OK ....Since the Recent Past & the Present administration considers the "everybody get's a trophy (or appt) " to be the main focus rather than important mainstream issue's like WORKING FIRE ALARM BOXES...how about if this guy did this here ?.... QUOTE..
The Night Zombie Smartphones Took Down 911
On a Tuesday night last October in Olympia, Wash., 911 operator Jennifer Rodgers stared at the list of incoming calls on her screen.
Normally, one or two calls at a time would trickle in at this hour. At 9:28 p.m., they began stacking up by the dozens like lines on an Excel spreadsheet.
An alarm alerting operators to unanswered 911 calls filled the room. It almost never sounds more than once. Tonight, it was going off constantly.
Ms. Rodgers had no idea what was happening. People in Olympia, a city of about 50,000 an hour’s drive south of Seattle, and the surrounding county were dialing 911 and hanging up before their calls were answered. Then they were dialing 911 again.
After about 15 minutes, a girl stayed on the phone long enough for Ms. Rodgers, a 911 operator for 15 years, to say through her headset: “Don’t hang up! Don’t hang up!”
“We didn’t mean to call 911!” the operator recalls the girl saying. “I’m not touching the phone! I’m not doing anything! I don’t know how to make it stop!”
For at least 12 hours on Oct. 25 and Oct. 26, 911 centers in at least a dozen U.S. states from California to Texas to Florida were overwhelmed by what investigators now believe was the largest-ever cyberattack on the country’s emergency-response system.
Thousands of 911 calls piled up as the attack ricocheted across the U.S. The exact number isn’t known. In Surprise, Ariz., near Phoenix, at least 174 calls poured in from 10 p.m. to 11 p.m. that Tuesday. During the same hour the day before, that number was 24.
At least 600 calls hammered 911 operators in and around Fort Worth, Texas, throughout the night of the cyberattack.
Federal and state officials have worried that America’s aging 911 system is vulnerable to hackers. The October cyberattack confirmed those fears and sent investigators scrambling to answer two questions: Who launched it? And why?
The emergency-response system fields an average of 240 million calls a year, according to a trade group. It’s not a single 911 system but roughly 6,500 separate answering centers run by local authorities with a hodgepodge of technology. Some centers can receive text messages. Almost none can pinpoint the precise location of wireless callers.
As few as 420 of all the 911 centers in the U.S. had implemented a cybersecurity program as of 2015, officials at the Federal Communications Commission reported to Congress last December. In 38 states, no money was spent in 2015 on cybersecurity for 911 centers, the report said.
“I don’t want to be alarmist, but it’s an emerging crisis,” says retired Rear Adm. David Simpson, who oversaw emergency management and cybersecurity at the FCC for about three years during the Obama administration.
Much of the 911 system relies on old-fashioned copper telephone lines, a helpful defense against cyberattacks, which usually need an internet connection. Smartphones pose a new type of risk because each one is essentially a web-enabled computer that can be compromised by malicious software.
Last year, researchers at Ben-Gurion University in Israel concluded that fewer than 6,000 smartphones infected with malicious software could cripple the 911 systems in an entire state for days.
By directing phones to call all at once, the 911 systems would be overwhelmed and operators would be unable to answer legitimate calls, according to the researchers.
The cyberattack in October hasn’t been publicly linked to any deaths or serious injuries caused by emergency-response delays during the deluge of 911 calls. The incident attracted little media attention at the time.
As the investigation proceeded, many law-enforcement officials and 911 experts became convinced the hack could have been far worse—and could happen again.
“If this was a nation-state actor that wanted to damage or disable 911 systems during an attack, they could have succeeded spectacularly,” says Trey Forgety, director of government affairs at the National Emergency Number Association, a 911 trade group. “This was a serious wake-up call.”
This chronology is based on interviews with 911 operators, law-enforcement officials and people who spread computer code that overwhelmed the call centers. The Wall Street Journal also reviewed police records and court documents detailing clues found in a nationwide manhunt.
As calls kept flowing into the answering center in Olympia, on Oct. 25, Ms. Rodgers told the teenage girl to have her father dial 911 from a landline phone. Landline calls pop up instantly with the caller’s name and address. Cellphone calls include a rudimentary location and rarely a name.
The teenager’s father called from a landline, and Ms. Rodgers answered. She says the girl reported that her iPhone started dialing 911 over and over again after she clicked a link on Twitter.
A few minutes later, a different teenager who was having the same problem told Ms. Rodgers the tweet was from an account called @sundaygavin and said: “I CANT BELIEVE PEOPLE ARE THIS STUPID.”
The link’s origin wasn’t obvious because it had been shortened using a free service offered by Alphabet Inc. ’s Google.
