Hacking for Mischief, Mayhem and Pranking

Last weekend in Dallas the evening calm was shattered by the wail of 156 tornado warning sirens sounding at once. Attempts to turn off individual sirens failed and after 95 minutes of the din, officials mercifully shut down the entire system in a final, desperate act of frustration. A search for a direction in which to point the finger of blame started even while the noise was in progress. We’ll revisit this incident and its actual cause at the conclusion, but it called to mind a category of tech pranking going back quite a ways. I’m not implying that the Dallas incident was a prank or in any way humorous. There’s no indication it was a prank and definitely wasn't funny. It simply triggered an association with mischief in that portion of my brain that hasn’t evolved since I was 15. It’s the chunk that lies just below the reptilian brain.

Storied history of tech pranking

The kinds of hacking that get the lion’s share of media attention are the usual suspects that either abscond with millions of credit card numbers or user account info as in the Target and Yahoo! breaches respectively or the more recent Russian and Chinese hacks of U.S. government and political targets. The intent may not always be crystal clear, but is typically motivated either by achieving financial gain or a strategic advantage. Hacking for mischief usually begins and ends with the prank itself. The victim, though typically greatly annoyed and inconvenienced, is often no worse for wear and suffers no net loss to their bottom line. This isn’t always the case, of course. The prankster is rewarded with bragging rights and whatever chuckles that result from their efforts.I think it’s safe to assume that joking and pranking began before man stood upright. Primates are well-known for their hijinks and without their pioneering work shows such as Candid Camera and Punked would never have existed. The origin of pranking via technological means is more difficult to pinpoint, and for the sake of discussion, let’s say it began with Alexander Graham Bell’s invention. Some could quibble that it actually began with Samuel F.B. Morse’s gift to data communications, but if you need to write it down, then it’s not quite as funny.Prank phone calls or “phony phone calls” as we called them as kids went out of style with the advent of home computers and video games. The golden age of prank calls was arguably during the WWII era. My mother has recounted such classics as calling over to the corner drugstore:“Do you have Prince Albert in a can?”“Yes.”“Well, let him out!”Or this golden oldie perpetrated on a relative or neighbor:“This is the electric company. Is your refrigerator running?”“Yes.”“Well, you better go catch it!”Variations on a theme to be sure, but immensely hysterical to the pranksters and good clean fun all around. Today, the prank phone call has been replaced by Call of Duty and online bullying. Makes one long for ration cards and defeating fascism.

A tale of two schools

Institutionalized tech pranking is embodied by the decades-long rivalry between Caltech and MIT -- a true east vs. west battle of wits if there ever was one. The litany of pranks between the two tech schools is legendary with the endeavor funded by alumni of both institutions. The most famous prank pulled off by Caltech students predates personal computers and the internet.During the 1961 Rose Bowl game between the Minnesota Golden Gopher and the Washington side of the stadium was tricked into producing a gigantic image with their flip-cards that spelled “Caltech” instead of the intended “Huskies.”The stunt was viewed by millions on TV and caused such a degree of shock that announcers were left speechless and the band stopped playing. It was later revealed that a group of Caltech students dubbed the “Fiendish Fourteen” had conned the head Washington cheerleader to reveal the flip-card system. The students then snuck into the Washington cheerleaders’ hotel rooms and switched the instruction sheets. Such tactics go by the name of social engineering today.A more recent prank involving the Rose Bowl and Caltech pranksters occurred almost a full decade prior to the emergence of the internet and only two years after the debut of the IBM PC. In 1984, two Caltech students managed to hack into the electronic scoreboard and changed both the teams who were playing and the score. Operating from a remote location using radio signals they were able to change the display to read, “Caltech 39, MIT 9.” This achieved multiple goals: inserting Caltech into the Rose Bowl (something that would require a severe temperature drop in hell) and sticking it to MIT. The students also probably earned extra credit since the prank was part of a class project. The nature of this hack connects back to the Dallas incident which I’ll return to shortly.

Public infrastructure targets

Another type of public infrastructure tech defacement is hacking electronic traffic signs. This is actually extremely easy to pull off due to weak designs from a sole-sourced manufacturer and the abundance of hacking instructions splattered online. The first several dozen of these hacks were mildly amusing with messages such as, “Zombies Ahead” and “Smoke Weed Everday,” but it’s now become tiresome, and in some cases, poses a threat to public safety. Brian Krebs of Krebs on Security nicely sums up the work of one better known practitioner of traffic sign hacking, “Near as I can tell, Sun Hacker is an unremarkable script kiddie who enjoys defacing Web sites.” This brings up the topic of website defacement which is one of the lowest forms of mischief and should be condemned in the strongest terms possible.Finally, we return to the Dallas siren incident. Initially, it was believed that it was the result of a system malfunction. It was a clear night without any impending predictions of severe weather conditions and there was no good reason for sounding the alarm. But this was quickly refuted and suspicion was then directed towards the possibility of an online hack. This made much more sense since that’s how most infrastructure targets have been attacked in the past, but not this time.The sirens in the Dallas system, like in similar systems across the country, are controlled by radio communications. A level of security is built into the system to prevent such mischief, but apparently it wasn’t strong enough. How the attackers managed to crack the access codes remains a mystery. Theories currently range from brute force trial and error to a social engineering exploit to forcing a test of the system to be conducted (like an emergency broadcast system test) and then snooping in on the command sequences. This is one case where the identities and motives of the attackers will be extremely interesting to uncover if they ever are.The Dallas incident was far from harmless. It caused a great deal of distress to sleeping residents and the 911 emergency service was overwhelmed with over 4000 calls during a short period of time. Loud noises can also cause serious mental health issues for the autistic and those suffering from PTSD, not to mention the distress it can cause for animals. This all gets back to underscoring the vulnerability of our infrastructure and how unprepared we are to mitigate the risks and then effectively respond when things get crazy. Pulling the plug on your smoke detector because the battery is low is irresponsible behavior for any homeowner. It’s no laughing matter when public officials are forced to resort to the equivalent with emergency alert systems.