Teenager Accidentally Launches DDoS Attack On 911 Systems (softpedia.com) 152
A Phoenix teenager mistakenly tweeted a link to JavaScript exploit which forced iOS devices to automatically dial and re-dial 911. An anonymous reader quotes Softpedia:
The teenager created several weaponized versions of this bug which would constantly dial a phone number, or show annoying popups. The teenager says he wanted to prank his friends, thinking it would be "funny," but when he shared the weaponized link online, he shared a version that instead of showing annoying popups, redialed a phone number, which in this case was 911.
In September researchers calculated just 6,000 smartphones can take down an entire state's 911 system, while more than 1,849 people clicked on this link, according to the article. Sheriff Joe Arpaio's office searched the teenager's home -- "several items were seized" -- and they've charged him with three felony counts for computer tampering.
In September researchers calculated just 6,000 smartphones can take down an entire state's 911 system, while more than 1,849 people clicked on this link, according to the article. Sheriff Joe Arpaio's office searched the teenager's home -- "several items were seized" -- and they've charged him with three felony counts for computer tampering.
Accidentally? (Score:5, Insightful)
Accidentally? Seems really unlikely. I'd like to see the code to see how that was possible.
Re:Accidentally? (Score:5, Insightful)
The difference between "accidental" and "just for fun" is that the perpetrator didn't think he'd be punished for his prank. Calling 911 in this manner is generally considered a crime.
Re: (Score:1)
Because "Smartphones"
Re:Accidentally? (Score:5, Insightful)
What's supposed to happen (on iOS anyway) is that an attempt to do this triggers a popup asking you to confirm that you wish to dial the number - specifically because of past problems like this.
So while I doubt his story with regards to "accidentally" doing this - he did deliberately sent out an exploit to 1400 of his dearest friends, just not the one he may have intended to send - he certainly did discover a significant bug.
On a side note... instead of jumping right to pressing felony charges against the guy - whatever happened to making stupid kids perform lots of community service time as payback for doing stupid things? Two or three hundred hours of working hard would still accomplish "deterrence", and also accomplish some good for the kid's community, without likely screwing up the rest of his life.
Re: (Score:3)
Sheriff Joe isn't a nice guy, and he doesn't much worry about civil liberties. OTOH, he sure does keep the crime rate down, which is why he keeps getting reelected.
Re:Accidentally? (Score:4, Informative)
Ooh... I didn't remember that imbecile's name, but I am well aware of the rampant stupidity of the powers-that-be in Maricopa County.
I did a quick Google search, and came across something interesting [neighborhoodscout.com]. While Maricopa's overall crime rate is lower than average (for comparably-sized municipalities), its violent crime rate is actually higher than average. So it sounds like this Sheriff isn't very effective when it comes to the criminals you'd actually want him to be catching. But if you want your sheriff to be keeping the kids in line, he's your man!
"From our analysis, we discovered that violent crime in Maricopa occurs at a rate higher than in most communities of all population sizes in America. The chance that a person will become a victim of a violent crime in Maricopa; such as armed robbery, aggravated assault, rape or murder; is 1 in 443. This equates to a rate of 2 per one thousand inhabitants.
Moreover, the rate of property crime in Maricopa; burglary, larceny ($50 or more), grand theft auto, and arson; is 16 per 1,000 residents. This is about average for all cities and towns in America of all population sizes."
But it's Arizona, so the voters are mostly old and probably don't actually look up stuff. I'm guessing he trots out press releases (with his photo as the watermark!) on a regular basis, and it makes the retirees feel safe.
Re: (Score:3)
When you live in a really safe area, and it's not your civil rights that get trampled on to make it so...
Re: (Score:3)
Right - as it says, the overall crime rate is lower but the violent crime rate is not. So the sheriff is basically only effective at weeding out minor offenders.
Since the violent crime rate is not lower, I don't think you can refer to that as a "really safe" area. Unless people are inordinately scared of litterers.
Re: (Score:1)
First, checking credentials in a border state should be standard practice for all border states, especially when illegal immigration has proven a problem, which for the southern border, it is, whereas for the northern border, Canada, not so much.
Second, the bordering country is Hispanic. So targeting Hispanics is not racist, it is properly targeting the demographic of the bordering country. Arizona doesn't border the Netherlands, it border Hispanic Mexico.
Third, I thinks "racist" and "statistically likely"
Re: (Score:3)
No that isn't why. He committed behavior that was defined by law to be felonious is why, if it was a misdemeanor he probably would be looking at community service and or a fine.
