SWATting – Is the 911 Network Secure?

This Avaya CONNECTED Blog
is also available as an MP3 Audio File


Over the past several years a recurring theme on this podcast, and unfortunately in the news, is the practice of “swatting”. Swatting is when a caller places a call to a 911 center with the intention of invoking a SWAT team response to their intended victims location. Many times this is done out of revenge, or a poor joke, but in either case it can be a costly and highly dangerous situation for both police response teams, as well as the intended SWAT victim.

But just how do these young hackers exploit the 911 system? Is there a security hole in the network that needs to be plugged? Fortunately, there isn’t a hole in the system, nor is there a secret backdoor that is been breached by telephone hackers. The system is operating as designed, and the perpetrators are simply manipulating their caller ID thereby “fooling” the system.

Back in my teenage days, caller ID didn’t exist, providing complete anonymity when making a telephone call. When the phone rang, you had no idea who is going to be on the other end. But that all changed in the mid-80s when caller ID became an option in most major cities, and now is a widespread feature available just about anywhere. In fact I would be surprised to find an area where caller ID was not offered by the local CLEC or ILEC.

For the most part, caller ID spoofing requires some level of control within the network, as on regular telephones, the caller ID is not actually transmitted by the device, nor is it possible to send outbound caller ID on an analog POTS circuit. For the originating device to send custom caller ID, a primary rate interface or basic rate interface with a D channel would be required.

Since many do not have a digital circuit, or a PBX or telephone capable of generating custom caller ID, most telephone phone phreaks resort to services such as Spoofcard. The way Spoofcard works, is that you make a call to an access number, and then enter the destination number that you would like to call. The account is managed online where you can provision whatever caller ID number you would like to be displayed at the far end. When the call reaches the terminating central office, a query is made based on the calling line ID number, and the name associated with that number is then displayed to the destination. Fortunately, it’s not quite as easy as that. Even though the caller has masked their telephone number and name to the destination, there is still a telephone record on their originating line to the Spoofcard service, which leaves behind a breadcrumb trail that is very easy for the police or FBI to follow.

With the advent of voice over IP services, the potential pranksters are able to use the Internet to access service providers, which also provide the ability to provision the outbound calling line ID number, and ultimately trigger a name associated with that to whomever you call. Again, even though the breadcrumb trail is not quite as obvious, it certainly is there, and when you look at the level of ethernet forensics being deployed by public safety officials, rest assured, if they go looking for you, they will find you.

Another common practice is to exploit the telecommunications devices for the deaf, or TDD units. Placing a call from these types of devices to national relay services creates a physical firewall between the prankster and public safety. But fortunately, the physical connection of the originating telephone call to the relay service is logged, and can be physically traced.

When I read the full details of many of these swatting attempts, most have telltale signs that public safety is getting very attuned to. For example, many arrive on the administrative lines and not the 911 circuits. There are probably two reasons for this. The first is that the phone phreakers are probably afraid that the administrative PSTN lines are not as advanced as the 911 lines, and they are afforded more anonymity and scrutiny. Although that sounds like a great explanation, in today’s world it’s simply not true. Point-to-point connections made in the PSTN are logged and traceable regardless of the termination type. And although there is no dramatic music and clock ticking away while public safety initiates a trace on the line, those connections can be tracked well after the call was completed.

Getting a SWATting call to land on a 911 line is not impossible, but much more difficult and unpredictable. It typically requires a much higher level of knowledge of the terminating network, and those details are just not easily found out. Even if they are, public safety often changes those details on an ongoing basis to protect against information being made public and usable for any length of time.

Just this past week, LAPD change their policy on these types of calls, where they will no longer publicly acknowledge them when they occur. This is being done in the hopes of reducing the “hacker celebrity status” of the perpetrator. You’ll also notice that several arrests are now being made as public safety understands how the network is being manipulated, and safeguards have been put into place to capture the appropriate data. This is all being done under the auspices of the Communications Assistance for Law Enforcement Act or CALEA (pronounced clee-ah). This is the United States wiretapping law that was passed in 1994 in an effort to enhance the ability of law enforcement and intelligence agencies to conduct electronic surveillance. It also requires telecommunication carriers as well as manufactures of telecommunications equipment to provide built-in surveillance capabilities and wiretap points that allow federal agencies to monitor all communications in real time.

