• Honoring The Fallen
  • Publications
  • Subscribe
  • Advertise
  • Forums
  • Contact Us
    1. Tactical

    Sighting in swatting

    May 1, 2009
    Agencies place prank-calling perpetrators in the crosshairs
    Sightinginswatting 10233619

         "Bone chilling."

         These are the words Investigator Brian Sims of California's Orange County Sheriff's Department uses to describe the incident that unraveled March 29, 2007.

         On this evening, Doug and Stacey Bates went to bed with their two-year-old daughters safely asleep in a nearby room. Around 10 p.m., the wail of police sirens and rumble of helicopters overhead shook them into a terrified state of awake.

         Thinking a criminal was on the loose, Doug Bates armed himself with a butcher knife and stepped into his backyard where a swarm of police officers — believing Bates had just killed someone — greeted him with their assault rifles drawn.

         It was only after Orange County officers took Bates into custody that they learned the family had been unwitting pawns in a dangerous game being played 1,200 miles away by a young man bent on terrifying a random family of strangers.

         "Swatting" is the name of this new and dangerous game. While on its surface it appears as nothing more than filing a false police report (a misdemeanor in most states), the above scenario shows it carries the potential for serious consequences.

         "Police never know what's on the other side of the door, and if suddenly there's an entry into the home, people may think they're defending themselves from an attacker," states Rob Douglas, a Colorado-based privacy consultant. "The potential for violence, unnecessary injury and death is huge with these calls."

    Spoofing 101

         Pranksters once phoned the local pizza joint to make deliveries to unsuspecting friends. Today the "Let's send 10 pizzas to Joe's house" prank has migrated from playing innocent jokes on unsuspecting friends to terrorizing strangers by dispatching police to their homes. "In some cases they know the person. In other cases it's a random target," states Gary Allen, editor of DISPATCH Magazine On-Line for 11 years.

         Randall Ellis randomly picked the Bates family as he did with every one of the 185 fake calls he placed to dispatch centers across the country. According to Sims, Ellis used Dex-line, which provides home phone numbers, addresses and even maps to people's homes, to pinpoint his targets. In the Bates' victimization, Ellis prank called them first and swatted them after they hung up.

         A key component in this crime involves the caller's ability to cover his tracks and make it look as if the call originated from the household where the alleged crisis is occurring, according to Douglas. The methods used are dependent upon a call center's inability to detect the difference between a spoofed (providing false information to a Voice over Internet Protocol) call, and a traditional phone call. Typically dispatch centers recognize cellular and landline calls and display information about the caller's location and number on terminals for dispatchers to view. And everything works fine — if the call originates by these means. However, when callers use the Internet to "drop" into the 911 system, things become a little dicey. With VoIP, pranksters can specify any address or phone number they want. Once this information enters the phone system, there's no way for dispatchers to detect that the call originated anywhere but where the person on the other line indicates.

         Spoofing comes in a variety of forms. Ellis, for instance, put Internet-based TDD lines to nefarious use. He simply entered bogus information about his location and phone number to make it seem as if he were calling from the Bates' home.

         But increasingly pranksters utilize caller ID spoofing services, designed to disguise a caller's location and telephone number, to hide their identity. Users of sites such as Telespoof.com or Spoofcard.com pay to use the service, punch in a PIN code and specify whom they are calling and what they would like caller ID to display.

         Spoofing for legitimate purposes remains legal, adds Sims. "These services are intended for good use," he says. "For instance, the physician working from home who wants the number appearing on a patient's caller ID to look as if it came from his office. Unfortunately, crooks also use these methods to benefit them and their criminal conspiracies."

    Definition

         swat•ting, verb

         Filing a false report, via Internet, to an emergency dispatch center in order to deploy SWAT teams to a residence with occupants oblivious to the situation; an emerging trend by pranksters involving communication centers.

    Technology plays catch-up

         Swatting exploits weaknesses in the way the nation's 911 system handles calls from Internet-based services, with most call centers lacking the technical methods to identify them, states Roger Hixson, National Emergency Number Association (NENA) technical issues director.

         Even if it were possible for call centers to identify IP addresses, the information presently lacks location data. "The Internet was never designed to carry location or subscriber information. The only information it needs is an IP address," Allen explains. "You can be at home, log onto your personal connection and make the call, or you can go to the public library and make the same call — the Internet doesn't care where that call came from."

         Upgrading call centers to accommodate these new technologies by flashing an Internet caller's IP address might thwart fraudulent calls and is being considered, according to Hixson. "As we design next generation 911, which is IP network based, we are looking for opportunities to identify false calling," he says.

         Further hope arises as the Internet community investigates methods for including location information in data packets transmitted across the Internet. Currently, Allen says the Internet only sends IP address and basic technical information, but eventually there may be a way to insert location information into that data and merge it with the 911 system.

         But how this takes shape remains a mystery. "The question being pondered is how to add a location component to the overall system," he states. "How do we get people to put their location in? How is location described? What will it look like when we transmit it? Hopefully we can get these questions answered and come up with a solution that's better than what we have now."

    Checks and balances

         As technology plays catch up, mitigating swatting rests with dispatchers and officers. When these calls occur, it's critical dispatchers pay close attention to the checks and balances inherent in their jobs, states Lt. Lari Sevene of Colorado's El Paso County Sheriff's Office. Though the address may already be known, dispatchers should still inquire about the address of the emergency, reason for the call and specific identifiers to help officers navigate to the scene. Is it a street, an avenue or a drive? What kinds of vehicles sit in the driveway? How many houses is it from the corner of the block? These questions can trip up pranksters and poke holes in their stories. "If the caller says it's nine houses down and it's actually on the corner, that's a red flag. If there's a Chevy Suburban sitting in the driveway versus a BMW, that's a red flag," Sims points out. "It is incumbent upon dispatchers to ask these types of questions."

