Feeds

WebTV 911 ‘hacker’ charged with cyberterrorism

Malicious script triggers false alarms

  • alert
  • submit to reddit

The Essential Guide to IT Transformation

FBI agents arrested a Louisiana man last week under the cyberterrorism provisions of the USA PATRIOT Act for allegedly tricking a handful of MSN TV users into running a malicious email attachment that reprogrammed their set-top boxes to dial 9-1-1 emergency response.

According to prosecutors, David Jeansonne, 43, was targeting 18 specific MSN TV users in an online squabble when he crafted the script in July 2002, and sent it out disguised as a tool to change the colors on MSN TV's user interface. Though the code didn't mass-mail itself to others, some of the recipients were sufficiently fooled that they forwarded it to friends, for a total of 21 victims.

Known as WebTV before it was acquired by Microsoft, MSN TV works with television set-top boxes to allow users to surf the Web and send and receive e-mail without using a PC.

The boxes connect to the Internet through a local dial-up number. The malicious script changed the dial-up to 9-1-1. If a victim didn't go online again after being infected, the box would summon help anyway when it tried to make an automatic daily call to the network at midnight.

The code also crossmailed itself to the 18 targeted users, so it would appear in some cases to have come from someone the victim knew. Additionally, it posted victims' browser histories to a particular website, and emailed their hardware serial number to the free webmail account "timmy@postmark.net."

According to an FBI affidavit filed in the case, Jeansonne was undone when cyber sleuths at Microsoft's MSN unit searched email logs and found that the 'Timmy' account had previously sent beta versions of the malware to Jeansonne's MSN TV account. Microsoft pillaged Jeansonne's email, and found messages between him and an online friend that suggested Jeansonne was responsible for the hack. In December, the FBI raided his home and seized his computers.

Jeansonne is charged under a provision of the federal computer crime statute added in the 2001 USA PATRIOT Act, and intended to address what the act calls 'cyberterrorism'. The amended law dispenses with the requirement that a computer crime cause at least $5,000 in damage to qualify as a federal felony in cases where the attack caused "a threat to public health or safety."

Playing it safe, prosecutors included a second count in the indictment charging Jeansonne with causing over $5,000 in damage.

According to court records, the hack resulted in police responding 10 times to false alarms at subscribers' homes, either in person, or by phoning them back. It's unclear what happened to the other 11 calls to 9-1-1.

In 2000, the FBI issued a public warning about a Windows virus circulating in the Houston area that similarly phoned for help though victims' modems.

Jeansonne appeared in federal court in New Orleans last week and was released on $25,000 bail. Another court appearance is scheduled for Friday. The case is being prosecuted in the San Francisco Bay area, where Microsoft's MSN TV unit is based. A company spokesperson said nobody was available for comment Thursday. Jeansonne could not be reached for comment.

Copyright © 2004, 0

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.