So every seen an end to the continuous SWATting attempts on Hollywood? Probably not. But I will predict a drastic decline in those attempts, as well as an increase in arrests and convictions of those who choose to play this dangerous game. 45 years ago, prank phone calls may have been an amusing game.

“Is your refrigerator running? Then you better catch it!”

This might have given a five-year-old a stomach ache from the belly laughs. Today, reports of hostages and military grade weapons are going to get someone shot, and most likely killed. The obvious question is will next generation 911 make this problem worse?

Although it’s true that more opportunities may be present to initiate a SWATting attack, the standard tools and monitoring inherent in all networks today will make the detection much easier and faster shutting down the origination attempts. With the level of security being deployed in most networks today we easily have the technology to identify and capture those who choose to play.


Want more on E9-1-1?  E9-1-1 Talk Podcast
Subscribe to my weekly E9-1-1 Talk Podcast here

Thanks for stopping by and reading the Avaya CONNECTED Blog on E9-1-1, I value your opinions, so please feel free to comment below or if you prefer, you can email me privately.

Public comments, suggestions, corrections and loose change is all graciously accepted 😉
Until next week. . . dial carefully.

Be sure to follow me on Twitter @Fletch911

Fletch_Sig.png 


CacheFly LogoAPN is Powered by Cachefly
CacheFly is the world’s fastest CDN, delivering rich-media content up to 10x faster than traditional delivery methods. With a proven track record and over a decade’s worth of CDN experience, companies around the world choose the CacheFly CDN for reliable and unbeatable performance. For more information, visit www.cachefly.com

Related Articles:

Digital Transformation—Powering New Experiences for Employees and Customers

There’s no let-up in the pace of change. New apps, new services and new ways of getting it done seem to spring up daily, and can seem at times, overwhelming. Thankfully, many of these new capabilities are actually making our lives easier, more fulfilling, and more productive. We’re on the cusp of a change that will go well beyond Googling an answer or picking up a voice call when you’re out and about. The analyst firm IDC calls the change Digital Transformation (DX) and defines it as “an approach that enables organizations to drive changes in their business models and ecosystems by leveraging digital competencies.”

Digital Transformation is Underway and Moving Fast

Digital Transformation promises to change the very fabric of our lives, as the Internet of Things, mobility, and big data make us more aware, more reachable, and more satisfied with our interactions, both personal and professional. The road to DX will be paved with innovations large and small. They will change the way we interact with other people and with the machines that move us, house us, feed us, and keep us healthy and engaged. But what about today? How can DX allow me to do a better job today?

IDC has done some interesting research on the notion of unified communications—that promised land of intuitive, rapid, well-organized, and multimodal interaction that we’ve been talking of for so long. They’ve determined that the market for UC solutions is growing (by 9% per year to about $38B globally by 2020) and that increasing productivity and collaboration and reducing expenses remain the key motivators for UC investments.

The Day-Changing Avaya Equinox™ Experience

These motivators are at the heart of the Avaya Equinox Experience. Equinox is built around a mobile-first reality—the notion that our smartphones and tablets have become our lifeline to … everything. How often do you look at your phone? Someone told me the average is 84 times a day. If you’re a boomer like me, it might not be that many times, but I’d guess I still look at my phone at least 40 times during my work day. Now what if each time I looked at my phone I was presented with my meeting schedule, my latest IMs, and my recent call logs? And what if that information was mirrored across my devices so that I could move seamlessly from my desk to my smartphone to my tablet to my laptop and always get the same consistent information, presented in the same intuitive way?

Sounds good, doesn’t it? And what if I could take the next step and actually take action on that information with a single tap? Enter my conference calls, open video and collaboration, return a call, or respond to a message? This ability to both understand my day’s priorities and take action on what’s most important is what defines the Avaya Equinox Experience. It’s the ability to have a UC experience that is, in fact, unified! It makes a major difference in my day and you can likely imagine how it could make a major difference in yours.

