‘Swatters’ spoof caller ID, turn 911 into a weapon

[SoonerSP101]

I'm not sure where this belongs but beware..

http://www2.csoonline.com/exclusives/column.html?CID=33438&source=nlt_csoupdate

Phone Pranks Gone Evil
‘Swatters’ spoof caller ID, turn 911 into a weapon

By Robert McMillan

It’s late. The kids are asleep, and suddenly there’s a rustling outside. You grab something to defend yourself, maybe a baseball bat, and quietly inch open the door to see who’s there. Suddenly you’re surrounded by automatic weapons. Men are yelling at you to get down on the ground with your hands behind your head.

No, this isn’t a home invasion. You’ve been swatted.

It happened on March 29, 2007, to an Orange County, California, resident, identified in court documents only as Doug B. According to authorities, an 18-year-old Washington man named Randall Ellis called Orange County’s 911 dispatch, spoofing Doug B’s telephone number and, over the course of a 38-minute telephone call, convinced authorities that he had murdered someone on the premises and was about to do it again.

Within minutes, fire, police and a helicopter team had been dispatched to the home of the Lake Forest, Calif., couple.

"They surrounded the home. Inside were a husband and wife and their two toddlers," said Farrah Emami, a spokeswoman with the Orange County District Attorney’s office. "We’re lucky that they didn’t shoot him."

Ellis is one of a handful of people who have been arrested over the past year in connection with an estimated 260 swatting incidents that have cost local authorities hundreds of thousands of dollars in wasted response effort. The bill for the Lake Forest incident alone ran in excess of $18,000.

And while swatting can be done quite easily (in one case, a caller simply blocked his CallerID and gave emergency dispatch a fake phone number) the swatters have also used some sophisticated social engineering techniques.

One convicted swatter, Guadalupe Martinez, would call an internal AT&T number claiming to be a service representative working in the field in order to scope out information on victims and sometimes even terminate their phone service, according to Detective Larry Cole with the Snohomish County Sherriff’s Office in Washington State.

Cole said that Martinez and his fellow swatters target people for two reasons: for kicks and to get even. "They had very limited social skills so they were kind of immature," he said.

Martinez, who went by the nicknamed "Wicked Wizard," would often swat victims as a way of settling the score for some chat-room slight, Cole said. "I think it was a power trip for him. It was his way of being the big man."
--Robert McMillan of the IDG News Service blogs for CSO at Security Blanket.

 

[3/325]

Somebody is going to end up getting shot and killed before this is over. Either an innocent homeowner who resists to what he thinks is an invasion, or a cop doing his job, or somebody in REAL trouble who can't receive help in time.

This kind of thing isn't a prank, it's rolling the dice with other people's lives just for kicks.

 

[2Ais4U]

I feel bad for who ever did this to the man when he finds out who it was that made the call.

 

[Sheldon J]

Has anyone went to Snopes to confirm this, when you block the caller ID it is still there just suppressed, and 911 can still see it, so I am leading toward either incompetent 911 personal or this story is bogus.

Now I have read stories about a druggie that will give a bogus address to cop a plea bargin

I found this out when someone with suppressed caller ID was making some real nasty calls to my home late at night, N I managed to get a order from the police to have the phone company override it so we could get the bozo's BTY it was a telemarketer that no longer has a license to run a business.

 

[RoadkingLarry]

With a minimum of equipment you can send out bogus ANI info.

 

[MikeG]

Somebody is going to end up getting shot and killed before this is over. Either an innocent homeowner who resists to what he thinks is an invasion, or a cop doing his job, or somebody in REAL trouble who can't receive help in time.

This kind of thing isn't a prank, it's rolling the dice with other people's lives just for kicks.
__________________

I agree. IMHO, it amounts to attempted murder by round about means. And just for kicks or out of ego.

 

[bsf]

I say we give these swatters some airsofts and put them in a shoot house. Then send SWAT in and allow the swatters to play op-for for real. This solution is full of win. Get rid of swatters. Deter future swatters. Provide SWAT with excellent training opportunities. I am genius.

 

[CypherNinja]

Has anyone went to Snopes to confirm this, when you block the caller ID it is still there just suppressed, and 911 can still see it, so I am leading toward either incompetent 911 personal or this story is bogus.