Also Sheriff Joe is not in a position to make the decision anyway the most he can is recommend to the prosecutor the kid be charged with this or that, the ultimate decision is not his. Its the local prosecutor who does that. The most Sheriff Joe can do is make him miserable while he is waiting to be formally charged and while he a
Re: (Score:2)
"He committed behavior that was defined by law to be felonious is why"
Mostly he committed behavior that would be indistinguishable from enforcing federal labor and immigration law. And the Feds don;t like states, counties, or cities enforcing their laws when they don't want to.
Pink jumpsuits, bologna sandwiches, and tents are not cruel and unusual. Visiting businesses accused by citizens of violating labor law isn't either. La Raza is not the watchdog group you think it is.
Re: (Score:2)
instead of jumping right to pressing felony charges against the guy - whatever happened to making stupid kids perform lots of community service time as payback for doing stupid things?
I think your memory may be impaired. Allowing kids to be arbitrarily sentenced by authorities without giving them the benefit of a trial would be quite unconstitutional and would almost certainly wind up being abused. It's never been a thing that we did in the past and it's not something that should be done now.
Re: (Score:2)
Please it was a standard in small towns, teenager got caught drinking smoking pot etc etc, parents got called and the kid volunteered for some charity and all was good. Now we have zero tolerance and screw them over for life.
Re: (Score:1)
We now live in a world where people who are still far too young and immature to fully understand the consequences of their actions can take actions that cause tremendous harm.
Our legal system is not well-equipped to handle this. So we are going to see a lot of weird on all sides.
Of course, the real reason such people can cause so much harm is because of:
1) the overwhelming majority of people (adults included) being stupid enough to click random links (seriously, this is a stupidity epidemic).
2) the economi
Re: (Score:2)
Re: (Score:2)
Even if you live with a service dog? (Score:2)
https://www.youtube.com/watch?... [youtube.com]
"A heroic service dog saved the day by dialing 911 and pulling her blind owner to safety after the home they shared in the Holmesburg section of Philadelphia caught fire on Thursday morning. Yolanda, a golden retriever, called 911 on a specialized phone...."
normally, service dogs are trained to hit any button because they are all programmed to dial 911
Re: (Score:1)
Because you don't fuck with 911. He chose what number to "prank"; now the courts get to choose which orifice to rape.
Re: (Score:2)
Or do I need to get into drug dealing.
No - out of it.
Re: (Score:2)
Re: (Score:2)
Three hundred hours a year at minimum wage would be nice.
I'm not from Arizona, but I seriously doubt that a "community service" punishment means you get paid for your time.
Re: (Score:2)
Re:Accidentally? (Score:4, Insightful)
The "accident" was that he sent out malware links to a 911 dialer instead of an annoying popup generator to his friends, both of which he had created. Given that it would be blindingly obvious that he was the perpetrator, as he made no effort to conceal his identity, it seems improbable to me that he'd have sent out the 911 dialer deliberately. Besides which, one would assume you generally wouldn't want to cause trouble for your friends by forcing their phones to repeatedly call 911, unless you're a really terrible friend. I don't think anyone would dispute the weaponized code was created deliberately, of course.
So, a rather stupid mistake, yes, but I doubt this was done maliciously.
Re: (Score:2)
The question is: Even though the weaponized code was created deliberately, is it any different than mixing a few chemicals in your backyard just to SEE them blow up, with no intent of ever bombing the local police station? Is it that hard to believe that he wrote the code to say "Hey, I could do that" and then just stashed it somewhere?
Re: (Score:3)
The question is: Even though the weaponized code was created deliberately, is it any different than mixing a few chemicals in your backyard just to SEE them blow up, with no intent of ever bombing the local police station? Is it that hard to believe that he wrote the code to say "Hey, I could do that" and then just stashed it somewhere?
I would say it's a question of mens rea or was he criminally negligent. I think yu could argue he had no criminal attempt those possibly his "prank friends" comments could be taken as intent. I would argue he was negligent as he should have known the code would be used if he released it and failed to verify the code he did release was not the 911 version.
Re: (Score:2)
It's absolutely different. He was purportedly planning to turn this in to Apple for a bug bounty, and in order to claim a bounty, a viable proof-of-concept is actually required by Apple. Except in this case, the young man was foolishly careless with the software weapon he created. I'm certainly not advocating that he not be appropriately punished for a very dangerous mistake he made, but neither do I think it's fair to automatically assign ill motives to him.
Re: (Score:2)
Best bet? Like everything else, the program he used to write tiny pranking programs saves everything to My Documents.
