SWATting – Is the 911 Network Secure?

This Avaya CONNECTED Blog
is also available as an MP3 Audio File


Over the past several years a recurring theme on this podcast, and unfortunately in the news, is the practice of “swatting”. Swatting is when a caller places a call to a 911 center with the intention of invoking a SWAT team response to their intended victims location. Many times this is done out of revenge, or a poor joke, but in either case it can be a costly and highly dangerous situation for both police response teams, as well as the intended SWAT victim.

But just how do these young hackers exploit the 911 system? Is there a security hole in the network that needs to be plugged? Fortunately, there isn’t a hole in the system, nor is there a secret backdoor that is been breached by telephone hackers. The system is operating as designed, and the perpetrators are simply manipulating their caller ID thereby “fooling” the system.

Back in my teenage days, caller ID didn’t exist, providing complete anonymity when making a telephone call. When the phone rang, you had no idea who is going to be on the other end. But that all changed in the mid-80s when caller ID became an option in most major cities, and now is a widespread feature available just about anywhere. In fact I would be surprised to find an area where caller ID was not offered by the local CLEC or ILEC.

For the most part, caller ID spoofing requires some level of control within the network, as on regular telephones, the caller ID is not actually transmitted by the device, nor is it possible to send outbound caller ID on an analog POTS circuit. For the originating device to send custom caller ID, a primary rate interface or basic rate interface with a D channel would be required.

Since many do not have a digital circuit, or a PBX or telephone capable of generating custom caller ID, most telephone phone phreaks resort to services such as Spoofcard. The way Spoofcard works, is that you make a call to an access number, and then enter the destination number that you would like to call. The account is managed online where you can provision whatever caller ID number you would like to be displayed at the far end. When the call reaches the terminating central office, a query is made based on the calling line ID number, and the name associated with that number is then displayed to the destination. Fortunately, it’s not quite as easy as that. Even though the caller has masked their telephone number and name to the destination, there is still a telephone record on their originating line to the Spoofcard service, which leaves behind a breadcrumb trail that is very easy for the police or FBI to follow.

With the advent of voice over IP services, the potential pranksters are able to use the Internet to access service providers, which also provide the ability to provision the outbound calling line ID number, and ultimately trigger a name associated with that to whomever you call. Again, even though the breadcrumb trail is not quite as obvious, it certainly is there, and when you look at the level of ethernet forensics being deployed by public safety officials, rest assured, if they go looking for you, they will find you.

Another common practice is to exploit the telecommunications devices for the deaf, or TDD units. Placing a call from these types of devices to national relay services creates a physical firewall between the prankster and public safety. But fortunately, the physical connection of the originating telephone call to the relay service is logged, and can be physically traced.

When I read the full details of many of these swatting attempts, most have telltale signs that public safety is getting very attuned to. For example, many arrive on the administrative lines and not the 911 circuits. There are probably two reasons for this. The first is that the phone phreakers are probably afraid that the administrative PSTN lines are not as advanced as the 911 lines, and they are afforded more anonymity and scrutiny. Although that sounds like a great explanation, in today’s world it’s simply not true. Point-to-point connections made in the PSTN are logged and traceable regardless of the termination type. And although there is no dramatic music and clock ticking away while public safety initiates a trace on the line, those connections can be tracked well after the call was completed.

Getting a SWATting call to land on a 911 line is not impossible, but much more difficult and unpredictable. It typically requires a much higher level of knowledge of the terminating network, and those details are just not easily found out. Even if they are, public safety often changes those details on an ongoing basis to protect against information being made public and usable for any length of time.

Just this past week, LAPD change their policy on these types of calls, where they will no longer publicly acknowledge them when they occur. This is being done in the hopes of reducing the “hacker celebrity status” of the perpetrator. You’ll also notice that several arrests are now being made as public safety understands how the network is being manipulated, and safeguards have been put into place to capture the appropriate data. This is all being done under the auspices of the Communications Assistance for Law Enforcement Act or CALEA (pronounced clee-ah). This is the United States wiretapping law that was passed in 1994 in an effort to enhance the ability of law enforcement and intelligence agencies to conduct electronic surveillance. It also requires telecommunication carriers as well as manufactures of telecommunications equipment to provide built-in surveillance capabilities and wiretap points that allow federal agencies to monitor all communications in real time.

