Show artwork for Crime Show

September 7, 2021

Don't Click This Link

by Crime Show

Share

Background show artwork for Crime Show

One night, a 911 center in Olympia, Washington, was flooded with incoming calls. Something horrible had happened: there had been an attack. But the attack was on the center itself.

Where to Listen

Transcript

Emma Courtland: At the emergency call center in Olympia, Washington, on a typical Tuesday night, 9:30 is essentially a graveyard shift. Usually the center gets one or two calls. Someone's having chest pains. Somebody got spooked by a weird sound outside. But October 25, 2016, was not a typical Tuesday night. Just before 9:30 p.m., a call came in.


[ARCHIVE CLIP, Operator: Hi, this is 911. Do you have an emergency?]


Emma: And another.


[ARCHIVE CLIP, Operator: 911.]


Emma: And then another.


[ARCHIVE CLIP, Operator: 911. What's your emergency?]


Emma: Dozens and dozens of calls were stacking up faster than they could be answered. There were so many calls that an alarm went off in the 911 center, which could only mean one thing: something terrible had happened—a natural disaster. Or an attack.


Emma: 911 operators are the first and most pivotal line in our disaster response system. It's their job to answer our calls for help, to connect with us when we're in danger, to find out what's happening and where. And send us the kind of help we need. The problem was, on this Tuesday night when they answered those calls ...


[ARCHIVE CLIP, Operator: Hello?]


Emma: ... the lines were going dead.


[ARCHIVE CLIP, Operator: This is 911. Do you have an emerg—sir?]


Emma: Over and over again this happened. More than a hundred times before Olympia's first line of defense realized there was an attack—on the 911 system itself.


Emma: I'm Emma Courtland. This is Crime Show.


Ryan Knutson: Hey!


Emma: Oh, you're muted.


Ryan Knutson: Sorry about that. Ah, shit.


Emma: This is Ryan Knutson. He's one of the hosts of another Gimlet podcast—The Journal. And despite all of his technical difficulties during our video call, Ryan used to work as a tech reporter at The Wall Street Journal, which is what he was doing back in 2016 when all of this was going down in Olympia, Washington.


Ryan Knutson: So when this was happening, you know, people weren't really sure what was going on.


Emma: These operators were seeing this insane influx of calls, way beyond what was usual.


Ryan Knutson: Sometimes if there's a bad crash on the highway, they might get, like, 30 calls in an hour or something like that. But this was just, like, blowing through that by orders of magnitude.


[ARCHIVE CLIP, Operator: 911. What's your emergency?]


[ARCHIVE CLIP, Operator: Hi, this is 911. Do you have an emergency?]


[ARCHIVE CLIP, Operator: 911.]


Ryan Knutson: And what was so mysterious about it was that the people who were calling were hanging up right away. They weren't staying on the line.


Emma: So the operators couldn't figure out who these people were or what was happening to them. Until, Ryan says, they had a breakthrough. They finally got someone to stay on the phone.


Ryan Knutson: And the operator was like ...


[ARCHIVE CLIP, Operator: You can't just hang up. It's not a big deal, but I do have to make sure that you're okay.]


Emma: And the caller was like ...


[ARCHIVE CLIP, Caller: I'm sorry. It's not letting us hang up.]


[ARCHIVE CLIP, Operator: It's not letting you—what do you mean? So after we hang up, it still keeps dialing?]


Emma: That's exactly what was happening. Their iPhones were automatically dialing like they were possessed.


[ARCHIVE CLIP, Operator: 911.]


[ARCHIVE CLIP, Caller: Hi, I really apologize. This is the same people.]


Ryan Knutson: And so at first, the operators didn't know what was going on. They were like, who are these people?


Emma: Obviously, they had to find out. Because they were getting so many hangup calls they couldn't tell what was a real emergency and what wasn't. So the operators went on the offensive: they started calling the callers.


[ARCHIVE CLIP, Operator: Hi, Thurston County 911. Are you okay?]


[ARCHIVE CLIP, Operator: Hi, this is a 911 operator. I just received a hang-up call from your cell phone. Is everything okay?]


[ARCHIVE CLIP, Operator: Hi, this is 911. Your phone just called us. Do you have an emergency?]


Emma: And sure enough, none of the people they called back had an emergency.


[ARCHIVE CLIP, Caller: I didn't mean to call 911.]


Emma: No heart attacks, no car accidents. Not even a weird noise outside. Most of the callers did have one thing in common though—they were teenagers.


[ARCHIVE CLIP, Caller: Hello?]


Emma: And they didn't know what the hell was going on either.


Ryan Knutson: And a lot of them were really scared. They were like, "I'm so sorry. I didn't mean to call." Like, you know, they would freak out.


[ARCHIVE CLIP, Caller: This is my sister. She came in scared, telling me this.]


[ARCHIVE CLIP, Operator: Okay, is there any way that you can disable that so it doesn't do it anymore?]


[ARCHIVE CLIP, Caller: Yes.]


[ARCHIVE CLIP, Operator: Okay, not a problem.]


[ARCHIVE CLIP, Caller: I'm sorry!]


[ARCHIVE CLIP, Operator: That's okay. Have a good night.]


[ARCHIVE CLIP, Caller: My bad.]


[ARCHIVE CLIP, Caller: It was just a complete accident, yo.]


Emma: Sure, accidents happen, yo. But more than a hundred times? All in one night? The operators asked their own tech support what could possibly be causing this? But all they were able to tell them for sure was that the problem wasn't on their end. There was something that was making all of these teenagers' phones dial 911. So the operators started quizzing the kids.


Ryan Knutson: Like, why is your phone calling 911 so much? And she said, "Well, I clicked on this link on Twitter, and I don't know what happened." And she was like, "Well, what did the link say?


[ARCHIVE CLIP, Operator: Can you tell me what that link looks like?]


[ARCHIVE CLIP, Caller: It looks like a Google link. And it's weird. I can go look real quick.]


[ARCHIVE CLIP, Operator: Will you go look?]


[ARCHIVE CLIP, Caller: Yeah, one second.]


Ryan Knutson: It was a tweet that was in all caps that said, "I CAN'T BELIEVE PEOPLE ARE THIS STUPID."


[ARCHIVE CLIP, Caller: "I can't believe people are this stupid.' And then it's a Google link. It's, like, G-O-O ...]