Now I have read stories about a druggie that will give a bogus address to cop a plea bargin

I found this out when someone with suppressed caller ID was making some real nasty calls to my home late at night, N I managed to get a order from the police to have the phone company override it so we could get the bozo's BTY it was a telemarketer that no longer has a license to run a business.

The problem is, they're not blocking it. They're hacking* the system to operate differently than it was intended. "Spoofing" is a hacker* term that essentially means "sending a fake ID."

Just about anything that involves sending identifying information (e-mail, IP packets, callerID, etc...) can be set up to send false identifying information instead. A surprising number of systems/technologies (I.E. virtually all of them) essentially run on an honor system.


* I hate that word, but it's one that everybody understands. It has a disproportionate amount of negative meaning, a lot like "gun nut."

 

[mekender]

reports i saw was that they were using caller id spoofing devices... either a device or a website that created fake caller ID information... either that or they were using a 3rd party company that spoofs caller id info...

caller ID info is received by a computer at the receiving end of the call and then that computer pulls the ID info off a database... that is why some calls will show first name, last name... others will show last, first... others will show just the county of the originating call... it all depends on the contracts the telcos have... to spoof one it is simply a matter of sending the destination computer incorrect info...

i used to work for a telco... and one of the ways that telemarketers get around caller id blocks is to make their caller id display blank spaces or garbage characters... those show up as valid information and not as someone that has purposely blocked their info...

 

[PedalBiker]

When I call my wife from overseas using a calling card the system actually prompts me to enter my number. I enter our home number so that she knows it's me.

People who rely too much on systems are ignorant - by definition.

 

[grnzbra]

The "swatters" that have been caught. Does anyone know the penalties they have received? Seems to me that 20 years should be a minimum.

 

[TallPine]

You grab something to defend yourself, maybe a baseball bat, and quietly inch open the door to see who’s there.

I'm not opening the door, and it won't be a baseball bat in my hands

 

[Bubbles]

This article describes penalties; not high enough IMO.

“SWATTER” Pleads Guilty to Conspiracy

U.S. Attorney media releases
By U.S. Department of Justice
Nov 10, 2007

Defendant Made False 911 Calls for Fun and Profit by Using “Spoof” Cards

DALLAS — The lead defendant in a swatting conspiracy that involved more than 100 victims, up to $250,000 in losses, and disruption of services for telecommunications providers and emergency responders, pled guilty yesterday in federal court, announced U.S. Attorney Richard B. Roper of the Northern District of Texas.

Stuart Rosoff, a/k/a “Michael Knight,” of Cleveland, Ohio, pled guilty to one count of conspiracy to use access devices to modify telecommunications instruments and to access protected telecommunications computers. He faces a maximum statutory sentence of five years in prison, a $250,000 fine and restitution. He has been in custody since his arrest in June when he, and three co-defendants, were indicted by a federal grand jury in Dallas. Rosoff is scheduled to be sentenced on March 6, 2007, by U.S. District Judge Jane J. Boyle.

Rosoff’s co-defendants, Jason Trowbridge, a/k/a “Jason from California” and “John from California,” and Angela Roberson, a/k/a “Amber” and “Lil Miss Angela,” were arrested in June in Houston, Texas. Co-defendant Chad Ward, a/k/a “Dark Angel,” was also arrested in June, in Syracuse, New York. On October 18, 2007, Roberson, who is presently on bond, pled guilty to her role in the conspiracy. Trowbridge and Ward, who are both in custody, have a December 17, 2007, trial setting before Judge Boyle.

“Swatting” refers to falsely reporting an emergency to a police department to cause a Special Weapons and Tactics (SWAT) response to a physical address, or making a false report to elicit an emergency response by other first responders, such as adult protective services, to a specific physical address. “Spoofing” refers to the modification of caller I.D. information to conceal the true identity of a caller. Calls to 911 were made with spoofed caller I.D. information to convince first responders that the emergency call was real.

According to documents filed in this case, from at least January 2004, Rosoff participated in multiple party line chat groups including the “Jackie Donut,” the “Seattle Donut,” and the “Boston Loach” with his three co-defendants, unindicted co-conspirators, including Guadalupe Santana Martinez, and others. Co-conspirator Guadalupe Santana Martinez, of Washington, pled guilty in April 2007 to a conspiracy charge outlined in an Information and is scheduled to be sentenced in January 2008.