Re: (Score:2)
I suppose to make your comparison completely accurate to what's going on, said person would have had to mix a few chemicals together just to SEE them blow up, but after finding something that would definitely blow up, he bottled a few samples of it. Then carried it out in public to show his friends, only to accidentally let it fly from his hands as he was waving it around and it found itself at the base of a police station where it blew up.
Here's the detail nobody seemed to ask. Why did he create a version of his little script that targeted 911 in the first place? If he was never going to do anything more nefarious than try to hit his "friends" with a pop up generator, why'd he need to have the other versions created and saved - apparently in the same folders if he "accidentally" picked the wrong one.
Most kids manage to live their lives just fine without managing to DDoS important services. Those kids have enough god damned common sense not to even START in on this shit.
Yep... the whole "gee I never intended to do this" thing seems pretty unlikely.
Re: (Score:2)
He could have used 511. That would be annoying but not endangering.
Re: (Score:2)
I agree, but there were at least two stupid mistakes:
1. Sending out the wrong link (simple stupid)
2. Making it easy to send out the wrong link (pretty much an epic fail)
Re: (Score:2)
Re: (Score:2)
4. Publicly disclosing the vulnerability instead of responsibly disclosing it, thereby invalidating any chance of getting a bug bounty from Apple.
Re: (Score:3)
Accidentally? Seems really unlikely.
Similar things have happened before [wikipedia.org].
Re: (Score:1)
At least he didn't accidentally start a Global Thermonuclear War.
It's not hard at all (Score:2)
On a completely unrelated note our 911 system is so fragi
bill him the cost of a new switching system. (Score:1)
bill him the cost of a new switching system. That should run 50K-100K in damages.
Re: (Score:2)
Yeah let's go right back to ruining some kids life again.
Re: (Score:2)
Having him understand now that there are consequences to actions will save his life. A slap on the wrist combined with lots of "wow, how clever" attention means he'll do it again
Re: (Score:2)
Re: (Score:2)
Having him understand now that there are consequences to actions will save his life.
Yeah we should cut his eyes out. He'll remember that and this will save his life in the future.
I always thought it was the American government to blame for your truly bizarre ways you punish people, but no I realise now you have exactly the government you deserve. Put everyone in prison for a little while, make sure they are bankrupt before they even get to university then bankrupt them again for good measure, and thanks to
Re: (Score:2)
It always amuses me how slashdotters have to go from one extreme to another. There are punishments between "scott free" and "hanging by his balls".
Re: (Score:2)
I am willing to believe "accidentally". It may just have taken one typo. The kid is a moron nonetheless, as life exploit code needs to be treated with care, just like a sharp object or a weapon.
Well, the US "legal" system will probably not let him forget this, ever, but the real failure is with the parents for not insisting on some measure of common sense in their kid before allowing him a cellphone.
Re: (Score:1)
He may have "accidentally" sent out the wrong exploit, but he deliberately choose 911 as the number (instead of say 311).
I wouldn't say jail time, but the little shit should be doing some volunteer work at the dispatch office.
Re: (Score:2)
What are you talking about?
He wanted to dial 912 in his code, but his finger slipped and he typed 911 instead.
That was just an innocent mistake.
Re: (Score:2)
Meet stated he did manipulate the bug to include the phone number for emergency services 1+911. Meet stated that although he did add that feature to the bug he had no intention of pushing it out to the public, because he knew it was illegal and people would “freak out”. Meet stated that he may have accidentally pushed the harmful version of the (911) bug out to the Twit
Re: (Score:2)
Accidentally? Seems really unlikely. I'd like to see the code to see how that was possible.
To me it seems unlikely that he would have sent out such a link from a Twitter account which could so easily be traced to him if he were doing this on purpose.
Charge Apple with contributory neglegence? Morris (Score:5, Informative)
After all, if it weren't for that bug bounty enticing him....
Seriously, this guy needs a firm slap on the wrist and a year or two of probation, not prison time.
When it comes to carelessness, this ranks up there with the Robert T. Morris Sendmail worm of 1988. Heck, I'd hold Morris to a higher standard than this guy since he (Morris) was a graduate student at the time and presumably knew what he was doing more than Desai.
By the way, Morris was elected Fellow of the ACM in 2014.
References:
https://scholar.google.com/sch... [google.com]
http://awards.acm.org/award_wi... [acm.org]
And the not-always-reliable reference, Wikipedia:
https://en.wikipedia.org/w/ind... [wikipedia.org]
Re: (Score:2)
So pranks should now be punished by having, quote, your ass fried? Overkill mcuh?
Re: (Score:2)
Interfering with the 911 system can kill people. It's a really, really bad thing to do. He doesn't have to fry but he does need a lot more than a stern talking to.