Emma: I mean, that's a great tweet, especially if your goal is to lure teenagers to click on a mysterious link. Which they did. And when they did, a trap would be sprung. As soon as you touched it, your iPhone would dial 911—on repeat. And it wouldn't stop unless you turned off your phone. The thing is, once their phones were turned back on, a lot of these kids retweeted the link.


Ryan Knutson: Teenagers thought it was funny. Like, this is a prank I can pull on my friends.


Emma: So this was people who, like, even after they had fallen for the hack, they were still retweeting, and they just thought it was that chaos is funny?


Ryan Knutson: Yeah. No, these were definitely all Gen-Zers.


Emma: [laughs]


Ryan Knutson: I talked to one teenager who had shared the link with 1,300 followers on Twitter. And she said it was scary, but it was funny afterwards. I asked her what was funny about it and she was like, "I'm not really sure what was funny about it." And I was like, "Are you worried that you might harm the 911 system, or that this could cause a problem?" And she said, "We're all teens. No one really put much thought into it."


Emma: But the reality was that every teen who clicked on the link or retweeted it or texted it to their friends was essentially being conscripted into an online army. Without realizing it, they were playing foot soldiers in an attack on the emergency response system. So as the calls kept pouring in, the question for the operators became: who the hell was leading this army? And what were their intentions?


Ryan Knutson: So what people were afraid of is that this could be like a coordinated thing. Like, you take down 911, and then, you know, you attack somewhere else, whether it's a shooting or a bomb or something. And suddenly, all the people who are in that attack physically aren't able to reach first responders and call 911.


Emma: Imagine you're in a nightclub or at a concert, and someone opens fire. You call for help but you can't get through because the center has been flooded with fake calls. Every minute without aid, more people die. Every minute, the scale of the damage grows exponentially.


Emma: The operators in Olympia decided they needed to stop this hack. They were in a race against time. And I guess it also was like, who are they gonna call, right? They are 911. To stop this thing, they had to find out who was behind it. And then they got a clue. One of the callers revealed the Twitter handle they believed was the first to share the link.


[ARCHIVE CLIP, Caller: @SundayGavin.]


[ARCHIVE CLIP, Operator: Spell that real slowly for me, sweetie.]


[ARCHIVE CLIP, Caller: Sunday like the weekday ...]


Emma: SundayGavin had 1,200 followers on Twitter and a pretty generic profile picture—white kid. Shaved head. Bathroom selfie. Gray patterned shower curtain. There didn't appear to be any hate speech or manifestos on his page, or any clues about possible motives. The operators needed more. They needed a real name.


[ARCHIVE CLIP, Caller: I'm gonna go look on Twitter right now and figure it out.]


Emma: They channeled their inner teenagers and social media stalked the shit out of SundayGavin.


Ryan Knutson: They landed on a Facebook profile of a man named Gavin Hasler. They saw that Gavin—that SundayGavin on his Twitter profile had a similar bathroom selfie on his Facebook profile, and it had the same gray patterned shower curtain in the background. And they're like, "This is him. Like, this is the guy."


Emma: Finally, the operators called the cops. And weirdly, it seemed like SundayGavin knew what was coming. He tweeted, "Welp, I'm 'bout to get arrested 😍. BRB, guys."


Ryan Knutson: The police showed up at his work, which was a Dickey's BBQ Pit. And they walked in, and they asked for him, and they arrested him out in the parking lot.


Emma: But pretty much as soon as police started to question him, they realized SundayGavin wasn't some scary domestic terrorist. He was just another idiot kid.


Ryan Knutson: He told them, "I just shared this link. I didn't have anything to do with creating it." And so that was sort of like a lot of detective work just to sort of get to a dead end.


Emma: If it wasn't SundayGavin from the Dickey's BBQ Pit in Olympia, that meant the real attacker was still out there. And what's more, this hacker could have been anywhere. Because what neither the 911 operators nor the cops nor the kids with the possessed iPhones knew was that this problem was way bigger than Olympia, Washington. In fact, this would prove to be the biggest ever attack in the history of the nation's 911 system.


[ARCHIVE CLIP, Operator: 911. What's your emergency?]


[ARCHIVE CLIP, Operator: 911. What's your emergency?]


[ARCHIVE CLIP, Operator: 911. What's your emergency?]


Emma: There are more than 5,000 designated 911 centers across the country, and they all operate independently. Which, if you're trying to take down the emergency response system, actually makes things pretty hard. Because there isn't some centralized network, you can't take it down in one fell swoop—unless you weaponize the callers themselves.


Ryan Knutson: Because 911 systems are all locally managed, it's very difficult to take them all down all at once. Because if you were to do a ransomware attack on a 911 center, the impact of that attack is only going to be on that one 911 center. But if you put the attack on the other end, on the end of the phone lines and the phones, the cell phones are the ones that are calling in, that can go anywhere.


Emma: This is known as a TDoS attack—a "Telephone Denial of Service." And it's exactly what was happening that Tuesday in October—all over the country. 911 centers in at least a dozen states were being overwhelmed with calls. And because they were decentralized, every one of them thought that it was only happening to them. Which mattered, because all of them, like the operators in Olympia, were starting their investigations from scratch.


Ryan Knutson: Suddenly, this flare up of calls would come in, operators would be overwhelmed. Other police officers would start getting involved in the investigation, and often it would lead them to a dead end or they just couldn't figure it out.


Emma: All these local detectives were wasting precious hours investigating these cases as if they were little brush fires, completely unaware that they were all part of the same burn.


Ryan Knutson: One of those fires that started burning was in the Phoenix area in Maricopa County. And it was the same situation. The 911 operators there were overwhelmed, And then they called up their head of the cybersecurity unit, a sergeant named Dennis Ogorchock.


Dennis Ogorchock: So kind of like Ogre and Chuck, but it's spelled with all Os.


Emma: I bet you had a lot of good nicknames growing up.


Dennis Ogorchock: Oh, I think I've probably heard it all, right? [laughs]


Emma: Ogorchock's done it all, too. He was in the Marine Corps, then he joined the Sheriff's office. He worked in detention and patrol. And ...


Dennis Ogorchock: ... and went to the SWAT team, did that full time for some years. And got into the detective thing, and somehow I ended up in cyber crimes. [laughs] And it was actually better than I thought.


