Slashdot Mirror
Teenager Accidentally Launches DDoS Attack On 911 Systems (softpedia.com)
A Phoenix teenager mistakenly tweeted a link to JavaScript exploit which forced iOS devices to automatically dial and re-dial 911. An anonymous reader quotes Softpedia:
The teenager created several weaponized versions of this bug which would constantly dial a phone number, or show annoying popups. The teenager says he wanted to prank his friends, thinking it would be "funny," but when he shared the weaponized link online, he shared a version that instead of showing annoying popups, redialed a phone number, which in this case was 911.
In September researchers calculated just 6,000 smartphones can take down an entire state's 911 system, while more than 1,849 people clicked on this link, according to the article. Sheriff Joe Arpaio's office searched the teenager's home -- "several items were seized" -- and they've charged him with three felony counts for computer tampering.
In September researchers calculated just 6,000 smartphones can take down an entire state's 911 system, while more than 1,849 people clicked on this link, according to the article. Sheriff Joe Arpaio's office searched the teenager's home -- "several items were seized" -- and they've charged him with three felony counts for computer tampering.
Accidentally? Seems really unlikely. I'd like to see the code to see how that was possible.
After all, if it weren't for that bug bounty enticing him....
Seriously, this guy needs a firm slap on the wrist and a year or two of probation, not prison time.
When it comes to carelessness, this ranks up there with the Robert T. Morris Sendmail worm of 1988. Heck, I'd hold Morris to a higher standard than this guy since he (Morris) was a graduate student at the time and presumably knew what he was doing more than Desai.
By the way, Morris was elected Fellow of the ACM in 2014.
References:
https://scholar.google.com/sch...
http://awards.acm.org/award_wi...
And the not-always-reliable reference, Wikipedia:
https://en.wikipedia.org/w/ind...
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Charge the device maker instead. The kid did a javascript link. It's the device maker with the shoddy browser that is at fault.
If you have $237 billion in the bank, you have the resources to fix a browser exploit on your phone.
911 is consider critical infraestructure for defense and security. attacking this number is a cibercrime according to US law. He must be put in JAIL
Is that such an incredibly stupid bug is even possible.
Thanks Apple.
No. Fry his ass.
I dont care if the 911 was collateral damage or his true intent, he at the elast intended on causing problems with his friend. Uncool. Make an example out of him.
Up the dosage of whatever you're on.
He's probably a Linux hacker. This domestic terrorism must be dealt with in the harshest way possible.
How do you almost crash the system or almost take it offline. Sounds like bullshit.
What this teenager did was bring attention to a bug that never should have existed to start with. If they want to blame anyone, they should be blaming Apple for allowing it even be possible. But hey, they didn't hire cops for their intelligence. -_-
Anons need not reply. Questions end with a question mark.
A huge safety-critical network that can be crashed ***by accident***! What a magnificent design achievement! Just imagine what could be done by someone competent who was actually trying to crash it...
I am sure that there are many other solipsists out there.
Friends don't let friends enable JavaScript.
(Man, if only is was that easy. Seems a LOT of sites use and/or require JS when they really don't need to -- and I'm looking at you too /.)
It must have been something you assimilated. . . .
He's a child.
Punish the monkey, let the organ grinder go. What about the corporation that releases shitty software that can do this?
He's 18.
Anyway, he's old enough to know better than to pull this kind of shit.
to get a phone to dial a number. There's lots of APIs for it once you've got access and there's tonnes of 'sploit kits to get you that access. This is the very definition of a 'script kiddie'. Give 'em a slap on the wrist and so long as he doesn't do it again move on. Short of torturing him to death you're not gonna get enough notice out of this to make an 'example' out of it but you might ruin some dumb kid's life. Then again this is Joe Arpaio...
On a completely unrelated note our 911 system is so fragile that a script kiddie can bring it down. Thanks constant tax & spending cuts and rampant program defunding!
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Arpaio's beat? Boy, did he pick the wrong jurisdiction to screw up in....