Re: (Score:2)
Spoken like a true cave-man.
Re: (Score:2)
I count these as barely human cave-men. But yes, these failed human beings tend to cluster around "leaders" that share their lack of positive human qualities.
Re: (Score:3)
The amazing thing about making examples out of carelessness is that it doesn't work. If he actually didn't intend to bring down 911 then making an example of him would be zero deterrence to other people who also don't actually intend to bring it down.
What you would do is fuck up someone's life, but that's the American way right. White picket fence for the law abiding Christians going around in the rat race, and completely fucking the lives up of everyone else, imprisonment, joblessness, homelessness, depend
Re: (Score:1)
Right, because his alleged prank/accident requires the death penalty.
You're telling me that the majority of humans out there, including you, haven't made a huge fuck up before? Lets just fry everybody who accidentally fucks something up without the foresight to know the outcome.
2/3rds of our population would be removed.
Maybe you'd fit in better in Saudi Arabia or other like-minded backwards-ass caveman societies.
Re: (Score:3)
before 9/11 you where able to get away with that. Now days he will lucky get in to the juvenile system.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
he's not responsible enough to buy a beer.
Based on the 18 year olds I've known, no, he's not.
Should still be allowed to, of course. Shit, how else are you going to learn?
Re: (Score:2)
We had it here
Re: (Score:2)
High School seniors can buy booze and attend school drunk, with little recourse for the school to address the disruptive behaviour.
They have the same recourse as for sober disruptive behaviour. Or are you saying that US High Schools literally have no disciplinary options at all?
Re: (Score:2)
Taking down 911 is no laughing "slap on the wrist" matter. People need 911 for actual emergencies. Shutting down that system is akin to sentencing people to die in certain circumstances.
Re: (Score:2)
Being charged with something and being convicted are two completely separate things.
Law enforcement almost always charges kids with the maximum knowing full well that when it gets to court it will be plea bargained to a misdemeanor.
In all likelihood this kid's parents will be required to pay damages ~$3000ish and the kid will get 120 hours of community service and a year or two probation.
Re: (Score:2)
Probation? He needs a "thank you" from both Apple and whatever IT department manages 911. If they can't handle a 6000-phone oops by some kid, WTF do I pay my taxes for? When ISIS and foreign governments launch such attacks, they will be much larger scale and at much less opportune times that really do cause lots of death and mayhem. He basically just walked into their wide open front door and said, "hey, you left the door open". If he happened to track a bit of mud on the carpet on his way out, that seems l
Re:Absurd -- charge the device maker instead (Score:4, Insightful)
(1) He's 18 years old - that's an adult with the right to vote, the ability to make contracts, etc., despite the fact that he can be described as a "teenager."
(2) The fact that it was "easy" doesn't excuse the behavior, in my opinion. It's "easy" to drive an automobile recklessly and hurt someone. It's "easy" to take a gun and start plinking in a residential neighborhood. Its "easy" to fool around and knock someone off of a cliff while out hiking. It's "easy" to play with matches and start a fire in a building. The world isn't structured so that actions that can do significant damage are "hard" to initiate; we depend upon people being aware of the consequences of their actions and acting accordingly. We don't excuse people for actions just because they were "easy" to undertake. His behavior was at best extremely careless, and at worst was deliberate and only regretted when it went really sideways.
This individual engaged in actions that predictably had serious consequences. The court will determine whether he was thoroughly aware of the consequences, and act accordingly. Most of us manage to avoid requiring that level of government oversight. Some of us, especially in our early adulthood, need the administration of corrective discipline.
Re: (Score:3)
(1) He's 18 years old - that's an adult with the right to vote, the ability to make contracts, etc.
But not old enough to drink, so clearly under law he has diminished responsibility.
Re: (Score:2)
<quote><p>(1) He's 18 years old - that's an adult with the right to vote, the ability to make contracts, etc.</p></quote>
<p>But not old enough to drink, so clearly under law he has diminished responsibility.</p></quote>
Maybe. But that is a factor in sentencing, not a factor in finding guilt.
Re: (Score:2)
It goes to Mens Rea which is definitely a factor in finding guilt. The whole premise of restricting alcohol until 21 is that younger people won't adequately predict harmful outcomes and avoid them.
Re: (Score:2)
It goes to Mens Rea which is definitely a factor in finding guilt. The whole premise of restricting alcohol until 21 is that younger people won't adequately predict harmful outcomes and avoid them.
Getting drunk and doing something stupid can happen whether you're 18 or 50. There is no magical change between 18 and 21.