Emma: He's actually the head of cyber crimes for the sheriff's office in Maricopa County, which is why he was the one that got the call about the 911 attack—while he was still in his jammies.


Dennis Ogorchock: I was asleep. This was three o'clock in the morning.


Emma: Ogorchock didn't waste any time. He got out of bed, threw on some pants and drove to the sheriff's office where he was briefed about the situation.


Dennis Ogorchock: Our 911 calls went up by over 700 percent.


Emma: The dispatchers in Maricopa County recognized that these calls could be the precursor to something way bigger. But what made them different from the operators in Olympia was that the Maricopa County dispatchers decided this was way above their pay grade. They'd already tipped off their liaison at the Arizona Counter Terrorism Information Center, and it wouldn't be long before the FBI and Homeland Security got involved.


Dennis Ogorchock: So it definitely became an instant priority.


Emma: Apparently, all of the problematic calls were coming from iPhones, so Ogorchock opened the link from a computer instead so that he wouldn't inadvertently call 911.


Dennis Ogorchock: It just popped up like kind of LOL LOL LOL on the screen.


Emma: The website that the link led to was laughing at Sergeant Ogorchock. But Sergeant Ogorchock was not laughing, as you can hear.


Dennis Ogorchock: My main focus at the time was, okay, we need to get this to stop, like, as soon as possible, right?


Ryan Knutson: He sent in an emergency request to Twitter saying you need to delete any tweets that have this link in it because it's causing this emergency situation. And he also sent the same request to Google And then he also started looking up, okay, this link takes me to a webpage. Who is the company that does the back end piping for the web page? It was a company called Cloudflare, so he sent a message to them as well as saying the same thing, like, you need to take this link, you need to disable this webpage because it's causing this emergency situation.


Emma: Over the course of one night, Ogorchock had disabled the underlying functionality of the attack.


Dennis Ogorchock: And so I think by around ten or eleven o'clock, we had that website shut down.


Emma: But the person behind the website—the real hacker—was still out there. And if these calls were a precursor to a physical attack, authorities had to get that person before it was too late.


Emma: Is there a playbook for addressing something like this, or are you making it up as you go along?


Dennis Ogorchock: You know, not necessarily at the time for this. We were just going to kind of sometimes the old school just detective investigative steps, right?


Emma: Ogorchock knows the URL for the website. Now he just needs to figure out who is the owner of that website.


Ryan Knutson: There's a website called Whois.com, where you can plug in the website name, any URL, and you can find out, like, who owns the website, who owns the registration website. And the person who was registered as the owner of the website was someone named Meet Desai.


Emma: Ogorchock had the name of the person behind the biggest attack on the 911 system in history. But that's all he had. This guy could be anywhere in the world. But then, on Desai's Twitter account, Ogorchock noticed a post about a test Desia had run to check the speed of his Internet connection.


Ryan Knutson: He had run one of those tests, and he's posted the screenshot of it to his Twitter profile. But in the sort of fine print of that test it shows your latitude and longitude.


Emma: That is, the GPS coordinates for the area where Desai had run the test.


Dennis Ogorchock: That was probably the biggest shock was that this could be happening anywhere in the world. Now we're learning that he's probably right here in Maricopa County.


Emma: In Maricopa County.


Ryan Knutson: Maricopa County.


Dennis Ogorchock: Maricopa County.


Emma: The man responsible for the biggest attack in the history of the 911 system was sitting right there in Ogorchock's backyard.


[00:17:13.13]***


Emma: Ogorchock had just discovered that Meet Desai—the person detectives all over the country were trying to find—was actually right under his nose. Even crazier? Desai was enrolled in a community college in Ogorchock's own jurisdiction.


Dennis Ogorchock: GateWay Community College.


Ryan Knutson: Which just so happened to be only about 20 minutes away from where Sergeant Ogorchock was sitting at the time.


Dennis Ogorchock: We reach out to the school and contact them. And they're like, "Yeah, we have that kid enrolled here. And he's in a computer science class right now." And we're like, "Okay. Well, boom, we're on our way, right? We're heading straight there.


Emma: Sergeant Ogorchock assembled two teams. One he sent off to search Desai's house, the other team drove to campus and headed straight to the computer science room.


Ryan Knutson: They walked into the classroom and they said, "We need to talk to you."


Dennis Ogorchock: "Hey, we need to speak with you real quick." And from there, we took him from the college and brought them back to our major crimes division here to the interview rooms to kind of sit down and talk to him more.


[ARCHIVE TAPE, Dennis Ogorchock: You can just go and have a seat there, and we'll be right back in to talk to you in just a sec, okay?]


Emma: But it wasn't just a second. Ogorchock let Meet Desai stew in that room for 10 minutes. In the surveillance video, you can see him glancing around the room, shifting nervously, folding and unfolding his arms. And then Ogorchock and a colleague walk in.


[ARCHIVE TAPE, Dennis Ogorchock: Okay. How do you pronounce your first name?]


[ARCHIVE TAPE, Meet Desai: Meet Kumar.]


[ARCHIVE TAPE, Dennis Ogorchock: Meek?]


[ARCHIVE TAPE, Meet Desai: Meet. Like "Nice to meet you."]


Dennis Ogorchock: And we sat down with him and started to kind of, you know, go over his computer usage, and his just personal information and, you know, what are his usernames.


Emma: What surprised the detectives most was that, considering the criminal mastermind they expected to find, Desai seemed fairly compliant. Helpful, even.


[ARCHIVE TAPE, Dennis Ogorchock: What kind of social media stuff do you use?]


[ARCHIVE TAPE, Meet Desai: I use Twitter, SnapChat, Reddit and Instagram. That's about it.]


Dennis Ogorchock: He was providing us with passcodes to his phones, passwords to his accounts. He seemed to be very cooperative.


Emma: But when it came to the question of culpability, of whether or not he was responsible for the take down, Desai—like SundayGavin—simply said, "Wasn't me."


Dennis Ogorchock: He denied that he had done that.


[ARCHIVE TAPE, Meet Desai: I did not do that.]


Emma: And he certainly didn't confess to planning any physical attacks. But Meet Desai, it turns out, was not entirely blameless for what had happened the night before. He admitted that he and a friend had been playing around with some code. That code, it turned out, could exploit an auto-dial feature on iOS devices, forcing iPhones to call any sequence of numbers they fed to it. Desai even posted the code to his website, but he insisted that code was harmless.