The 911 operators sprang into action, scouring driver’s license records in Washington state for the name Gavin and trying to match photographs on licenses with the Twitter profile of @sundaygavin. They compared Twitter profile pictures with Facebook profile pictures.
There was a match: Gavin Hasler, 18 years old, who lived in the area. His profiles on the two social-media sites showed selfies taken in the same bathroom mirror, with the same gray and white patterned shower curtain in the background and the same red phone case.
The operators told police what they had found. The Mason County Sheriff’s Office in Shelton, Wash., tweeted a warning about Mr. Hasler’s post, and at least one of his followers tweeted that police were onto him.
Mr. Hasler replied: “No f— way.”
At 1:14 a.m., Mr. Hasler tweeted “Welp I’m bout to get arrested 911LOL_hearteyes_25.png brb guys.” “BRB” means “be right back.”
But when Mr. Hasler went to work the next day at Dickey’s Barbecue Pit restaurant in Olympia, a police officer was waiting outside. Mr. Hasler was taken to a police station, arrested and charged with electronic data service interference, a felony.
Mr. Hasler told police he didn’t write the code in the link that was making smartphones dial 911. He had clicked the link himself earlier on Oct. 25, causing his own phone to dial 911. After speaking with a 911 operator, he tweeted the link with the bad code to his 1,200 followers on Twitter.
According to police, Mr. Hasler said he tried to delete the tweet and stop the deluge, but it was too late.
In an interview summary, police said Mr. Hasler “seemed to believe this was a prank that had gone wrong.” He told the Journal he regrets passing on the malicious link. “I wish I didn’t,” he said. “It wasn’t worth it.”
Prosecutors agreed to drop the charge if he stays out of trouble and completes a program that includes community service.
It was hard for investigators to trace the cyberattack as it cascaded across the country. Twitter users who saw the link shared it with their followers, who shared it with their followers, turning the malware into a runaway virus.
One Twitter user claimed the link went to a list of new songs by hip-hop star Drake. Another person tweeted: “Please check out my page and support!!!!!!”
A California high-school student who shared the link with 1,300 followers said she clicked it accidentally, got frightened at first and then was amused.
“It was scary, but it was funny afterwards,” she said. “I’m not really sure [what] exactly was funny about it.” She said the link began to spread among her friends by text message.
Asked if anyone worried about harming the 911 system, the high-school student replied: “We are all teens; no one really put too much thought to it.”
About two hours before the 911 center in Olympia was overrun, the link was tweeted from the account of Mark Thomas, a young social-media personality with 440,000 followers.
The tweet told followers that clicking the link would take them to Mr. Thomas’s newest video blog. Instead, it worsened the cyberattack.
Investigators believe the Google link was clicked on 117,502 times. Each click triggered the person’s iPhone to dial 911 numerous times, though callers could press their hang-up button before connecting with a 911 center. Smartphones not made by Apple and personal computers weren’t affected.
Hanging up caused the iPhone to dial 911 again, each time a few milliseconds faster than before. The loop could be stopped only by turning off the phone. Many incoming calls arrived in “phantom” form, which means no information about the call registered in the 911 system, according to operators.
“It was just insane,” says operator Amber Albright, who was working alongside Ms. Rodgers that night.
Mr. Thomas hasn’t been charged with wrongdoing. In response to a message sent to his Facebook page, a woman who identified herself as Mr. Thomas’s mother said hackers have broken into his social-media accounts several times in the past.
She said she and her son were unaware of the 911 incident in October. She declined to comment further. Mr. Thomas didn’t respond to messages from the Journal.
About four hours after the 911 operators in Olympia were inundated with calls, Maricopa County, Ariz., Sheriff Sgt. Dennis Ogorchock was awakened by the ping of an urgent message. A 911 operator told him a link on Twitter was causing an explosion of 911 calls.
Sgt. Ogorchock, 44, a former Marine, got dressed and drove 30 miles to the sheriff’s office where he runs the cybercrimes unit. As soon as he arrived, he began to realize that the problem was spreading far beyond the Phoenix area. “I personally have not seen anything with 911 like this,” the detective says.
He used his laptop to follow the link in Mr. Thomas’s tweet, which took him to a webpage that said: “LOLOLOLOLOLOLOL.”
At 5:16 a.m. on Oct. 26, Sgt. Ogorchock sent an emergency request to Twitter to remove Mr. Thomas’s tweet. He asked an internet company that he believed was hosting the website with the malicious code to shut down the site.
Twitter deleted Mr. Thomas’s post and other tweets that were spreading the link. Google deactivated the shortened webpage address. Those two moves disabled the cyberattack, though the website wasn’t shut down until Oct. 28.
