Sighting in swatting

     "Bone chilling."

     These are the words Investigator Brian Sims of California's Orange County Sheriff's Department uses to describe the incident that unraveled March 29, 2007.

     On this evening, Doug and Stacey Bates went to bed with their two-year-old daughters safely asleep in a nearby room. Around 10 p.m., the wail of police sirens and rumble of helicopters overhead shook them into a terrified state of awake.

     Thinking a criminal was on the loose, Doug Bates armed himself with a butcher knife and stepped into his backyard where a swarm of police officers — believing Bates had just killed someone — greeted him with their assault rifles drawn.

     It was only after Orange County officers took Bates into custody that they learned the family had been unwitting pawns in a dangerous game being played 1,200 miles away by a young man bent on terrifying a random family of strangers.

     "Swatting" is the name of this new and dangerous game. While on its surface it appears as nothing more than filing a false police report (a misdemeanor in most states), the above scenario shows it carries the potential for serious consequences.

     "Police never know what's on the other side of the door, and if suddenly there's an entry into the home, people may think they're defending themselves from an attacker," states Rob Douglas, a Colorado-based privacy consultant. "The potential for violence, unnecessary injury and death is huge with these calls."

Spoofing 101

     Pranksters once phoned the local pizza joint to make deliveries to unsuspecting friends. Today the "Let's send 10 pizzas to Joe's house" prank has migrated from playing innocent jokes on unsuspecting friends to terrorizing strangers by dispatching police to their homes. "In some cases they know the person. In other cases it's a random target," states Gary Allen, editor of DISPATCH Magazine On-Line for 11 years.

     Randall Ellis randomly picked the Bates family as he did with every one of the 185 fake calls he placed to dispatch centers across the country. According to Sims, Ellis used Dex-line, which provides home phone numbers, addresses and even maps to people's homes, to pinpoint his targets. In the Bates' victimization, Ellis prank called them first and swatted them after they hung up.

     A key component in this crime involves the caller's ability to cover his tracks and make it look as if the call originated from the household where the alleged crisis is occurring, according to Douglas. The methods used are dependent upon a call center's inability to detect the difference between a spoofed (providing false information to a Voice over Internet Protocol) call, and a traditional phone call. Typically dispatch centers recognize cellular and landline calls and display information about the caller's location and number on terminals for dispatchers to view. And everything works fine — if the call originates by these means. However, when callers use the Internet to "drop" into the 911 system, things become a little dicey. With VoIP, pranksters can specify any address or phone number they want. Once this information enters the phone system, there's no way for dispatchers to detect that the call originated anywhere but where the person on the other line indicates.

     Spoofing comes in a variety of forms. Ellis, for instance, put Internet-based TDD lines to nefarious use. He simply entered bogus information about his location and phone number to make it seem as if he were calling from the Bates' home.

     But increasingly pranksters utilize caller ID spoofing services, designed to disguise a caller's location and telephone number, to hide their identity. Users of sites such as Telespoof.com or Spoofcard.com pay to use the service, punch in a PIN code and specify whom they are calling and what they would like caller ID to display.