[ARCHIVE TAPE, Meet Desai: It's not an exact phone number.]


[ARCHIVE TAPE, Dennis Ogorchock: Okay.]


[ARCHIVE TAPE, Meet Desai: Because I don't want people to be, like, calling.]


[ARCHIVE TAPE, Dennis Ogorchock: So there's not an actual phone number. So even if you were to call it, it wouldn't connect?]


[ARCHIVE TAPE, Meet Desai: No.]


Emma: It would only force-dial random four-digit numbers, but it couldn't result in a phone call because there are no four digit phone numbers. And yet, the version of the code that would force-dial 911 had made it out into the world. Ogorchock says he pushed Desai for an explanation.


[ARCHIVE TAPE, Dennis Ogorchock: Okay, it's super important at this part of the interview that you are as honest as you can be, okay? I need to know everything that's going on with this site and with your—I think we're obviously here for a reason.]


[ARCHIVE TAPE, Meet Desai: Yeah]


[ARCHIVE TAPE, Dennis Ogorchock: This is important.]


Dennis Ogorchock: Once we kind of confronted him with, "You're the only one that has access to your website that can make changes, that can do those things. You know, I have right here, it's showing that this is saying 911, right? So who did that if it wasn't you?" And he did eventually say, "Okay, yeah. I did. I did change that to 911 because I thought it would be really funny."


[ARCHIVE TAPE, Meet Desai: I thought, like, it would be funny to put 911.]


[ARCHIVE TAPE, Dennis Ogorchock: Into the number.]


[ARCHIVE TAPE, Meet Desai: Yeah.]


Emma: Desai had made a 911 version of the bug, but he said it was just stored on his local hard drive, and that if he had published that version of the bug, it was completely by accident. He never meant for it to find its way into anyone else's hands—certainly not to get blasted to social media accounts all across the country.


Dennis Ogorchock: He seemed genuinely surprised when we told him, "Hey, yeah. You're actually calling 911 thousands of times.


Emma: It took a moment, but the horror of what Desai had unleashed was starting to dawn on him.


[ARCHIVE TAPE, Dennis Ogorchock: What do you think is happening when they go to that site?]


[ARCHIVE TAPE, Meet Desai: Is it really calling you guys?]


[ARCHIVE TAPE, Dennis Ogorchock: Yeah, it's really calling us.]


Emma: Desai seemed genuinely stunned, which could mean only one thing.


Ryan Knutson: He wasn't sort of like a cyber villain evil hacker who was trying to destroy the world. Like, he was just a teenager who was playing around with some computer code.


Emma: Just like the cyber army of teens he'd inadvertently amassed, Desai was just a snot-nosed kid, a beginning computer science student. Obviously super smart, though.


Dennis Ogorchock: I think he spoke three languages. He was from India, so he had only been in the United States for, I think, five years. But super intelligent kid.


Emma: Technically, he was 18. But still really just a kid, which is probably the best explanation we have for how he came to mastermind the largest ever cyberattack on the 911 system—by accident. Which is a genuinely horrifying thought, right? That our most essential defense infrastructure could be leveled without any malicious intent, or really all that much technical expertise. Sitting with this reality for even a moment, it's hard not to imagine what could've happened if someone really was targeting the 911 system and knew what they were doing.


Emma: Desai was charged with four felony counts of computer tampering, and pleaded guilty to one of those. His charges might have been worse if anyone had been hurt by the attack. But as far as investigators could tell, on that particular Tuesday night, no one had. So in the end, Desai was sentenced to just three years of supervised probation, during which his computer activities were closely monitored. In court, Desai apologized for what he'd done.


Emma: We couldn't get a hold of Desai for this story, but Ryan did get a chance to talk to Desai's father back in 2016, when all of this was still fresh.


Ryan Knutson: I did speak very briefly to his father, who told me that, you know, he was upset about what happened. He seemed like a sweet kid. Like, he had photos of himself where he talked about how it can be hard to smile when people ask you to. And he wrote on his website about his own computer skills, and said that he, you know, was interested in developing these skills, but don't contact him if you wanted to do things that were related to piracy. Like, you know, he didn't want to be breaking into stuff and stuff like that. So it seemed, at least from the way that he presented himself online, that he had good intentions, that he sort of saw a bright future for himself in the world of computing.


Ryan Knutson: But instead he unleashed what people believe was the biggest hack on the nation's 911 system in history.


Emma: So far.


[NEWS CLIP: For 17 hours Saturday, Baltimore's automated 911 system hacked and offline as dispatchers were ...]


Emma: In the five years since Desai's accidental attack, there have been other attacks on the 911 system. Each exposes some small vulnerability to our essential infrastructure. Each of which gets patched and then forgotten like holes in an old dam. But the dam itself remains vulnerable. It's perpetually robbed of resources while simultaneously being asked to handle more and different kinds of emergencies than ever before. Today, 911 centers across the country are being asked to upgrade to new technology that will let callers share videos, images and texts—exposing 911 to even more hacking opportunities.


Emma: Seems only a matter of time before the dam breaks.


Emma: Crime Show is a Spotify original podcast and Gimlet production.


Emma: This episode was written and produced by Cat Schuknecht and me, Emma Courtland. Crime Show is produced by Jerome Campbell, Cat Schuknecht and Jade Abdul-Malik. Our senior producer is Mitch Hansen. Editing on this episode by Jorge Just and Devon Taylor. Production oversight by Collin Campbell. Field production help from Lillian Clark. Fact-checking by Nicole Pasulka.


Emma: Theme song by So Wylie. Mixing and sound design by Daniel Ramirez. Original music by So Wylie, Dara Hirsh and Bobby Lord.


Emma: Archival audio was provided by NBC News and Getty Images. Special thanks to Rachel Strom and Isabelle Larreur.

Read More

Transcript

Don't Click This Link

Emma Courtland: At the emergency call center in Olympia, Washington, on a typical Tuesday night, 9:30 is essentially a graveyard shift. Usually the center gets one or two calls. Someone's having chest pains. Somebody got spooked by a weird sound outside. But October 25, 2016, was not a typical Tuesday night. Just before 9:30 p.m., a call came in.