When something happens in a crowded area, and hundreds of people whip out their smartphones to dial 911, the system gets regularly DDoSed anyway.
I wonder if anybody is thinking about some protection on the cell level. Like, when there are already ten 911 call originating from one cell, additional ones need some confirmation form the caller that they really want to make an additional one.
Pssssst---You're replying to a troll-bot that's been gracing these pages for a decade or more.
Il n'y a pas de Planet B.
So pranks should now be punished by having, quote, your ass fried? Overkill mcuh?
-=This sig has nothing to do with my comment. Move along now=-
I always felt that one question that should be asked is it is worth jailing this person for three felonies worth? With prison costs of $60K a year I don't think it's worth this much taxpayer money unless someone actually got hurt. Make him agree not to do it again, give him probation and community service, and threaten to not be so nice next time should someone else duplicate this.
Users are now required to dial 0118 999 881 99 9119 7253
bill him the cost of a new switching system. That should run 50K-100K in damages.
Auschwitz was just a prank bro
Kind regards,
Hitler
People who are Romanes to the house go!
before 9/11 you where able to get away with that. Now days he will lucky get in to the juvenile system.
Spoken like a true cave-man.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Fuck Sheriff Joe Arpaio. That's all I have to say, and it's not related to this article
The amazing thing about making examples out of carelessness is that it doesn't work. If he actually didn't intend to bring down 911 then making an example of him would be zero deterrence to other people who also don't actually intend to bring it down.
What you would do is fuck up someone's life, but that's the American way right. White picket fence for the law abiding Christians going around in the rat race, and completely fucking the lives up of everyone else, imprisonment, joblessness, homelessness, dependency on handouts, etc. Yeah that's much better.
Interfering with the 911 system can kill people. It's a really, really bad thing to do. He doesn't have to fry but he does need a lot more than a stern talking to.
That has precident. I was there when it happened.
Robert Morris was tried and convicted of violating United States Code: Title 18 (18 U.S.C. 1030), the Computer Fraud and Abuse Act[10] in United States v Morris. After appeals he was sentenced to three years probation, 400 hours of community service, a fine of $10,050 plus the costs of his supervision
https://en.wikipedia.org/wiki/Morris_worm
Having 1800 people click a malicious link is not accidental. I wouldn't let a single one of my friends click a link that called 911 repeatedly. Anyone with common sense knows that the cops will come to your location if you hang up immediately, dead air, or not. If you dial, they're coming. The court system certainly didn't believe his feigned ignorance story. He did it because he didn't think he would be caught or penalized for his actions out of sheer ego or stupidity. If it was accidental then sure a warning and community service would have been warranted. He received felony charges for good reason. The bug bounty program was by invite only for major corporations security teams, he was certainly not invited. I agree with the charges his state (Arizona) has brought against him. It's sad to hear of talent going to waste. Maybe when he matures a bit he'll find a company that might want him, maybe. Most likely he'll be working at a convenience store for the rest of his life.
Quick, nobody complain that a scripting language has security privileges to dial phone numbers. Let's blame the teen that wanted to annoy his friends (with a pop-up function) instead.
Computer tampering sounds like specific intent, unlike the more nebulous computer abuse crime; can the police make it stick?
What's worse, is the hidden assumption that we all have to tiptoe around gaps in device security and safety: Software developers can throw QA away, because now it's the consumer's responsibility to ensure the software doesn't break anything.
More like a Trump style "Law and Order" voter. No mercy, especially for brown people, is their calling card.
I thought the 911 referred to the amount of systems he launched attacks on.
Sheriff Joe is one of the few left in the west who thinks the actual laws matter, NOT what somebody thinks the laws should be, but what it actually IS.
Your apparent hatred toward him tells me you are a progressive who does not want the borders enforced, the laws upheld, criminals to be actually punished and normal average law-abiding citizens to be protected. I'll take Sheriff Joe any day over a thousand destructive, nasty, criminal-coddling, and hate-filled people like you.
yeah, yeah, I know, you might point to a Democrat judge who has been involved in the political campaigns to unseat Joe over the years, and who did the unethical thing and took a case against him while contributing money to his opponent, and then issued rulings against Joe for violating the imagined possible alternate meaning of what that judge imagined the laws should say - but that's not Joe actually violating any actual law; it's a political case he will ultimately win.
