It appears that the controversial 'cyberterrorism' clause of the USA-PATRIOT act is actively being enforced. A lot of good folks have convincingly argued against the both the term and the false understanding of hackers that the term conjures up. However, the details of the law have become important here; especially that you can be convicted of a felony even if you did not cause an ascertinable minimum of $5000 in damages. In the case of 911 fraud, we must admit that that makes sense. The price of readyness, of a fast response to 911 calls, would have to be paid regardless of the number of false emergencies there are, so it is impossible to prove a high cost associated with the calls themselves. However, intentionally attacking this readyness capability certainly seems like it should be a felony. Maybe the proponants of the term 'cyberterrorism' have a point after all? . . .
FBI agents arrested a Louisiana man last week under the cyberterrorism provisions of the USA PATRIOT Act for allegedly tricking a handful of MSN TV users into running a malicious e-mail attachment that reprogrammed their set-top boxes to dial 9-1-1 emergency response.

According to prosecutors, David Jeansonne, 43, was targeting 18 specific MSN TV users in an online squabble when he crafted the script in July 2002, and sent it out disguised as a tool to change the colors on MSN TV's user interface. Though the code didn't mass-mail itself to others, some of the recipients were sufficiently fooled that they forwarded it to friends, for a total of 21 victims.

Known as WebTV before it was acquired by Microsoft, MSN TV works with television set-top boxes to allow users to surf the Web and send and receive e-mail without using a PC.

The boxes connect to the Internet through a local dial-up number. The malicious script changed the dial-up to 9-1-1. If a victim didn't go online again after being infected, the box would summon help anyway when it tried to make an automatic daily call to the network at midnight.

The code also crossmailed itself to the 18 targeted users, so it would appear in some cases to have come from someone the victim knew. Additionally, it posted victims' browser histories to a particular website, and e-mailed their hardware serial number to the free webmail account "timmy@postmark.net."

The link for this article located at SecurityFocus.com is no longer available.