[ARCHIVE CLIP, Operator: Hi, this is 911. Do you have an emergency?]


Emma: And another.


[ARCHIVE CLIP, Operator: 911.]


Emma: And then another.


[ARCHIVE CLIP, Operator: 911. What's your emergency?]


Emma: Dozens and dozens of calls were stacking up faster than they could be answered. There were so many calls that an alarm went off in the 911 center, which could only mean one thing: something terrible had happened—a natural disaster. Or an attack.


Emma: 911 operators are the first and most pivotal line in our disaster response system. It's their job to answer our calls for help, to connect with us when we're in danger, to find out what's happening and where. And send us the kind of help we need. The problem was, on this Tuesday night when they answered those calls ...


[ARCHIVE CLIP, Operator: Hello?]


Emma: ... the lines were going dead.


[ARCHIVE CLIP, Operator: This is 911. Do you have an emerg—sir?]


Emma: Over and over again this happened. More than a hundred times before Olympia's first line of defense realized there was an attack—on the 911 system itself.


Emma: I'm Emma Courtland. This is Crime Show.


Ryan Knutson: Hey!


Emma: Oh, you're muted.


Ryan Knutson: Sorry about that. Ah, shit.


Emma: This is Ryan Knutson. He's one of the hosts of another Gimlet podcast—The Journal. And despite all of his technical difficulties during our video call, Ryan used to work as a tech reporter at The Wall Street Journal, which is what he was doing back in 2016 when all of this was going down in Olympia, Washington.


Ryan Knutson: So when this was happening, you know, people weren't really sure what was going on.


Emma: These operators were seeing this insane influx of calls, way beyond what was usual.


Ryan Knutson: Sometimes if there's a bad crash on the highway, they might get, like, 30 calls in an hour or something like that. But this was just, like, blowing through that by orders of magnitude.


[ARCHIVE CLIP, Operator: 911. What's your emergency?]


[ARCHIVE CLIP, Operator: Hi, this is 911. Do you have an emergency?]


[ARCHIVE CLIP, Operator: 911.]


Ryan Knutson: And what was so mysterious about it was that the people who were calling were hanging up right away. They weren't staying on the line.


Emma: So the operators couldn't figure out who these people were or what was happening to them. Until, Ryan says, they had a breakthrough. They finally got someone to stay on the phone.


Ryan Knutson: And the operator was like ...


[ARCHIVE CLIP, Operator: You can't just hang up. It's not a big deal, but I do have to make sure that you're okay.]


Emma: And the caller was like ...


[ARCHIVE CLIP, Caller: I'm sorry. It's not letting us hang up.]


[ARCHIVE CLIP, Operator: It's not letting you—what do you mean? So after we hang up, it still keeps dialing?]


Emma: That's exactly what was happening. Their iPhones were automatically dialing like they were possessed.


[ARCHIVE CLIP, Operator: 911.]


[ARCHIVE CLIP, Caller: Hi, I really apologize. This is the same people.]


Ryan Knutson: And so at first, the operators didn't know what was going on. They were like, who are these people?


Emma: Obviously, they had to find out. Because they were getting so many hangup calls they couldn't tell what was a real emergency and what wasn't. So the operators went on the offensive: they started calling the callers.


[ARCHIVE CLIP, Operator: Hi, Thurston County 911. Are you okay?]


[ARCHIVE CLIP, Operator: Hi, this is a 911 operator. I just received a hang-up call from your cell phone. Is everything okay?]


[ARCHIVE CLIP, Operator: Hi, this is 911. Your phone just called us. Do you have an emergency?]


Emma: And sure enough, none of the people they called back had an emergency.


[ARCHIVE CLIP, Caller: I didn't mean to call 911.]


Emma: No heart attacks, no car accidents. Not even a weird noise outside. Most of the callers did have one thing in common though—they were teenagers.


[ARCHIVE CLIP, Caller: Hello?]


Emma: And they didn't know what the hell was going on either.


Ryan Knutson: And a lot of them were really scared. They were like, "I'm so sorry. I didn't mean to call." Like, you know, they would freak out.


[ARCHIVE CLIP, Caller: This is my sister. She came in scared, telling me this.]


[ARCHIVE CLIP, Operator: Okay, is there any way that you can disable that so it doesn't do it anymore?]


[ARCHIVE CLIP, Caller: Yes.]


[ARCHIVE CLIP, Operator: Okay, not a problem.]


[ARCHIVE CLIP, Caller: I'm sorry!]


[ARCHIVE CLIP, Operator: That's okay. Have a good night.]


[ARCHIVE CLIP, Caller: My bad.]


[ARCHIVE CLIP, Caller: It was just a complete accident, yo.]


Emma: Sure, accidents happen, yo. But more than a hundred times? All in one night? The operators asked their own tech support what could possibly be causing this? But all they were able to tell them for sure was that the problem wasn't on their end. There was something that was making all of these teenagers' phones dial 911. So the operators started quizzing the kids.


Ryan Knutson: Like, why is your phone calling 911 so much? And she said, "Well, I clicked on this link on Twitter, and I don't know what happened." And she was like, "Well, what did the link say?


[ARCHIVE CLIP, Operator: Can you tell me what that link looks like?]


[ARCHIVE CLIP, Caller: It looks like a Google link. And it's weird. I can go look real quick.]


[ARCHIVE CLIP, Operator: Will you go look?]


[ARCHIVE CLIP, Caller: Yeah, one second.]


Ryan Knutson: It was a tweet that was in all caps that said, "I CAN'T BELIEVE PEOPLE ARE THIS STUPID."


[ARCHIVE CLIP, Caller: "I can't believe people are this stupid.' And then it's a Google link. It's, like, G-O-O ...]


Emma: I mean, that's a great tweet, especially if your goal is to lure teenagers to click on a mysterious link. Which they did. And when they did, a trap would be sprung. As soon as you touched it, your iPhone would dial 911—on repeat. And it wouldn't stop unless you turned off your phone. The thing is, once their phones were turned back on, a lot of these kids retweeted the link.


Ryan Knutson: Teenagers thought it was funny. Like, this is a prank I can pull on my friends.


Emma: So this was people who, like, even after they had fallen for the hack, they were still retweeting, and they just thought it was that chaos is funny?


Ryan Knutson: Yeah. No, these were definitely all Gen-Zers.