I love how people still question Wikipedia, but never question encyclopedias... despite studies showing that wikipedia is more accurate on average than encyclopedias...
Taking down 911 is no laughing "slap on the wrist" matter. People need 911 for actual emergencies. Shutting down that system is akin to sentencing people to die in certain circumstances.
Stoned or stupid?
I'm not signing anything
So he's responsible enough to go to jail for negligence doing a job (or go to war) , but he's not responsible enough to buy a beer.
I don't know, after Operation Sundevil I think it was made clear that you don't fuck with the 911.
Typical. The left in the US despises anybody who is serious about actually punishing criminals or enforcing the southern border.
Joe is the most serious sheriff in the nation on both counts, therefore every left wing group including the ACLU are constantly attacking him. It's a near religious obligation on the left to destroy him, like a secular version of the pilgrimage to Mecca.
It does not matter if he serves perfectly healthy food to all his convicts for years, if an inmate gets a spoiled item, as happens in EVERY institution from time to time there is a left-wing lawyer or advocacy group lined-up to drag him into the notoriously extreme left wing 9th circuit court.
No matter how many times he goes after people for sex offenses against minors, if he pushes to deport a bunch of illegals back into Mexico and any of them claim to be victims of a sex crime, then the news will be that he did not prosecute the sex crime, even if the alleged incident happened in Mexico rather than in his jurisdiction.
These 60's tactics are extremely popular on the left, but many of the rest of us has seen through them for a long time. Lawsuits as an alternate form of warfare.
There's simply no reason to take any of these political stunts seriously as long as they are part of a pattern of left wing lawlessness. Secure the southern border, and stop recycling criminals and then we can talk about whether there is any legitimate argument against Joe that is not an orchestrated propaganda action. As long as you lefties insist on not enforcing all the laws you do not like, you have ZERO legitimacy in complaining about Joe. After all, even if he IS doing all the things you claim, then there's nothing wrong because that would just be HIM ignoring the laws HE does not like. Pot: meet kettle.
Surely if anyone is at fault here it is apple for deploying buggy code and the department responsible for a 911 system that crashes under 6000 calls...
Being charged with something and being convicted are two completely separate things.
Law enforcement almost always charges kids with the maximum knowing full well that when it gets to court it will be plea bargained to a misdemeanor.
In all likelihood this kid's parents will be required to pay damages ~$3000ish and the kid will get 120 hours of community service and a year or two probation.
he's not responsible enough to buy a beer.
Based on the 18 year olds I've known, no, he's not.
Should still be allowed to, of course. Shit, how else are you going to learn?
The legal drinking age isn't 18 in most North American jurisdictions because when it is (and it has been tried, based on legislators buying the "go to war" argument) then High School seniors can buy booze and attend school drunk, with little recourse for the school to address the disruptive behaviour.
... I was actually grandfathered in, when they changed it back (to 19) after one year, but wasn't effective until after my birthday. Pure Fucking Chaos in the High Schools, at after-hours sports events, you name it.
We had it here
Which kind of shows that, *supervised* you can send a kid to war but on their own, they act like big-bodied children.
The human brain isn't fully mature until 25. His problem is that he took unnecessary risks and it bit him in the ass. But as his brain isn't fully mature, that isn't too surprising.
Of course he needs to be punished, but consideration should be made for his immaturity, so it certainly shouldn't be a punishment that will ruin his future.
"Computer tampering" ? He wrote some code and distributed it. There's no mention he ever called 911 or any other number using this code. I see no evidence that he "tampered" with any computer except his own. Writing code is not a crime, especially open source. Using it could well be. Did he do that? This sounds to me more like the so-called crime of "contributory copyright infringement".
I count these as barely human cave-men. But yes, these failed human beings tend to cluster around "leaders" that share their lack of positive human qualities.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Children are never responsible for anything anymore.
