Twitter users were hit yesterday with tweets and sometimes offending pop-ups that originated from exploiting a programming flaw. Twitter defines this as a prank rather than an attack or a hack. They also have assured Twitter members that no personal account information was compromised. But this does raise the point of what defines a malicious attack, prank or just a mistake.
In the 1960′s, Cap’n Crunch cereal put thousands of toy whistles in their boxes. Children all over delighted in the whistle design, color and sound. There are many reports of children excitedly calling friends and grandparents to tell them about the wonderful whistle. But when they would blow the whistle into the phone, they would get disconnected. The connection between the whistle and the phone disconnect was discovered and exploited.
The whistle emitted a precise 2600 Hertz tone, the same frequency used by AT&T to tell the switching equipment that the trunk was ready for a long distance call. Lots of free long distance calls were made by exploiting this feature. AT&T has long since fixed the flaw, but in the 1970′s one of the exploiters was charged and convicted of toll fraud.
Mistakes, like programming flaws, can be innocently uncovered like children blowing their Cap’n Crunch whistle into the phone. Those innocently uncovered flaws can be turned into pranks where some amount of disruption, like disconnected phones or pop-up windows or worms, can occur. But when malicious disruption or fraud evolves from the original mistake, it becomes a serious legal issue. What will happen with the Twitter “prank” – we will just have to wait and see.