FW: [ISN] Alleged WebTV 911 hacker charged with cyberterrorism

[Howell, Paul]

-----Original Message-----
From: owner-isn@attrition.org [mailto:owner-isn@attrition.org] On Behalf Of
InfoSec News
Sent: Friday, February 27, 2004 3:09 AM
To: isn@attrition.org
Subject: [ISN] Alleged WebTV 911 hacker charged with cyberterrorism 


http://www.securityfocus.com/news/8136

By Kevin Poulsen
SecurityFocus
Feb 26 2004

FBI agents arrested a Louisiana man last week under the cyberterrorism
provisions of the USA PATRIOT Act for allegedly tricking a handful of MSN TV
users into running a malicious e-mail attachment that reprogrammed their
set-top boxes to dial 9-1-1 emergency response.

According to prosecutors, David Jeansonne, 43, was targeting 18 specific MSN
TV users in an online squabble when he crafted the script in July 2002, and
sent it out disguised as a tool to change the colors on MSN TV's user
interface. Though the code didn't mass-mail itself to others, some of the
recipients were sufficiently fooled that they forwarded it to friends, for a
total of 21 victims.

Known as WebTV before it was acquired by Microsoft, MSN TV works with
television set-top boxes to allow users to surf the Web and send and receive
e-mail without using a PC.

The boxes connect to the Internet through a local dial-up number. The
malicious script changed the dial-up to 9-1-1. If a victim didn't go online
again after being infected, the box would summon help anyway when it tried
to make an automatic daily call to the network at midnight.

The code also crossmailed itself to the 18 targeted users, so it would
appear in some cases to have come from someone the victim knew.  
Additionally, it posted victims' browser histories to a particular website,
and e-mailed their hardware serial number to the free webmail account
"timmy@postmark.net."

According to an FBI affidavit filed in the case, Jeansonne was undone when
cyber sleuths at Microsoft's MSN unit searched e-mail logs and found that
the "Timmy" account had previously sent beta versions of the malware to
Jeansonne's MSN TV account. Microsoft pillaged Jeansonne's e-mail, and found
messages between him and an online friend that suggested Jeansonne was
responsible for the hack. In December, the FBI raided his home and seized
his computers.

Jeansonne is charged under a provision of the federal computer crime statute
added in the 2001 USA PATRIOT Act, and intended to address what the act
calls "cyberterrorism." The amended law dispenses with the requirement that
a computer crime cause at least $5,000 in damage to qualify as a federal
felony in cases where the attack caused "a threat to public health or
safety."

Playing it safe, prosecutors included a second count in the indictment
charging Jeansonne with causing over $5,000 in damage.

According to court records, the hack resulted in police responding 10 times
to false alarms at subscribers' homes, either in person, or by phoning them
back. It's unclear what happened to the other 11 calls to 9-1-1.

In 2000, the FBI issued a public warning about a Windows virus circulating
in the Houston area that similarly phoned for help though victims' modems.

Jeansonne appeared in federal court in New Orleans last week and was
released on $25,000 bail. Another court appearance is scheduled for Friday.
The case is being prosecuted in the San Francisco Bay area, where
Microsoft's MSN TV unit is based. A company spokesperson said nobody was
available for comment Thursday. Jeansonne could not be reached for comment.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@attrition.org with 'unsubscribe isn' in the
BODY of the mail.

------------------------------------------------------------------------
To unsubscribe from netsec, send mail to majordomo@merit.edu
with a body consisting of the words "unsubscribe netsec" --
without the quotes. For more help, send a message to majordomo@merit.edu
with the word "help" as the body.
------------------------------------------------------------------------