Infinite alert loop event

This article is a translation from Wikipedia and adheres to the CC BY-SA 3.0 license.

Introduction

While this incident occurred in Japan, it seems to resonate with similar situations in Taiwan. The definition of "obstructing computer use" is ambiguous, making it easy to become a tool for litigation. As a developer, I believe it’s essential to understand this issue. This article aims to share the case study and does not encourage any malicious behavior that impacts user operations.

Incident Overview

In March 2019, the Hyogo Prefectural Police suspected two men of attempting to provide malicious code links on an electronic bulletin board, which led to charges of attempted unauthorized use of electromagnetic records. The police searched the home of a junior high school girl and interrogated the two men, who were later sent for prosecution. On March 25, the Japan Hacker Association began fundraising for the legal fees of the two men, raising a total of 7 million yen from 553 contributors. On May 29 of the same year, the two men were granted a deferred prosecution, and there were no victims in this case.

According to one of the men, the prosecutor claimed, "For certain phone models, once the link is clicked, it could lead to a situation where the screen cannot be closed, or it may require repair or assistance from an expert, which violates the 'intent to harm' clause in computer virus laws." However, there was no change in the assertion regarding the "attempted unauthorized use of electromagnetic records."

The defense attorney from Yokohama Park Law Office, representing the two men, remarked that the deferred prosecution was "an attempt to mislead, suggesting there was a crime but opting not to prosecute this time," and criticized the prosecutor's stance that, although believing in guilt, chose deferred prosecution based on individual circumstances to avoid societal backlash.

Code

The program is the following JavaScript code:

for ( ; ; ) {
  window.alert("　∧_∧　ババババ\n（ ・ω・)=つ≡つ\n（っ ≡つ=つ\n`/　　)\n(ノΠＵ\n何回閉じても無駄ですよ～ww\nm9（＾Д＾）プギャー！！")
}

window.alert can accept a specified string and display a dialog box with an OK button. Pressing the OK button allows the user to close the dialog. However, this program runs in an infinite loop, so after closing the dialog box, it will reappear, continuing until the user closes the browser tab.

Since window.alert cannot execute any further processing until the dialog box is closed, this program does not affect the browser and is therefore classified not as a "browser crasher" but as a "prank program."

For most PC browsers, simply closing the tab will stop this program. Furthermore, modern browsers offer an option to "stop dialog boxes from appearing" if alerts are triggered more than once, halting the continuous pop-up behavior.

Reactions

This incident garnered significant attention both domestically and internationally.

On March 5, 2019, Japanese comedian Smiley Kikuchi tweeted about internet crime, stating, "It’s shocking that a junior high school girl can easily commit a crime online; it feels like a game. How can adults prevent such a reality?" This sparked a wave of criticism.

Later, he reposted a masked tweet from Hiroshi Takagi, a Japanese cybersecurity scholar, commenting, "It's nonsensical to claim this isn't a crime on Twitter," which ignited further backlash. The next day, he tweeted, "The Hyogo Prefectural Police and the courts are handling the case now. If the prosecutor and court find this a wrongful conviction, I am willing to apologize directly to the three defendants," attempting to quell the uproar. Subsequently, he deleted all related tweets.

On March 6, Brendan Eich, the creator of JavaScript, tweeted, "Ten years ago, Netscape 4 already allowed users to close JavaScript infinite loops in Chrome's initial version. I will be an expert witness at the trial. This is not a virus; it should not be a crime. If the browser doesn't let users regain control, jail the browser maker :-P." On March 9, the Electronic Frontier Foundation also tweeted, "An infinite loop is not a crime."

Thread: https://t.co/zc1qz7OLx8

I'll be expert witness at trial. This is not a virus, it should not be a crime, and if the browser did not let the user regain control, jail the browser maker :-P.

— BrendanEich (@BrendanEich) March 9, 2019

On March 8, in protest of the police's actions, someone publicly posted the original code on GitHub with the aim of getting arrested. The repository was named lets-get-arrested. The Hyogo Prefectural Cybercrime Unit responded to NETIB-NEWS, questioning, "Can you say this to your own child?"

Additional Thoughts

This incident highlights the ambiguous definition of "attempted unauthorized use of electromagnetic records," leading to many gray areas. Furthermore, the notion that an infinite loop on the browser side could become a criminal charge is quite absurd.

Additionally, the issues mentioned in the lets-get-arrested repository are quite humorous, showcasing well-placed sarcasm.

For instance, someone asked on GitHub how to get arrested in Japan. The person recounted an incident where they saw four very drunk people trying to cross the street in Roppongi. One individual stepped into the street and ignored a taxi's horn, becoming enraged and kicking the taxi while throwing a tantrum in the middle of the road. Although the police arrived, they seemingly took no action and left without any arrests.

The author replied, "Yes, writing an infinite loop in Japan is a more serious offense than kicking a taxi and throwing a tantrum in the middle of the road."