Emma: [laughs]


Ryan Knutson: I talked to one teenager who had shared the link with 1,300 followers on Twitter. And she said it was scary, but it was funny afterwards. I asked her what was funny about it and she was like, "I'm not really sure what was funny about it." And I was like, "Are you worried that you might harm the 911 system, or that this could cause a problem?" And she said, "We're all teens. No one really put much thought into it."


Emma: But the reality was that every teen who clicked on the link or retweeted it or texted it to their friends was essentially being conscripted into an online army. Without realizing it, they were playing foot soldiers in an attack on the emergency response system. So as the calls kept pouring in, the question for the operators became: who the hell was leading this army? And what were their intentions?


Ryan Knutson: So what people were afraid of is that this could be like a coordinated thing. Like, you take down 911, and then, you know, you attack somewhere else, whether it's a shooting or a bomb or something. And suddenly, all the people who are in that attack physically aren't able to reach first responders and call 911.


Emma: Imagine you're in a nightclub or at a concert, and someone opens fire. You call for help but you can't get through because the center has been flooded with fake calls. Every minute without aid, more people die. Every minute, the scale of the damage grows exponentially.


Emma: The operators in Olympia decided they needed to stop this hack. They were in a race against time. And I guess it also was like, who are they gonna call, right? They are 911. To stop this thing, they had to find out who was behind it. And then they got a clue. One of the callers revealed the Twitter handle they believed was the first to share the link.


[ARCHIVE CLIP, Caller: @SundayGavin.]


[ARCHIVE CLIP, Operator: Spell that real slowly for me, sweetie.]


[ARCHIVE CLIP, Caller: Sunday like the weekday ...]


Emma: SundayGavin had 1,200 followers on Twitter and a pretty generic profile picture—white kid. Shaved head. Bathroom selfie. Gray patterned shower curtain. There didn't appear to be any hate speech or manifestos on his page, or any clues about possible motives. The operators needed more. They needed a real name.


[ARCHIVE CLIP, Caller: I'm gonna go look on Twitter right now and figure it out.]


Emma: They channeled their inner teenagers and social media stalked the shit out of SundayGavin.


Ryan Knutson: They landed on a Facebook profile of a man named Gavin Hasler. They saw that Gavin—that SundayGavin on his Twitter profile had a similar bathroom selfie on his Facebook profile, and it had the same gray patterned shower curtain in the background. And they're like, "This is him. Like, this is the guy."


Emma: Finally, the operators called the cops. And weirdly, it seemed like SundayGavin knew what was coming. He tweeted, "Welp, I'm 'bout to get arrested 😍. BRB, guys."


Ryan Knutson: The police showed up at his work, which was a Dickey's BBQ Pit. And they walked in, and they asked for him, and they arrested him out in the parking lot.


Emma: But pretty much as soon as police started to question him, they realized SundayGavin wasn't some scary domestic terrorist. He was just another idiot kid.


Ryan Knutson: He told them, "I just shared this link. I didn't have anything to do with creating it." And so that was sort of like a lot of detective work just to sort of get to a dead end.


Emma: If it wasn't SundayGavin from the Dickey's BBQ Pit in Olympia, that meant the real attacker was still out there. And what's more, this hacker could have been anywhere. Because what neither the 911 operators nor the cops nor the kids with the possessed iPhones knew was that this problem was way bigger than Olympia, Washington. In fact, this would prove to be the biggest ever attack in the history of the nation's 911 system.


[ARCHIVE CLIP, Operator: 911. What's your emergency?]


[ARCHIVE CLIP, Operator: 911. What's your emergency?]


[ARCHIVE CLIP, Operator: 911. What's your emergency?]


Emma: There are more than 5,000 designated 911 centers across the country, and they all operate independently. Which, if you're trying to take down the emergency response system, actually makes things pretty hard. Because there isn't some centralized network, you can't take it down in one fell swoop—unless you weaponize the callers themselves.


Ryan Knutson: Because 911 systems are all locally managed, it's very difficult to take them all down all at once. Because if you were to do a ransomware attack on a 911 center, the impact of that attack is only going to be on that one 911 center. But if you put the attack on the other end, on the end of the phone lines and the phones, the cell phones are the ones that are calling in, that can go anywhere.


Emma: This is known as a TDoS attack—a "Telephone Denial of Service." And it's exactly what was happening that Tuesday in October—all over the country. 911 centers in at least a dozen states were being overwhelmed with calls. And because they were decentralized, every one of them thought that it was only happening to them. Which mattered, because all of them, like the operators in Olympia, were starting their investigations from scratch.


Ryan Knutson: Suddenly, this flare up of calls would come in, operators would be overwhelmed. Other police officers would start getting involved in the investigation, and often it would lead them to a dead end or they just couldn't figure it out.


Emma: All these local detectives were wasting precious hours investigating these cases as if they were little brush fires, completely unaware that they were all part of the same burn.


Ryan Knutson: One of those fires that started burning was in the Phoenix area in Maricopa County. And it was the same situation. The 911 operators there were overwhelmed, And then they called up their head of the cybersecurity unit, a sergeant named Dennis Ogorchock.


Dennis Ogorchock: So kind of like Ogre and Chuck, but it's spelled with all Os.


Emma: I bet you had a lot of good nicknames growing up.


Dennis Ogorchock: Oh, I think I've probably heard it all, right? [laughs]


Emma: Ogorchock's done it all, too. He was in the Marine Corps, then he joined the Sheriff's office. He worked in detention and patrol. And ...


Dennis Ogorchock: ... and went to the SWAT team, did that full time for some years. And got into the detective thing, and somehow I ended up in cyber crimes. [laughs] And it was actually better than I thought.


Emma: He's actually the head of cyber crimes for the sheriff's office in Maricopa County, which is why he was the one that got the call about the 911 attack—while he was still in his jammies.


Dennis Ogorchock: I was asleep. This was three o'clock in the morning.


Emma: Ogorchock didn't waste any time. He got out of bed, threw on some pants and drove to the sheriff's office where he was briefed about the situation.


Dennis Ogorchock: Our 911 calls went up by over 700 percent.


Emma: The dispatchers in Maricopa County recognized that these calls could be the precursor to something way bigger. But what made them different from the operators in Olympia was that the Maricopa County dispatchers decided this was way above their pay grade. They'd already tipped off their liaison at the Arizona Counter Terrorism Information Center, and it wouldn't be long before the FBI and Homeland Security got involved.


