My first DDoS attack, kinda
Enter my home town: Wilburton, Oklahoma. A small town(~3000 people) you've probably never heard of, and probably won't again after this article. When you think Oklahoma you probably think back woods and redneck, not computers. You're usually correct, but I didn't quite fit that stereotype. This is how I came to be banned from using the computers at my high school for a semester.
How I got here
I figured out what programming was around 13 (7th grade). Instantly fell in love with it. So much so that I'd stay up til 3 AM on school nights learning more about it, leading to failing grades until some parental intervention stepped in.
So, I knew my way around a computer. I was young. Just the right kind of person to be a bit dangerous. Luckily I never enjoyed the hacking scene and never crossed over to the script kiddie stuff, but I knew the basics of vulnerabilities.
The day the internet broke
I was a junior the year this happened. It was sometime in the first semester. There is usually an inherit trait among programmers: curiosity. A yearning for wanting to know the consequences of a previously untried action. My lunch periods usually consisted of boredom. Recently the blocks at the school had been relaxed, so flash games could be played in the library. Hence, that was where me and my friends went to during our free time. Someone mentioned something about the command line and hacking. I don't quite remember what led up to it, but I ended up typing something like this:
ping -n 10000 -l 10000 18.104.22.168
The IP(22.214.171.124 is just a placeholder)) I used was the particular IP returned when content was blocked. They did block some content, but it wasn't horrible yet(at some point my own website got blocked for flash games. Ruthless!)
For the non-technical people reading: This is a command which basically says "send this huge message to a server and tell it to send back a huge reply". This command took me a tiny bit of research (using
ping /?) to even know. I wasn't a black-hat by any means.
So, the technically minded out there are thinking "there is no way this would break anything"... Well, it didn't.. but then I ran it from 4 other consoles on the computer. At this point I started to hear "hey is the internet slow for you?" asked around the room. This is where I made the naive mistake of running with it. So, I opened like 10 command lines on this computer running this crude flood ping. Then, I went to the free computer beside me and did the same thing there. I think I did it on a total of 4 computers.
And then everything stopped working
I did not expect what came next. I had expected for there to be fairly strict controls on bandwidth. I thought I just maxed out the router in the library. Like the young naive teenager I was though, I left it running... on all 4 computers.
I was in 5th period when I started to realize what I had actually done. The teacher tried to load something on the internet and it wasn't working. "Connection timed out". I would later find out that I had brought the networks of the high school, middle school, elementary, and portions of the college to a stand still; as well as inflicting some damage on the IP address I used
About 30 minutes later it started working... another 5 minutes later, just before class was over, the principal knocks on the class' door. "I need to speak with Jordan".
So, we meet in the principal's office. My friend Joe is also there, and the IT guy. He starts saying that someone maliciously attacked the school network and their upstream provider for censorship. My friend Joe stares blankly and says "I have no idea what you're talking about." At this point, I know there is no point in not confessing, so I do. "Yea, he didn't have anything to do with it. I did it".
I can't remember of what follows but I was scared out of my mind. Not of police being called or whatever punishment they were going to arrange. The only thing on my mind was how much trouble I would be in when I got home. I got in-school-suspension before for some stupid thing. I was assigned 3 days of it... That was the worst month of my life though at home.
Anyway, so he sends me back to class and says he'll decide my punishment. Later he calls me back in and hands me my sentence "You can not touch a computer for the rest of the semester". Luckily, I didn't have a programming or typing course. I had both the next year.
Somehow, I manage to never have to tell my parents. They didn't find out until I was moved out.
It's hilarious looking back on it, but man was it scary when it was happening.
This lead to interesting situations. The IT guy was usually not on premises, so I would literally get called out of classes to fix some teachers' computers. During this time, I had to walk them through what to do, since I couldn't touch the keyboard or mouse. That was annoying, at best.
The most awesome part of this story is that I landed my first programming job literally, without a doubt because of my fame from crashing the network. My first boss had a son who was a grade below me. He was complaining about how he can't find anyone who knows anything about computers in this small town. His son popped off that I do. This conversation took place in the drive through of McDonald's. I happened to be working drive through. So, I say "that'll be ..." and he proceeds to ask "Hey what programming languages do you know". Completely caught off guard I start saying the last language I used. "C++". He gave me his business card and we exchanged numbers. About 2 months later I graduated from high school and began working there gaining vital experience right out of the gate.
I had quite a bit of fun with other stuff in high school as well.
I wrote a program called CD_Opener. It was my first real program to use threading and the Win32 API at the same time. It was a simple and stupid program. It did nothing but open a pop-up window with just an "OK" button. In one thread it would keep your CD drive open no matter what, in the other it told a story through these popup windows you clicked through. There were two versions, titled "ending" and "nonending" The nonending version told the story so that it fell into an infinite recursion along the lines of "and a dialog box opened on my comptuer... and do you know what it said?". There was no way to kill it other than to use task manager. The ending version was more polite and eventually the story did come to an end
After showing my friends this program(and how to run it), it was not uncommon to come in to the library to see 6 computers with their CD drives stuck open and a familiar popup dialog.
Getting around censors
At one point I built a small PHP script to dumbly download whatever files I told it to and give me a link to it hosted by my server. This was only effective though for flash games and other single-file things.
The unfinished senior prank
I found an absolutely brilliant vulnerability in the high school network my senior year. Basically, all the computers used a common "student" account. The student account was of course just a template. When a student logged in, it copied over the template. Changes in this way didn't persist.
However, the huge flaw with this design was that I found I way to put my own files into the template student account. I tested it with a small batch file and logged in with another computer and indeed, it did run on startup. I then proceeded to delete the batch file. I thought long and hard about writing a senior prank program that would run on almost every computer on the school at a certain time of day. Nothing harmful or distasteful, but not something one would forget either.
I ended up writing a stub program, but never finished it and as far as I can remember never exploited this vulnerability. I vaguely remember leaving a text file in some obscure folder, but I probably ended up deleting it after a while.
Many more vulnerabilities lie here, but I won't go into them here. Our IT guy didn't have the best knowledge of basic security.
If you're under 18 and reading this, Please don't try to break your school's network. There are many more positive ways to get a reputation. My school was easy on me. I have read(as an adult) about similar (trivial) cases of such things where the school involves the police and the kid receives a record that'll stay with him for life.
Posting comments is currently disabled(probably due to spam)