More DX Solutions from Avaya

Along with the Equinox Experience, Avaya also recently released two other innovations that we think define and support your move to DX. The Avaya Breeze™ Client SDK was used to create Equinox and Avaya now offers it to our developer ecosystem and our customers to create their own unique experiences. Would you like to integrate communications into an existing enterprise application? Does Equinox sound intriguing but you’re wondering if you could make a few tweaks for your specific vertical or enterprise needs? Add collaboration to a unique mobile app you’ve created? Or develop a kiosk experience that includes seamless communications access to additional resources? The Avaya Breeze Client SDK will give you the tools you need to bring the world of DX into your own organization—in the way that you think is best.

But what about placing those unique experiences into your environment? Your hotel rooms? Your patient rooms? Your retail spaces? Or your branch offices? Avaya Vantage is an all-glass device that is secure and admin-able and lets you take the customized experiences you created with the Breeze Client SDK and place them cost effectively into the locations that make sense for your business. You can provide unique offers, tailored experiences, create awareness of your services, and take your customer’s experience to the next level.

Interested in learning more? Check out the video clip of IDC Analyst, Rich Costello, and Avaya Director of Product Management, Paul Relf, as they discuss how digital transformation powers the new UC work experience. Read the IDC paper on DX and Avaya solutions. As always, we’re here to help you on your own DX journey! Send us a note, ask us a question, pose a problem to solve—we’d love to hear from you.

Call it what you will: Multi-channel, Omnichannel—It isn’t about the Contact Center!

At this point, we know that most companies are competing exclusively on the customer experience (83%, according to Dimension Data). McKinsey Insights shows that effective customer journeys are impactful: increase revenue by up to 15%, boost customer satisfaction by up to 20%, and turn predictive insight into customers’ needs by up to 30%. The issue isn’t that companies fail to understand the importance of the customer experience (CX). The problem is that over half of companies today fail to grasp what is arguably the single most important driver of a successful CX strategy: organizational alignment.

This isn’t to say that companies aren’t taking the necessary steps to strengthen their CX strategies. Looking back five years ago, 92% of organizations were already working to integrate multiple interaction channels—call it multi-channel, omnichannel, digital transformation—to deliver more consistent, contextualized experiences. The needle is moving in the right direction. However, companies will find themselves in a stalemate if they limit the customer experience to the contact center.

Customer Experience is the Entire Brand Journey

That’s right, the customer experience is NOT about the contact center. In fact, it never was. The customer experience is instead about seamlessly supporting consumers across their entire brand journey regardless of where, when, how and with whom it happens. This means supporting not just one business area (i.e., the contact center), but the entire organization as one living, breathing entity. This means supporting not just one single interaction, but the entire experience a customer has with a company from start to—well, forever. After all, the customer journey never truly ends.

Are companies ready for this future of the customer experience? Perhaps not: 52% of companies currently don’t share customer intelligence outside of the contact center, according to Deloitte.

Executives are planning for not only contact channels to expand but most are expecting these interaction journeys to grow in complexity. It’s clear that a contact-center-only structure doesn’t cut it anymore. At today’s rate of growth and change, it’s easy to see how a CX strategy can miss the mark when the entire customer journey is being limited to the contact center. Imagine how much stronger a company would perform if it supported the customer experience as the natural enterprise-wide journey it is? A journey where interactions take place across multiple channels and devices, unfolding across multiple key areas of business (i.e., sales, HR, billing, marketing)?

Imagine, for instance, a hospital immediately routing an outpatient to the travel nurse who cared for him last week, although she is now on the road to her next location. Imagine a bank being able to automatically route a customer to a money management expert after seeing that the last five questions asked via live chat were about account spending. Imagine a salesperson knowing that a customer attended a webinar last week on a new product launch and had submitted three questions—all before picking up the phone. Imagine a retail store associate knowing you walked in and that you were searching online for formal attire.

Contextual Awareness is Critical

Today’s CX strategy is no longer about asking the right questions: it’s about having the right information at the right time to drive anticipatory engagement. It’s no longer about being able to resolve a customer issue quickly. It’s about building an authentic, organization-wide relationship based on contextual awareness. In short, this means companies being able to openly track, measure, and share customer data across all teams, processes, and customer touch points. This ability either makes or breaks the CX today.