Dennis Ogorchock: So it definitely became an instant priority.


Emma: Apparently, all of the problematic calls were coming from iPhones, so Ogorchock opened the link from a computer instead so that he wouldn't inadvertently call 911.


Dennis Ogorchock: It just popped up like kind of LOL LOL LOL on the screen.


Emma: The website that the link led to was laughing at Sergeant Ogorchock. But Sergeant Ogorchock was not laughing, as you can hear.


Dennis Ogorchock: My main focus at the time was, okay, we need to get this to stop, like, as soon as possible, right?


Ryan Knutson: He sent in an emergency request to Twitter saying you need to delete any tweets that have this link in it because it's causing this emergency situation. And he also sent the same request to Google And then he also started looking up, okay, this link takes me to a webpage. Who is the company that does the back end piping for the web page? It was a company called Cloudflare, so he sent a message to them as well as saying the same thing, like, you need to take this link, you need to disable this webpage because it's causing this emergency situation.


Emma: Over the course of one night, Ogorchock had disabled the underlying functionality of the attack.


Dennis Ogorchock: And so I think by around ten or eleven o'clock, we had that website shut down.


Emma: But the person behind the website—the real hacker—was still out there. And if these calls were a precursor to a physical attack, authorities had to get that person before it was too late.


Emma: Is there a playbook for addressing something like this, or are you making it up as you go along?


Dennis Ogorchock: You know, not necessarily at the time for this. We were just going to kind of sometimes the old school just detective investigative steps, right?


Emma: Ogorchock knows the URL for the website. Now he just needs to figure out who is the owner of that website.


Ryan Knutson: There's a website called Whois.com, where you can plug in the website name, any URL, and you can find out, like, who owns the website, who owns the registration website. And the person who was registered as the owner of the website was someone named Meet Desai.


Emma: Ogorchock had the name of the person behind the biggest attack on the 911 system in history. But that's all he had. This guy could be anywhere in the world. But then, on Desai's Twitter account, Ogorchock noticed a post about a test Desia had run to check the speed of his Internet connection.


Ryan Knutson: He had run one of those tests, and he's posted the screenshot of it to his Twitter profile. But in the sort of fine print of that test it shows your latitude and longitude.


Emma: That is, the GPS coordinates for the area where Desai had run the test.


Dennis Ogorchock: That was probably the biggest shock was that this could be happening anywhere in the world. Now we're learning that he's probably right here in Maricopa County.


Emma: In Maricopa County.


Ryan Knutson: Maricopa County.


Dennis Ogorchock: Maricopa County.


Emma: The man responsible for the biggest attack in the history of the 911 system was sitting right there in Ogorchock's backyard.


[00:17:13.13]***


Emma: Ogorchock had just discovered that Meet Desai—the person detectives all over the country were trying to find—was actually right under his nose. Even crazier? Desai was enrolled in a community college in Ogorchock's own jurisdiction.


Dennis Ogorchock: GateWay Community College.


Ryan Knutson: Which just so happened to be only about 20 minutes away from where Sergeant Ogorchock was sitting at the time.


Dennis Ogorchock: We reach out to the school and contact them. And they're like, "Yeah, we have that kid enrolled here. And he's in a computer science class right now." And we're like, "Okay. Well, boom, we're on our way, right? We're heading straight there.


Emma: Sergeant Ogorchock assembled two teams. One he sent off to search Desai's house, the other team drove to campus and headed straight to the computer science room.


Ryan Knutson: They walked into the classroom and they said, "We need to talk to you."


Dennis Ogorchock: "Hey, we need to speak with you real quick." And from there, we took him from the college and brought them back to our major crimes division here to the interview rooms to kind of sit down and talk to him more.


[ARCHIVE TAPE, Dennis Ogorchock: You can just go and have a seat there, and we'll be right back in to talk to you in just a sec, okay?]


Emma: But it wasn't just a second. Ogorchock let Meet Desai stew in that room for 10 minutes. In the surveillance video, you can see him glancing around the room, shifting nervously, folding and unfolding his arms. And then Ogorchock and a colleague walk in.


[ARCHIVE TAPE, Dennis Ogorchock: Okay. How do you pronounce your first name?]


[ARCHIVE TAPE, Meet Desai: Meet Kumar.]


[ARCHIVE TAPE, Dennis Ogorchock: Meek?]


[ARCHIVE TAPE, Meet Desai: Meet. Like "Nice to meet you."]


Dennis Ogorchock: And we sat down with him and started to kind of, you know, go over his computer usage, and his just personal information and, you know, what are his usernames.


Emma: What surprised the detectives most was that, considering the criminal mastermind they expected to find, Desai seemed fairly compliant. Helpful, even.


[ARCHIVE TAPE, Dennis Ogorchock: What kind of social media stuff do you use?]


[ARCHIVE TAPE, Meet Desai: I use Twitter, SnapChat, Reddit and Instagram. That's about it.]


Dennis Ogorchock: He was providing us with passcodes to his phones, passwords to his accounts. He seemed to be very cooperative.


Emma: But when it came to the question of culpability, of whether or not he was responsible for the take down, Desai—like SundayGavin—simply said, "Wasn't me."


Dennis Ogorchock: He denied that he had done that.


[ARCHIVE TAPE, Meet Desai: I did not do that.]


Emma: And he certainly didn't confess to planning any physical attacks. But Meet Desai, it turns out, was not entirely blameless for what had happened the night before. He admitted that he and a friend had been playing around with some code. That code, it turned out, could exploit an auto-dial feature on iOS devices, forcing iPhones to call any sequence of numbers they fed to it. Desai even posted the code to his website, but he insisted that code was harmless.


[ARCHIVE TAPE, Meet Desai: It's not an exact phone number.]


[ARCHIVE TAPE, Dennis Ogorchock: Okay.]


[ARCHIVE TAPE, Meet Desai: Because I don't want people to be, like, calling.]


[ARCHIVE TAPE, Dennis Ogorchock: So there's not an actual phone number. So even if you were to call it, it wouldn't connect?]


[ARCHIVE TAPE, Meet Desai: No.]