They agreed that members of the conspiracy would make unauthorized access to telecommunication company information stored on protected computers to obtain personal identity information of their intended targets. They also agreed to use software/hardware configured to insert or modify telecommunication access devices and account information for telephone customers and employees, in order to obtain free telephone service or discontinue service for telephone subscribers.

Rosoff admitted that he turned on telephone service for himself and others in the name of third parties. In addition, he admitted that he accessed telecommunication provider facilities and turned off telephone services of party line chat group participants for harassment, and conducted swats on party line participants, their friends and families. During the conspiracy, Rosoff obtained personal identification information on individuals targeted for swatting from the party line chat group’s conversations by using social engineering techniques on telephone company employees and others and from co-defendant Trowbridge exceeding his authorized access to commercial databases which contained files of a consumer reporting agency.

In June 2006, Rosoff, Ward, Trowbridge, Roberson, and other unindicted co-conspirators, agreed to “swat” an Alvarado, Texas, family whose daughter was a party line chat group participant. On June 12, 2006, Martinez placed a spoofed phone call to the number for non-emergency services for the Alvarado, Texas, Police Department using a voice over internet protocol phone (VoIP) and a spoof card to conceal his true identity to make it appear that the call was actually made from the family’s residence. Martinez identified himself as a family member and told the dispatcher that he had shot and killed members of the family, that he was holding hostages, that he was using hallucinogenic drugs, and that he was armed with an AK47. He demanded $50,000 and transportation across the U.S. border into Mexico, and threatened to kill the remaining hostages if his demands were not met.

On October 1, 2006, Martinez called the 911 non-emergency services telephone number of the Fort Worth, Texas, Police Department and identified himself as he did on June 12, 2006, when he called the Alvarado, Texas, Police Department. He stated that he had shot and killed members of the family, that he was holding hostages, that he was using hallucinogenic drugs, and that he was armed. Martinez told the dispatcher that he would kill the remaining hostages if his demands were not met. Martinez again placed the call using a VoIP phone and a spoof card to conceal his true identity and make it appear as if the call were a true emergency call placed from the family’s residence.

According to documents filed in Court, as a result of the swatting telephone calls, at least two victims received injuries. Rosoff admitted knowing that injuries were received by one victim, an infirm, elderly male who resided in New Port Richey, Florida, and that as a result of the swatting activities resulting in a SWAT response, i.e., road closings, etc., normal municipal activities were disrupted in Yonkers, New York and other locations due to the false emergency calls. The swatting activities engaged in by the conspirators involved more than 100 victims including individuals, telecommunications providers, and emergency responders resulting in losses of $120,000 - $250,000, and resulted in the disruption of the services of the telecommunications providers and emergency responders which are both part of the national infrastructure. During the conspiracy, group members were responsible for more than 60 “SWAT” calls.

U.S. Attorney Roper praised the investigative efforts of the FBI. The cases are being prosecuted by Deputy Chief Assistant U.S. Attorney Linda Groves.

 

[grnzbra]

I think a 25 yard head start and give the people they spoofed a loaded AR with 30 round mag should be about right.

Nah. Too quick. 20 years, no parole. A good percentage of their lives will be over when they get out.

 

[Guzzizzit]

The first thought that comes to my mind is what if the homeowner is a firearms enthusiast and is say, cleaning his AR in the liveing room when the "Swat team" shows up? All they'd see is a man with a gun. The Leo's would end up shooting an innocent person sitting in there very own home, and it would still likely be listed as a justitified shooting. Scary.

 

[Sheldon J]

The "swatters" that have been caught. Does anyone know the penalties they have received? Seems to me that 20 years should be a minimum.

I think a 25 yard head start and give the people they spoofed a loaded AR with 30 round mag should be about right.

