This article is translated from Wikipedia, and is shared under the CC BY-SA 3.0 license.
Introduction
Although this incident happened in Japan, it seems to have similar implications for Taiwan. The ambiguous definition of the crime of obstructing computer use can easily become a tool for litigation. As a developer, I believe it is worth understanding. This article aims to share the case and does not encourage any malicious behavior that affects user operations.
Incident Summary
In March 2019, the Hyogo Prefectural Police searched the home of a female junior high school student on suspicion of posting links with malicious code on an electronic bulletin board, under the suspicion of "attempted unauthorized electromagnetic record supply" (不正指令電磁的記録に関する罪). Two men were also searched and sent for examination. On March 25, the Japanese Hacker Association started crowdfunding for the legal fees and litigation costs of the two men, raising a total of 7 million yen from 553 people. On May 29 of the same year, the two men received a non-prosecution disposition, and there were no victims in this case.
According to one of the men, the prosecutor believed that "for certain phone models, once the link is clicked, it may not be possible to close the screen, or it may require repair or the assistance of an expert, which violates the element of 'anti-intention' in the crime of computer virus." The argument for the "crime of unauthorized electromagnetic record supply" remained unchanged.
The defense lawyer from the Yokohama Park Law Office, who represented the two men, believed that the non-prosecution disposition was an attempt to confuse the public opinion, stating, "Although there was a crime, not prosecuting this time tries to confuse the public. Even though the prosecutor believes they are guilty, choosing a non-prosecution disposition in individual cases is a way for the prosecutor, as a legal professional, to avoid social criticism." The defense lawyer criticized the prosecutor for this.
Code
The program is the following JavaScript code:
for ( ; ; ) {
window.alert(" ∧_∧ ババババ\n( ・ω・)=つ≡つ\n(っ ≡つ=つ\n`/ )\n(ノΠU\n何回閉じても無駄ですよ~ww\nm9(^Д^)プギャー!!")
}
window.alert
can receive a specified string and display a dialog box with an OK button. After clicking the OK button, the dialog box can be closed. This program is an infinite loop, so after closing the dialog box, another dialog box will appear again. This behavior continues until the user closes the browser tab.
window.alert
cannot execute any other processing until the dialog box is closed, so this program does not have any impact on the browser. Therefore, it is not a "browser crasher" but a "prank program."
For most PC browsers, simply closing the tab can stop this program. Moreover, current browsers have an option to "stop showing dialog boxes" if an alert appears more than once, which can stop the continuous popping up of dialog boxes.
Reactions
This incident has caused a significant reaction both domestically and internationally.
On March 5, 2019, Smiley Kikuchi, a Japanese comedian, wrote on Twitter under the assumption of cybercrime, "A first-year junior high school girl can commit a crime on the internet so easily, it feels like a game. How can adults prevent such a reality?" Many criticisms followed.
Later, he mosaic-ed a tweet from Hiroaki Takagi, a Japanese cybersecurity expert, and commented, "It's unreasonable to say that this is not a crime." This sparked another heated discussion on Twitter. The next day, he wrote on Twitter, "The Hyogo Prefectural Police and the court are already dealing with the case. If the prosecutor and the court determine it to be a false accusation, I am willing to apologize directly to the three defendants," in an attempt to calm the situation. He later deleted all related tweets.
On March 6, 2019, Brendan Eich, the creator of JavaScript, wrote on Twitter, "Netscape 4, ten years before the first version of Chrome, already allowed users to close an infinite loop in JavaScript. I have decided to be an expert witness in this case. This is not a computer virus and should not be treated as a crime." On March 9, the Electronic Frontier Foundation also tweeted, "An infinite loop is not a crime."
On March 8, as a protest against the police action, the original code was publicly released on GitHub with the goal of being arrested. The repository is named lets-get-arrested. When the Hyogo Prefectural Cybercrime Countermeasures Division was asked about this by NETIB-NEWS, they responded, "Can you say the same thing about your own child?"
Supplement and Personal Opinion
From this incident, it can be seen that the definition of the "crime of unauthorized electromagnetic record supply" is ambiguous, leading to many gray areas. Moreover, it is absurd to turn a browser-side infinite loop into a criminal charge.
In addition, the issues mentioned in lets-get-arrested in the article are quite amusing, and I think the criticisms are spot-on.
For example, someone asked how to get arrested in Japan, saying that when they were in Roppongi, they saw four very drunk people trying to cross the road, and one of them walked in the middle of the road and was honked at by a taxi. As a result, that person kicked the taxi in anger and went into a rage in the middle of the road. Later, a police car arrived, but the police seemed to do nothing and just left without making any arrests.
The author replied, "Yes, writing an infinite loop in Japan is a more serious crime than kicking a taxi and going into a rage on the road."