a Linux addict?
His problem was either that he didn't know who he was pissed at, or didn't care.
He just wanted to cause damage. We all -- or at least a hell of a lot of us -- get the urge, he just had a prolonged bout and followed through on it.
Assume I was drunk when I posted this.
Since when does joking about something make one a supporter, or even tolerant, of it in real life?
Or do you think it is ok to make racist jokes about jews or black people or bigot jokes about gays and lesbians because, after all, you are "just joking"?
*shrug*. Depends on context. There are plenty of comedians who, being part of some minority, that make jokes about their own people that, were said jokes coming from someone else, would be considered severely inappropriate. I don't think that makes them wrong, necessarily.
In any event, it's not really what I was referring to -- making jokes about someone isn't the same as making jokes about something. A better corollary would be making jokes about racism or making jokes about bigotry -- would you argue that said jokes are necessarily supportive of their subject matter?
Take care of themselves in what way? What option do I have now to prevent my computer from dialing 911?
Thanks for the apology, it's a rare thing on Slashdot.
I think it does make sense in the same way that it's handy to be able to stop certain web sites from being loaded. It should be a fairly trivial feature to implement in any decent system.
I think you're fighting a losing battle here though.
Taking it a bit further, wouldn't it be handy if, when you dial premium numbers from your phone, you would get a brief 10 second message just advising you of this?
-- Using the preview button since 2005