 

[GuyWithQuestions]

Caller ID/ANI Spoofing is Perfectly Legal, I Do It All the Time

Caller ID/ANI spoofing is perfectly legal, I do it all the time (not to harrass but for legal purposes). There are various websites that you can get a calling card phone number and pin number, for a price. The free stuff is usually not so good. Companies will pay the phone services to be able to spoof caller ID. The stuff that allows 911 and toll free numbers to see right through blocked calls, Automatic Number Identification (or ANI), can also be spoofed through many of these services because phone services are paid enough money. First it started with phone services making money by having caller ID. Then they found they could make money by having a services where you could block your number. Then they found they could make money by allowing residences a higher priced landline phone service which allows them to see through blocked calls. Then they found they could make money by allowing caller ID and even ANI spoofing. At least this is what the various Caller ID/ANI spoofing companies always say. Representatives for phone companies say that caller ID is only a tool, but was never meant to be relied on perfectly. I use one service, spoofcard.com, which spoofs both caller ID and ANI. However, they along with many other spoofing companies, have put a block on their customers calling 911 and toll free numbers, because they don't want to get in trouble and there's a federal law saying that since toll free numbers pay so that others can call them then they should legally be able to know who's calling them. However, if they didn't have the block it would work and I have confirmed many times that it works on those who use ANI and who can see right through "Unknown Numbers". I've also called independent numbers that say both your "caller ID" and "ANI". I've confirmed it for myself that the other person's detailed monthly phone bill says the spoofed number, not the real number that called them, which can be useful if you're spoofing a number.

These different spoofing companies say that although people do crime with these services, there's a lot of legitimate uses for it and that just like you can't blame a firearm manufacturer or car company if someone uses their products to intentionally hurt people, spoofing companies can't/shouldn't be held liable if someone uses it to hurt someone. They say that the criminal or prank caller should be punished, not the spoofing companies. One example is Paris Hilton actually used one of the services to break into Lindsay Lohan's voice messages by calling her phone with her own caller ID appearing on the caller ID to get into the voice message box (which is a definite no no, although calling someone and having their own number appear on the caller ID is legal as long as you hang up before it gets to the voice messages and you don't do it to harrass). Paris Hilton lost her phone card with that spoofing company. I know that several congressman are trying to pass laws making it so that non government civilians can't use these services. These spoofing companies have message forums with activism to write their congressmen just like THR has activism for gun rights.

My main use for caller ID/ANI spoofing is I'll use it if I don't want my cell phone's caller ID to appear on someone else's caller ID if I don't want them to have it later on, so usually I'll often make one of the University's courtesy phones or a certain pay phone appear on their caller ID, even though I'm on my cell phone, which is a legitimate use. Caller ID/ANI spoofing is perfetly legal in the U.S.A., as long as you don't use it for criminal purposes, to harrass, annoy, etc. I also find their call recording really useful and you can play it on your computer later as MP3's. My state is a "one party consent" state as far as recording goes, so it's legal for me not to tell the other person that I'm recording as long as it's not used for bad purposes. Some states (especially the liberal ones with lots of rules that also have limits on guns) like California have "multi-party" recording laws where every party involved in the phone conversation is required to know that it's being recorded, so you'd have to tell the other person at the beginning of the phone call that you're recording. The voice changer service that comes with my phone card isn't really useful for me, but I don't have any problem with something like that being legal.

This person who spoofed 911 and wasted their services should be punished severely by the law.

 

[Gunnerpalace]

Paris Hilton actually used one of the services to break into Lindsay Lohan's voice messages by calling her phone with her own caller ID

I'm not sure if I learned something or lost brain cells on that one.

20 years no parole.

Yeah, until this gets stopped someone getting killed is a very real possibility sadly.

 

[GuyWithQuestions]

I'm not sure if I learned something or lost brain cells on that one.

My point is, sometimes the media tries to make the equipment look bad, not the actual criminal. The media often tries to portray a gun as bad, while it was the criminal involved. It sounds almost like they sometimes try to make the spoof calling technology look bad and that it should be illegal, while it's the criminal who's at fault. Caller ID/ANI spoofing is perfectly legal and has many valid uses. It's morons like this criminal who called 911 who make it look bad. I guess for him, he wanted something more extreme than ordering Domino's Pizza for someone. One spoof calling service brought up the example of Paris Hilton hacking into Lindsay Lohan's voicemail as an example of how they don't turn a blind eye to crime that they catch.