Internet troublemakers, known as griefers, conducted an
organized hack attack against an epilepsy support message board last
weekend. The attack, designed to inflict bodily injury, is the first
known example of a large scale hack designed to inflict physical damage on
the victims. The attackers used injected JavaScript to trigger flashing
images on the computers of their victims, causing them severe migraines and
seizures.
The site is run and maintained by a nonprofit organization, the Epilepsy
Foundation. Its goal is to provide a place where epileptics and family
members can provide each other with support. The group had to close the
site briefly on Sunday to remove the malicious code and beef up security.
Ken Lowenberg, senior director of web and print publishing at the Epilepsy
Foundation states, "We are seeing people affected. It's fortunately
only a handful. It's possible that people are just not reporting yet -- people
affected by it may not be coming back to the forum so fast."
Hackers launched the attack Saturday, March 22. They used a script to
generate hundreds of messages with flashing animated GIF files attached.
On Sunday the griefers upped their assault injecting JavaScript into many
posts. The script would redirect the users’ page to a complex image
crafted to induce seizures. The malefic page was specially designed to
trigger seizures in both photosensitive and pattern-sensitive epileptics, two
major classes of epilepsy.
One pattern sensitive epileptic, RyAnne Fultz, a 33-year old mother who
regularly uses the group, was a victim of Sunday's attack. After initially
clicking an innocent sounding post, her screen was filled with a large pattern
of blinking squares. She says she "locked up". Fultz who
works IT Coeur d'Alene, Idaho explained, "I don't fall over and convulse,
but it hurts. I was on the phone when it happened, and I couldn't move
and couldn't speak."
Fortunately, Fultz was rescued by her 11-year-old son who came into the room
and forced her gaze away from the screen and killed the process. Fultz
emphasized how bad a seizure the attack caused, stating, "It was a spike
of pain in my head. And the lockup, that only happens with really bad
ones. I don't think I've had a seizure like that in about a year."
Browen Mead, a 24-year-old epilepsy patient in Maine, suffered from a daylong
migraine from the posts. She said it was worsened by the fact that she
lingered on the page, trying to figure out who was responsible. She
states, "Everyone who logged on, it affected to some extent, whether by
causing headaches or seizures."
There is some circumstantial evidence that the attack was carried out by the
group Anonymous, who gained public attention for their hacks on the Church of
Scientology and successful protest campaign against the Church. Anonymous
was allegedly incensed by posts mentioning EBaums World, a site much despised
by the group. Those who believe Anonymous to be behind the attack point
to a since-deleted post on 7chan.org; an Anonymous stronghold that allegedly
organized the attack.
Despite their suffering, many epileptics expressed their support and
appreciation for the site and the Epilepsy Foundation's work and
response. Said Fultz, "We all really appreciate them for giving us
this forum and giving us this place to find each other."
Epilepsy comes in many forms with about 50 million people affected
worldwide. Approximately 3 percent are photosensitive meaning that
flashing lights and colors can trigger seizures. DailyTech had
previously discussed proof-of-concept
attacks on medical implants such as pacemakers, but this is the first known
real world attack with the intent to physically injure.