Emma: It would only force-dial random four-digit numbers, but it couldn't result in a phone call because there are no four digit phone numbers. And yet, the version of the code that would force-dial 911 had made it out into the world. Ogorchock says he pushed Desai for an explanation.


[ARCHIVE TAPE, Dennis Ogorchock: Okay, it's super important at this part of the interview that you are as honest as you can be, okay? I need to know everything that's going on with this site and with your—I think we're obviously here for a reason.]


[ARCHIVE TAPE, Meet Desai: Yeah]


[ARCHIVE TAPE, Dennis Ogorchock: This is important.]


Dennis Ogorchock: Once we kind of confronted him with, "You're the only one that has access to your website that can make changes, that can do those things. You know, I have right here, it's showing that this is saying 911, right? So who did that if it wasn't you?" And he did eventually say, "Okay, yeah. I did. I did change that to 911 because I thought it would be really funny."


[ARCHIVE TAPE, Meet Desai: I thought, like, it would be funny to put 911.]


[ARCHIVE TAPE, Dennis Ogorchock: Into the number.]


[ARCHIVE TAPE, Meet Desai: Yeah.]


Emma: Desai had made a 911 version of the bug, but he said it was just stored on his local hard drive, and that if he had published that version of the bug, it was completely by accident. He never meant for it to find its way into anyone else's hands—certainly not to get blasted to social media accounts all across the country.


Dennis Ogorchock: He seemed genuinely surprised when we told him, "Hey, yeah. You're actually calling 911 thousands of times.


Emma: It took a moment, but the horror of what Desai had unleashed was starting to dawn on him.


[ARCHIVE TAPE, Dennis Ogorchock: What do you think is happening when they go to that site?]


[ARCHIVE TAPE, Meet Desai: Is it really calling you guys?]


[ARCHIVE TAPE, Dennis Ogorchock: Yeah, it's really calling us.]


Emma: Desai seemed genuinely stunned, which could mean only one thing.


Ryan Knutson: He wasn't sort of like a cyber villain evil hacker who was trying to destroy the world. Like, he was just a teenager who was playing around with some computer code.


Emma: Just like the cyber army of teens he'd inadvertently amassed, Desai was just a snot-nosed kid, a beginning computer science student. Obviously super smart, though.


Dennis Ogorchock: I think he spoke three languages. He was from India, so he had only been in the United States for, I think, five years. But super intelligent kid.


Emma: Technically, he was 18. But still really just a kid, which is probably the best explanation we have for how he came to mastermind the largest ever cyberattack on the 911 system—by accident. Which is a genuinely horrifying thought, right? That our most essential defense infrastructure could be leveled without any malicious intent, or really all that much technical expertise. Sitting with this reality for even a moment, it's hard not to imagine what could've happened if someone really was targeting the 911 system and knew what they were doing.


Emma: Desai was charged with four felony counts of computer tampering, and pleaded guilty to one of those. His charges might have been worse if anyone had been hurt by the attack. But as far as investigators could tell, on that particular Tuesday night, no one had. So in the end, Desai was sentenced to just three years of supervised probation, during which his computer activities were closely monitored. In court, Desai apologized for what he'd done.


Emma: We couldn't get a hold of Desai for this story, but Ryan did get a chance to talk to Desai's father back in 2016, when all of this was still fresh.


Ryan Knutson: I did speak very briefly to his father, who told me that, you know, he was upset about what happened. He seemed like a sweet kid. Like, he had photos of himself where he talked about how it can be hard to smile when people ask you to. And he wrote on his website about his own computer skills, and said that he, you know, was interested in developing these skills, but don't contact him if you wanted to do things that were related to piracy. Like, you know, he didn't want to be breaking into stuff and stuff like that. So it seemed, at least from the way that he presented himself online, that he had good intentions, that he sort of saw a bright future for himself in the world of computing.


Ryan Knutson: But instead he unleashed what people believe was the biggest hack on the nation's 911 system in history.


Emma: So far.


[NEWS CLIP: For 17 hours Saturday, Baltimore's automated 911 system hacked and offline as dispatchers were ...]


Emma: In the five years since Desai's accidental attack, there have been other attacks on the 911 system. Each exposes some small vulnerability to our essential infrastructure. Each of which gets patched and then forgotten like holes in an old dam. But the dam itself remains vulnerable. It's perpetually robbed of resources while simultaneously being asked to handle more and different kinds of emergencies than ever before. Today, 911 centers across the country are being asked to upgrade to new technology that will let callers share videos, images and texts—exposing 911 to even more hacking opportunities.


Emma: Seems only a matter of time before the dam breaks.


Emma: Crime Show is a Spotify original podcast and Gimlet production.


Emma: This episode was written and produced by Cat Schuknecht and me, Emma Courtland. Crime Show is produced by Jerome Campbell, Cat Schuknecht and Jade Abdul-Malik. Our senior producer is Mitch Hansen. Editing on this episode by Jorge Just and Devon Taylor. Production oversight by Collin Campbell. Field production help from Lillian Clark. Fact-checking by Nicole Pasulka.


Emma: Theme song by So Wylie. Mixing and sound design by Daniel Ramirez. Original music by So Wylie, Dara Hirsh and Bobby Lord.


Emma: Archival audio was provided by NBC News and Getty Images. Special thanks to Rachel Strom and Isabelle Larreur.

More Episodes

March 20, 2023

The Scariest Case You've Never Heard Of, pt. 2

Crime Show

The story of Barry Jones starts the way a lot of crime stories do: with an alleged murder off a dusty highway in Tucson, Arizona. And for years, the story of this crime seemed familiar. A terrible tragedy followed by an investigation, a trial and then a conviction. But all of that changed earlier this year, when the United States Supreme Court took up Barry’s case, and came out with a decision that...

Listen Now

March 20, 2023

The Scariest Case You've Never Heard Of, pt. 1

Crime Show

The story of Barry Jones starts the way a lot of crime stories do: with an alleged murder off a dusty highway in Tucson, Arizona. And for years, the story of this crime seemed familiar. A terrible tragedy followed by an investigation, a trial and then a conviction. But all of that changed earlier this year, when the United States Supreme Court took up Barry’s case, and came out with a decision that...

Listen Now

February 3, 2023

Introducing: The Conviction of Max B

Crime Show

Max B is a famous rapper in Harlem. Until one night changes his life.

Listen Now
Thumbnail for Crime Show

More from Crime Show