So, are you near the breaking point? Consider that nearly 40% of executives say their agents’ top frustration is that they can’t access all of the information they need. Less than 25% of contact centers today enjoy full collaboration on process design with their entire enterprise. Connected customer journeys and the overall CX are now top areas of focus as most organizations support up to nine channel options. CX will encounter a dramatic shift of reimagined customer engagements that will be able to incorporate technologies such as artificial intelligence, IoT, analytics, and augmented reality and virtual reality.

The bottom line is this: organizations must support an enterprise-wide customer journey to support the future of the CX now! They must share contextual data inside and outside of the contact center, and they need seamless and immediate access to that data anytime, anywhere, under any given circumstance. Above all, organizations need the right architectural foundation to support this anytime, anywhere ecosystem—otherwise, even their best moves will always result in a draw.

Get out of the Queue: Drive Your CX with Attribute Matching

At this point, nearly every company is working overtime to realign around two simple words: customer experience (CX). So much so that nearly 90% of companies now compete solely on CX—a drastic increase from 36 % in 2010—and 50 % of consumer product investments are expected to be redirected to CX innovations—like attribute matching—by the end of this year.

But what exactly does the CX consist of, especially in today’s new world of digital business innovation? This next-generation CX is supported by several advanced technologies—big data analytics, omnichannel, automation—however, these investments are all aimed at driving one thing: contextualization.

The rise of contextualized service—the ability for companies to not only gain insightful information about their customers but also deliver information in a way that is relevant and meaningful to customers based on individual circumstances to improve their experience—has evolved the CX to a point where it looks virtually nothing like it did as recently as 10 years ago. Whereas consumers once primarily focused on the act of purchasing, driven by such things as product quality and price, they now focus on the richness of brand relationships, driven by the personal value that companies deliver throughout the customer journey. Just consider that 70% of buying experiences are now based on how customers feel they are being treated. This is the key factor that sets apart market leaders like Amazon, Trader Joe’s, and Apple from the competition.

According to Accenture, there is an estimated $6 trillion in global revenue up for grabs due to dissatisfied customers constantly switching providers. The ability for companies to offer contextualized service is vital for operating at the speed of the consumer and capturing more of this market share. There’s just one thing preventing companies from seizing this limitless potential: the traditional call queue.

Every customer is familiar with the call queue. This is the place where statements like, “Your call is important to us. Please continue to hold,” and “Let me transfer you to a specialized team who can help you with that” perpetually live. It’s where exhaustive efforts to route customers to the correct service rep become lost, or where consumers must repeat the same information to multiple agents across different teams. It’s the greatest barrier preventing companies from being more dynamically connected to their consumers, and one of the greatest reasons why customers reduce their commitment to a brand.

Driving Contextualization with Attribute Matching

In a world where customers demand a profound level of connection and transparency, organizations can no longer support a contact center environment in which calls are distributed among agents who are organized by function (i.e., sales, service, support). In today’s smart, digital world, companies must transform the traditional call center into an integrated, digital communications hub. This means moving away from a siloed, metric-driven queue and instead working to put customers in touch with the best organizational resource depending on their exact need or circumstance as immediately as possible. The most effective way to achieve this is to migrate from archaic infrastructure towards an integrated, agile, next-generation platform built on open communications architecture.

Open communications architecture allows organizations to seamlessly collect, track and share contextual data across various teams, processes, and customer touch points. This integrated environment supports a real-time data repository from which businesses can pull from to route customers based on needs beyond traditional characteristics (like language preference). Rather, the technology allows companies to build customized learning algorithms that drive anticipatory engagement, enabling them to match customers based on next-level variables like personality, emotion and relatability.

Imagine, for example, a hotel routing a customer directly to an IT staffer after seeing that the person tweeted about a poor in-room Wi-Fi connection. Imagine a bank being able to route a customer to a money management expert after seeing that the last five questions asked via live chat were about account spending. Imagine an athletic apparel company matching a customer with an agent who is an avid runner after noticing that the individual recently signed up for a 5K.

The future of the CX means creating and continually building a contextualized view of customers throughout their entire brand journey. It means going beyond customer service to establish unparalleled, organization-wide relationships. It means transforming peoples’ lives, verses simply answering questions. This is what companies must work to align themselves with. The good news is that technology has evolved to a point where they can now easily, effectively and cost-efficiently do so.

Interested in learning more or getting beyond the queue to Redefine Your Customer and Employee Experiences? Contact us. We’d love to hear from you.