Taking Down the 911 System

911 is the go-to number for most people when there’s an emergency. But 911 is an old system and old systems are often vulnerable to distributed denial of service attacks:

For over 12 hours in late October, 911 lines across the country were ringing so much that they nearly went down. Nobody knew why this was happening, until Phoenix police discovered that 18-year-old Meetkumar Hitesbhai Desai tweeted a link that caused iPhones to repeatedly dial 911. Now, more details have emerged about how the Twitter prank spiraled out of control.

Desai claimed the attack was a joke gone wrong, telling police he only meant for the link to cause annoying pop-ups, The Wall Street Journal reports. However, he posted the wrong code. It started when, from his @SundayGavin Twitter account, he tweeted the link and wrote, “I CANT BELIEVE PEOPLE ARE THIS STUPID.” When clicked, the URL, which was condensed by Google’s link shortener, launched an iOS-based JavaScript attack that caused iPhones to dial 911 repeatedly. When users hung up, the phone would keep redialing until it was restarted.

This story touches on a lot of different topics. First, it shows how dangerous software glitches can be. Since most people only think to dial 911 when there’s an emergency, a software glitch that allows a section of the 911 system to be taken down could cost people their lives. Second, it shows why URL shorteners are a pet peeve of mine. You never know where they’re going to take you until you’ve already clicked them. Third, it shows how easily a distributed denial of service attack can be created. One tweet with a link to a malicious piece of JavaScript was enough to bring a section of the 911 system to its knees.

The lessons to take away from this story are don’t to click random links and have a backup plan in case 911 is overwhelmed.