Slashdot Mirror

← Back to Stories (view on slashdot.org)

Teenager Accidentally Launches DDoS Attack On 911 Systems (softpedia.com)

Posted by EditorDavid on from the think-different dept.

A Phoenix teenager mistakenly tweeted a link to JavaScript exploit which forced iOS devices to automatically dial and re-dial 911. An anonymous reader quotes Softpedia: The teenager created several weaponized versions of this bug which would constantly dial a phone number, or show annoying popups. The teenager says he wanted to prank his friends, thinking it would be "funny," but when he shared the weaponized link online, he shared a version that instead of showing annoying popups, redialed a phone number, which in this case was 911.
In September researchers calculated just 6,000 smartphones can take down an entire state's 911 system, while more than 1,849 people clicked on this link, according to the article. Sheriff Joe Arpaio's office searched the teenager's home -- "several items were seized" -- and they've charged him with three felony counts for computer tampering.

13 of 152 comments (clear)

  1. Accidentally? by danhuby · · Score: 5, Insightful

    Accidentally? Seems really unlikely. I'd like to see the code to see how that was possible.

    1. Re:Accidentally? by Anonymous Coward · · Score: 5, Insightful

      The difference between "accidental" and "just for fun" is that the perpetrator didn't think he'd be punished for his prank. Calling 911 in this manner is generally considered a crime.

    2. Re:Accidentally? by Dutch+Gun · · Score: 3, Insightful

      The "accident" was that he sent out malware links to a 911 dialer instead of an annoying popup generator to his friends, both of which he had created. Given that it would be blindingly obvious that he was the perpetrator, as he made no effort to conceal his identity, it seems improbable to me that he'd have sent out the 911 dialer deliberately. Besides which, one would assume you generally wouldn't want to cause trouble for your friends by forcing their phones to repeatedly call 911, unless you're a really terrible friend. I don't think anyone would dispute the weaponized code was created deliberately, of course.

      So, a rather stupid mistake, yes, but I doubt this was done maliciously.

      --
      Irony: Agile development has too much intertia to be abandoned now.
    3. Re:Accidentally? by 93+Escort+Wagon · · Score: 4, Insightful

      What's supposed to happen (on iOS anyway) is that an attempt to do this triggers a popup asking you to confirm that you wish to dial the number - specifically because of past problems like this.

      So while I doubt his story with regards to "accidentally" doing this - he did deliberately sent out an exploit to 1400 of his dearest friends, just not the one he may have intended to send - he certainly did discover a significant bug.

      On a side note... instead of jumping right to pressing felony charges against the guy - whatever happened to making stupid kids perform lots of community service time as payback for doing stupid things? Two or three hundred hours of working hard would still accomplish "deterrence", and also accomplish some good for the kid's community, without likely screwing up the rest of his life.

      --
      #DeleteChrome
    4. Re:Accidentally? by 93+Escort+Wagon · · Score: 3, Informative

      Ooh... I didn't remember that imbecile's name, but I am well aware of the rampant stupidity of the powers-that-be in Maricopa County.

      I did a quick Google search, and came across something interesting. While Maricopa's overall crime rate is lower than average (for comparably-sized municipalities), its violent crime rate is actually higher than average. So it sounds like this Sheriff isn't very effective when it comes to the criminals you'd actually want him to be catching. But if you want your sheriff to be keeping the kids in line, he's your man!

      "From our analysis, we discovered that violent crime in Maricopa occurs at a rate higher than in most communities of all population sizes in America. The chance that a person will become a victim of a violent crime in Maricopa; such as armed robbery, aggravated assault, rape or murder; is 1 in 443. This equates to a rate of 2 per one thousand inhabitants.

      Moreover, the rate of property crime in Maricopa; burglary, larceny ($50 or more), grand theft auto, and arson; is 16 per 1,000 residents. This is about average for all cities and towns in America of all population sizes."

      But it's Arizona, so the voters are mostly old and probably don't actually look up stuff. I'm guessing he trots out press releases (with his photo as the watermark!) on a regular basis, and it makes the retirees feel safe.

      --
      #DeleteChrome
  2. Charge Apple with contributory neglegence? Morris by davidwr · · Score: 5, Informative

    After all, if it weren't for that bug bounty enticing him....

    Seriously, this guy needs a firm slap on the wrist and a year or two of probation, not prison time.

    When it comes to carelessness, this ranks up there with the Robert T. Morris Sendmail worm of 1988. Heck, I'd hold Morris to a higher standard than this guy since he (Morris) was a graduate student at the time and presumably knew what he was doing more than Desai.

    By the way, Morris was elected Fellow of the ACM in 2014.

    References:

    https://scholar.google.com/sch...

    http://awards.acm.org/award_wi...

    And the not-always-reliable reference, Wikipedia:

    https://en.wikipedia.org/w/ind...

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  3. there is no almost by Luthair · · Score: 3, Insightful

    How do you almost crash the system or almost take it offline. Sounds like bullshit.

  4. Punishing the wrong person. by Gravis+Zero · · Score: 4, Insightful

    What this teenager did was bring attention to a bug that never should have existed to start with. If they want to blame anyone, they should be blaming Apple for allowing it even be possible. But hey, they didn't hire cops for their intelligence. -_-

    --
    Anons need not reply. Questions end with a question mark.
  5. Is this a record? by Archtech · · Score: 3, Insightful

    A huge safety-critical network that can be crashed ***by accident***! What a magnificent design achievement! Just imagine what could be done by someone competent who was actually trying to crash it...

    --
    I am sure that there are many other solipsists out there.
    1. Re:Is this a record? by F.Ultra · · Score: 3, Insightful

      A lot of our infrastructure relies on people being honest, and it actually works most of the time. Call the police, fire department or ambulance enough times and you will DDoS all of them since there are a limited number of such units to send.

  6. Re:Send him to gitmo by Black+Parrot · · Score: 3, Funny

    He's probably a Linux hacker. This domestic terrorism must be dealt with in the harshest way possible.

    Make him use a Linux desktop?

    --
    Sheesh, evil *and* a jerk. -- Jade
  7. Is it worth it? by liquid_schwartz · · Score: 3, Interesting

    I always felt that one question that should be asked is it is worth jailing this person for three felonies worth? With prison costs of $60K a year I don't think it's worth this much taxpayer money unless someone actually got hurt. Make him agree not to do it again, give him probation and community service, and threaten to not be so nice next time should someone else duplicate this.

  8. Re:Absurd -- charge the device maker instead by anegg · · Score: 3, Insightful

    (1) He's 18 years old - that's an adult with the right to vote, the ability to make contracts, etc., despite the fact that he can be described as a "teenager."

    (2) The fact that it was "easy" doesn't excuse the behavior, in my opinion. It's "easy" to drive an automobile recklessly and hurt someone. It's "easy" to take a gun and start plinking in a residential neighborhood. Its "easy" to fool around and knock someone off of a cliff while out hiking. It's "easy" to play with matches and start a fire in a building. The world isn't structured so that actions that can do significant damage are "hard" to initiate; we depend upon people being aware of the consequences of their actions and acting accordingly. We don't excuse people for actions just because they were "easy" to undertake. His behavior was at best extremely careless, and at worst was deliberate and only regretted when it went really sideways.

    This individual engaged in actions that predictably had serious consequences. The court will determine whether he was thoroughly aware of the consequences, and act accordingly. Most of us manage to avoid requiring that level of government oversight. Some of us, especially in our early adulthood, need the administration of corrective discipline.