         Officers should also query dispatch to aid them in assessing inconsistencies. But such discrepancies do not definitively prove a call is a prank, stresses Sevene. "When people are under stress, they may not be thinking clearly," she says. "We need to consider the human factor as well."

    Stopping short of justice?

         When told to investigate the prank call to the Bates' home, Sims' supervisor advised him to "figure out who did this because somebody almost got killed." He adds that's a critical message for every agency. "Agencies need to investigate these calls to the fullest," he emphasizes.

         Technology exists to trace these calls. This starts at the dispatch center with the information it captured. If the caller used an Internet line, investigators can trace the call to learn its IP address. Services allowing IP reverse relay lookup help pinpoint a call's origin. Detectives can then serve warrants to appropriate Internet providers for subscriber information.

         As Sims investigated the Bates' victimization, he learned the call came from the Orange County Fire Authority, who receives all incoming calls from TDD lines. The fire department supplied the service provider's name and contact information. Sims captured IP addresses and account info from this organization then backtracked the call through the Internet, with the trail leading to Ellis.

         What he found along the way was surprising. One, Ellis had made nearly 200 such calls to agencies across the country. Two, some agencies came close to nabbing him but stopped short of an arrest. One department, he recalls, was a single search warrant away from arresting Ellis when it halted the investigation. "[That department] had identified him, but did not believe the call for service would have come from Mukilteo, Wash., when they were back on the East Coast," he says.

         Sims believes the law enforcement community as a whole must share these incidents and utilize resources in other departments to get local warrants written and served. "Don't let them off," he warns, "because they will continue to do this."

         The El Paso County Sheriff's Office requested FBI assistance with a 2005 swatting case that summoned deputies to the home of Transportation Security Administration screener Richard Gasper after a 911 caller reported a hostage situation. Investigators reached out to the FBI because they were unsure how the caller technologically bypassed the 911 system. Today the agency is better equipped to trace these calls, but Sevene points out: "Every time we make strides, the suspects or perpetrators seem to find other avenues. It's like we're always behind the power curve." For this reason, the agency relies on its federal partners whenever it believes a case goes beyond its technical capabilities.

         "Many small or mid-sized communities across the United States wouldn't know where to start," agrees Allen. "The Secret Service, U.S. Marshals and the FBI can track this stuff pretty easily and put together compelling paperwork to convince a jury. These cases are not that difficult to track if the appropriate resources are brought to bear."

    The full extent of the law

         Investigation complete, it's critical to prosecute these cases to the fullest extent of the law for the costly and risky misuse of authority, adds Sims. The Orange County Sheriff's Department deployed approximately 30 officers to the Bates' home, including a SWAT team, helicopter and K-9 units, at a price tag of nearly $15,000.

         False calls also take resources away from true emergencies, which Sevene calls inappropriate and selfish. "We need to be available to respond to the emergencies that are happening," she says. "Taking resources away for something that's completely unnecessary and inactive could ultimately cause injury or death to someone else at a completely different location."

         The risk to responding officers and the public, both at the scene and elsewhere, highlights the need to think outside the box when charging prank-calling perps. Essentially, these cases involve filing a false police report or making a false 911 call, both of which are typically misdemeanors that result in little to no jail time. When Sims presented his case to the district attorney, however, they examined the totality of the circumstances to find more appropriate charges. They wound up charging Ellis for assault with a deadly weapon, false imprisonment, filing a false report and misuse of the Internet, which netted a three-year sentence and requires him to serve at least 85 percent of his time before becoming eligible for parole.

         "You have got to think about what the subject tried to achieve," Sims emphasizes. "Ellis used the police as a conduit to act upon his intended victims. Did we point assault rifles at them? Yes. That's assault with a deadly weapon. Did we take them into custody and handcuff them? Yes. That's false imprisonment."

         Tacking on federal charges also sends a strong message, adds Sevene. In one case, federal agencies identified a culprit calling Texas call center from New Jersey. The U.S. Attorney arrested this individual, brought him to a Texas and held his trial there. "They sent the message that: 'We're going to find you, arrest you, and wherever you called from, that's where we are going to hold the trial,' " Allen states.

         When it comes to swatting, technology may be playing catch up, but dispatchers, officers and prosecutors working together can — and should — bring perpetrators to justice, according to Sevene. "It's one thing to prank call someone, ask if their refrigerator is running, then tell them to go catch it," she says. "But when you do something that could cause significant risk to others, it's absolutely intolerable."

         Ronnie Garrett, formerly the editorial director of the Cygnus Law Enforcement Group, is currently pursuing a freelance writing and photography career. She may be reached at [email protected].

    Continue Reading

    Sponsored Recommendations

    Build Your Real-Time Crime Center

    March 19, 2024
    A checklist for success

    Whitepaper: A New Paradigm in Digital Investigations

    July 28, 2023
    Modernize your agency’s approach to get ahead of the digital evidence challenge

    A New Paradigm in Digital Investigations

    June 6, 2023
    Modernize your agency’s approach to get ahead of the digital evidence challenge.

    Listen to Real-Time Emergency 911 Calls in the Field

    Feb. 8, 2023
    Discover advanced technology that allows officers in the field to listen to emergency calls from their vehicles in real time and immediately identify the precise location of the...

    Voice your opinion!

    To join the conversation, and become an exclusive member of Officer, create an account today!