Twitter Inc. declined to comment. A Google spokesman said the company “took the appropriate actions” after it was notified about the situation.
The detective searched for the website’s owner on the public database WHOIS.com and found the name Meet Desai.
Sgt. Ogorchock and his colleagues located Mr. Desai’s pages on Twitter and Instagram. The Twitter account had more than 2,000 followers and showed he was deeply interested in technology and programming. His Instagram page had more than 9,000 followers and was introspective and artistic.
“Getting told to smile, hurts, especially when you know it’s fake,” wrote Mr. Desai in the caption of a black-and-white photo of himself.
Then came a surprising clue. A photo on his Twitter account showed that Mr. Desai was enrolled in a class with the number “CIS105.” Investigators figured out that it was an entry-level computer-science class at GateWay Community College in Phoenix.
The college was only about 20 minutes away from where Sgt. Ogorchock was sitting.
Maricopa County investigators found a second clue in Mr. Desai’s tweet stream: a screenshot of an internet speed test done with Mr. Desai’s smartphone. The screenshot indicated that he was a Sprint Corp. customer, and the caption said: “I get LTE at home but I don’t get LTE in downtown Phoenix wtf.” LTE is a high-speed wireless technology.
The screenshot included the latitude and longitude of the speed test’s location, which matched the address where investigators believed Mr. Desai lived. Sgt. Ogorchock sent an emergency request to Sprint to ping Mr. Desai’s cellphone and find out exactly where he was.
Mr. Desai was in the computer-science class. Sgt. Ogorchock and other officers drove to the college and escorted Mr. Desai out of the classroom. His full name is Meetkumar Desai. He is 18 years old.
According to an investigation report, Mr. Desai told Sgt. Ogorchock he meant no harm. “He claimed he was doing this to get a bug bounty from Apple,” the detective says. Like many technology companies, Apple Inc. pays some developers if they are able to find and report security flaws.
Apple says Mr. Desai wasn’t part of its invitation-only bug-bounty program and wouldn’t have received any money.
Investigators say Mr. Desai told them that he and a man with the Twitter handle @s0n1c discovered a loophole in iPhone software and designed code to exploit it.
Anyone who clicked on it from a PC or Android phone was taken to the “LOLOLOLOLOLOLOL” website Sgt. Ogorchock found earlier. When using an iPhone, though, clicking on the link immediately started a 911 call.
Mr. Desai said he created the 911 code because “he thought it would be funny” but realized that people might be scared by it, according to an interview summary reviewed by the Journal.
Instead, he told investigators he meant to share a different version of the code that sent users to a dead number—not 911. When asked how the malicious code got on his website, he said he might have put it there accidentally.
Investigators say Mr. Desai told them about a YouTube video that was posted on Oct. 23. The video describes a version of the code that doesn’t dial 911 but was meant to “FREAK OUT Your Friends.”
Mr. Desai told investigators that he sent his link to the person who made the video, and the link was added to the video’s caption.
That might have started the deluge of 911 calls, because the YouTube channel where the link and video were posted has 251,000 subscribers. By Oct. 24, the link already had gotten 1,849 clicks.
“I think he was just a teenage kid trying to make a name for himself in the hacker community,” says Sgt. Ogorchock.
Apple says a forthcoming system update to the iPhone will plug the loophole that made the attack possible. The update will cause a “cancel” or “call” pop-up to appear on the iPhone screen, and users will be required to press “call” before the iPhone will dial, according to Apple.
“The ability to dial and reach a 911 operator quickly is critical to public safety,” the company said. “The dialing feature in this instance was intentionally misused by some people with no regard for public safety. To prevent further abuse, we’re putting safeguards in place and have also worked with third-party app developers to prevent this behavior in their apps.”
Twitter found no messages between Mr. Desai and @s0n1c, so law-enforcement officials didn’t investigate @s0n1c further. Mr. Thomas, the social-media personality, doesn’t follow Mr. Desai on Twitter. @s0n1c didn’t respond to requests for comment made through Twitter messages.
About two weeks after the cyberattack, Mr. Desai was charged with four felony counts of computer tampering. He hasn’t entered a plea.
A spokeswoman for the prosecutor says the possible punishment if Mr. Desai is convicted ranges from probation to 12½ years in prison. Mr. Desai’s lawyer declined to make him available for comment.
The teenager’s father said the situation has been very hard on his son. “He’s still upset about that,” the father said, declining to comment further.
When he was 16, Mr. Desai wrote on a website that his “main hobbies/interests in life” were playing videogames and researching the security and design of Apple’s mobile-device operating system, iOS.
Mr. Desai invited fellow tech developers to contact him but said he wouldn’t help anyone do bad things. “I’m against piracy,” he wrote.