Bringing down emergency response systems means that lives are put on the line. If your 911 call can't get through then lives could well be lost as fire appliances do not get to fire or ambulances to someone with critical injuries or a heart attack. This is not some harmless prank but an act of lethal irresponsibility. People who make hoax bomb threats have been imprisoned this act is equivalent or worse.He claims the release of the weaponised version was an accident, that does not affect the fact that he created it. It is best to lock him up and throw away the key to stop others thinking that this is an acceptable prank.
https://www.youtube.com/watch?...
"A heroic service dog saved the day by dialing 911 and pulling her blind owner to safety after the home they shared in the Holmesburg section of Philadelphia caught fire on Thursday morning. Yolanda, a golden retriever, called 911 on a specialized phone...."
normally, service dogs are trained to hit any button because they are all programmed to dial 911
If you must moderate, please moderate as irrelevent, not something bad, because I'm sure someone will find this interest
See subject: Blocking the site where this exploit launches from via 0.0.0.0 meetdesai.com takes care of it...
APK
P.S.=> For the best hosts file creator vs. threats like this & others + more speed, security, reliability and anonymity:
APK Hosts File Engine 9.0++ SR-4 32/64-bit https://www.google.com/search?...
Accept NO inferior substitutes (that use more & do less)... apk
If your argument has merit, the kid will get a reduced sentence and/or reduced charges. Bargaining between the District Attorney and Defense Counsel happens all the time.
By the way, I decline to characterize this action as "stupid", "careless", "immature" or other minimizing words. Yes the individual was a teenager, and teenagers certainly do stupid things. They drink too much at beer bashes. They get sullen and argue with family and friends. They wear hats backwards and pants with a crotch at knee level. Those are stupid and immature activities.
Targeting a 911 system, no matter how it happened, is dangerous and needs punishment. This is a whole higher level of stupid. How did the teenager have any code or system at all that involved an emergency call system? A lot of the commenters here are bypassing the issue of, why was the teenager ever experimenting with the 911 system in the first place? Even in a supposedly closed environment this is playing with dynamite.
And now putting the 911 attack aside, consider that attacking almost 2,000 phones (which is only the number that fell for the trap), was itself certainly criminal, regardless of what those phones and people were subjected to.
Man, that kid is going to have a hell of a time. No nonsense sheriff. Sheriff will put him into his famous jail, in pink underwear, outside in a jail tent city where it's frickin' hot! I bet that kid won't do that again. He better hope he works out a deal to not go there.
The kid could have been doing a public service, accidentally switched which he uploaded... and now his local law enforcement will hang him as an example.
Then we wonder, "Why don't more kids show interest in computer science?"
Reading through, /.'s response is far from enlightened. Only you made any sense.
High School seniors can buy booze and attend school drunk, with little recourse for the school to address the disruptive behaviour.
They have the same recourse as for sober disruptive behaviour. Or are you saying that US High Schools literally have no disciplinary options at all?
To have a right to do a thing is not at all the same as to be right in doing it
Probation? He needs a "thank you" from both Apple and whatever IT department manages 911. If they can't handle a 6000-phone oops by some kid, WTF do I pay my taxes for? When ISIS and foreign governments launch such attacks, they will be much larger scale and at much less opportune times that really do cause lots of death and mayhem. He basically just walked into their wide open front door and said, "hey, you left the door open". If he happened to track a bit of mud on the carpet on his way out, that seems like a small price to pay.
"Memo to self:
Recruit 18 year old to pretend to "accidentally" take down a 911 system."
Seen on a notepad found somewhere in the rugged mountains of Ihateamericastan.
Right, because his alleged prank/accident requires the death penalty.
You're telling me that the majority of humans out there, including you, haven't made a huge fuck up before? Lets just fry everybody who accidentally fucks something up without the foresight to know the outcome.
2/3rds of our population would be removed.
Maybe you'd fit in better in Saudi Arabia or other like-minded backwards-ass caveman societies.