Re: (Score:2)
Certainly there is never a magical change and once you're drunk, you're drunk. The predictive (and self control) part is things like I'll stop now before I get out of control. Or now is not a good time to get drunk, I have to drive somewhere in an hour, I shouldn't chance a DUI. Or one beer and one beer only will be OK. Or even when I hang out with X I always drink more than I mean to, I'd best wait till after the big exam.
It could even include things like This call 911 exploit is an accident waiting to hap
He must go to jail (Score:1)
The real crime (Score:1)
Is that such an incredibly stupid bug is even possible.
Thanks Apple.
there is no almost (Score:4, Insightful)
Re: (Score:3, Funny)
How do you almost crash the system or almost take it offline. Sounds like bullshit.
How does your girlfriend almost get pregnant? Condom breaks while you're taking it off. A few more operational minutes in the field (as it were) could have taken her system online. But you dodged a bullet 'cause your run-time never lasts "a few more minutes". :-)
Punishing the wrong person. (Score:5, Insightful)
What this teenager did was bring attention to a bug that never should have existed to start with. If they want to blame anyone, they should be blaming Apple for allowing it even be possible. But hey, they didn't hire cops for their intelligence. [politicalblindspot.com] -_-
Re: Punishing the wrong person. (Score:1)
You do if you're a sociopathic cunt.
Is this a record? (Score:4, Insightful)
A huge safety-critical network that can be crashed ***by accident***! What a magnificent design achievement! Just imagine what could be done by someone competent who was actually trying to crash it...
Re:Is this a record? (Score:4, Insightful)
Re: (Score:3, Interesting)
Other than prioritizing certain calls (e.g. the ones that haven't been calling you a thousand times already today) there's not a whole lot you can do to mitigate this while
Re: (Score:1)
Lessons learned. (Score:3)
Friends don't let friends enable JavaScript.
(Man, if only is was that easy. Seems a LOT of sites use and/or require JS when they really don't need to -- and I'm looking at you too /.)
Re: Lessons learned. (Score:1)
Smartphones created 911 problems anyway. (Score:1)
When something happens in a crowded area, and hundreds of people whip out their smartphones to dial 911, the system gets regularly DDoSed anyway.
I wonder if anybody is thinking about some protection on the cell level. Like, when there are already ten 911 call originating from one cell, additional ones need some confirmation form the caller that they really want to make an additional one.
Is it worth it? (Score:4, Interesting)
Re: (Score:2)
The calculation on this punishment is; Does it embarrass the police or authority? Does it do so publicly? This equals harsh penalties.
It seems like using a computer to do a slight bit of damage, is treated with harsher penalties than someone holding up a liquor store. Of course harsher than ripping off thousands and ruining lives when running a bank -- but well, that's a different story.
Some kid was doing a prank, and it got out of hand. The fact that it accidentally caused more damage because of the shortc
Apple released a patch (Score:2)
Off topic but... (Score:1, Troll)
Re: (Score:3)
Fuck Sheriff Joe Arpaio. That's all I have to say, and it's not related to this article
There are a lot of legitimate reasons why people may dislike Sheriff Arpaio, but as far as I can tell, he acted appropriately in this instance.
Re: (Score:1)
Joe is so serious, that he breaks federal anti-discrimination laws to suit his personal style of justice. That justice being putting minorities in their place because they could potentially be illegals, murderers, drug dealers, and rapists.
ambiguous numbers (Score:1)
What are you, (Score:1)
Stoned or stupid?
Arrested for what? (Score:1)
Just say it was affluenza (Score:2)
Children are never responsible for anything anymore.
Sheriff Arpaio? (Score:1)
Man, that kid is going to have a hell of a time. No nonsense sheriff. Sheriff will put him into his famous jail, in pink underwear, outside in a jail tent city where it's frickin' hot! I bet that kid won't do that again. He better hope he works out a deal to not go there.
Re:Send him to gitmo (Score:4, Funny)
He's probably a Linux hacker. This domestic terrorism must be dealt with in the harshest way possible.
Make him use a Linux desktop?
Re: (Score:2)
He's probably a Linux hacker. This domestic terrorism must be dealt with in the harshest way possible.
Make him use a Linux desktop?
No, make him use Windows 8.0.
Re: (Score:2)
Good to see a realistic and moderate response for once - this was not a crime severe enough to warant making him use windows 10.
Re: (Score:2)
He's probably a Linux hacker. This domestic terrorism must be dealt with in the harshest way possible.
Make him use a Linux desktop?
Wow, that's harsh... can't we just put him in jail?
Re: (Score:2)
Pssssst---You're replying to a troll-bot that's been gracing these pages for a decade or more.