So every seen an end to the continuous SWATting attempts on Hollywood? Probably not. But I will predict a drastic decline in those attempts, as well as an increase in arrests and convictions of those who choose to play this dangerous game. 45 years ago, prank phone calls may have been an amusing game.

“Is your refrigerator running? Then you better catch it!”

This might have given a five-year-old a stomach ache from the belly laughs. Today, reports of hostages and military grade weapons are going to get someone shot, and most likely killed. The obvious question is will next generation 911 make this problem worse?

Although it’s true that more opportunities may be present to initiate a SWATting attack, the standard tools and monitoring inherent in all networks today will make the detection much easier and faster shutting down the origination attempts. With the level of security being deployed in most networks today we easily have the technology to identify and capture those who choose to play.


Want more on E9-1-1?  E9-1-1 Talk Podcast
Subscribe to my weekly E9-1-1 Talk Podcast here

Thanks for stopping by and reading the Avaya CONNECTED Blog on E9-1-1, I value your opinions, so please feel free to comment below or if you prefer, you can email me privately.

Public comments, suggestions, corrections and loose change is all graciously accepted 😉
Until next week. . . dial carefully.

Be sure to follow me on Twitter @Fletch911

Fletch_Sig.png 


CacheFly LogoAPN is Powered by Cachefly
CacheFly is the world’s fastest CDN, delivering rich-media content up to 10x faster than traditional delivery methods. With a proven track record and over a decade’s worth of CDN experience, companies around the world choose the CacheFly CDN for reliable and unbeatable performance. For more information, visit www.cachefly.com

Related Articles:

Join Us in Vegas for the Best Dice Roll Ever! #AvayaENGAGE 2017

There was a time when a handshake meant more than a text, when being in the same room meant more than an email. While advancements in communication have made our ability to interact easier, I believe in-person events are still a unique, positive and necessary way to connect with people.

Over the past several months, we’ve been hard at work bringing our Avaya customer and partner events under one umbrella. Our collective efforts will result in the consolidation of the Avaya Technology Forum, International Avaya Users Group and Executive Partner Forum into the single largest gathering of Avaya users everywhere: Better Together: Avaya ENGAGE 2017. This flagship experience—the only big top event we’ll host in 2017—will let us connect deeply with customers. We’ll start meaningful conversations, communicate with empathy and understanding, and respond to their needs with unique and personalized solutions. (Read my recent blog on the importance of personalization in delivering amazing customer experiences.) I can assure you that these types of impactful, memorable and emotional connections cannot be accomplished in 140 characters or less!

When customers join us this February in Las Vegas—the entertainment capital of the world—they’ll be introduced to a thoughtfully constructed agenda designed to engage, enlighten and empower them to tackle real-world business challenges. But they won’t go through the week alone. Our business leaders and subject matter experts will be on hand to humanize their experiences and guide them through their customer journey every step of the way.

With compelling keynotes from our executive team and close to 100 conference workshops, opportunities to expand knowledge, sharpen skills, and hear best practices from Avaya experts, industry visionaries, partners, and business communication peers will be around every corner.

To give you a taste of what to expect, take a look at some of our keynotes out of #AvayaENGAGE Dubai.

More Than 2,000 Customers Can’t Be Wrong!

#AvayaENGAGE is the definitive Avaya training event. And with the timing of this event now taking place earlier in the year, you can bet there will be more than a few surprises, which means you’ll be at the heart of emerging conversations and discussions with key players in our Avaya ecosystem.

I’m personally looking forward to this event, and I hope you’ll join me in Las Vegas, February 12-15. One of the greatest lessons I’ve learned in my career (and I’ve learned quite a few) is when we partner closely together with our customers and partners, we emerge better and stronger. I expect that outcome from #AvayaENGAGE.

Avaya Predictions for 2017 Services Trends: Top Focus is on Smart Customer-Centric Engagement

Recently, we asked six Avaya services experts to help us reflect on the past year and to peer ahead into 2017. Our panel:

  • Richard English, Managing Director, Avaya Professional Services
  • Camille Lewis, Product Management Director, Avaya Client Services
  • Barbara Sidari, Customer Engagement and Executive Cadence, Avaya Client Services
  • Thomas Brennan, Vice President of global support services, private cloud and managed services delivery
  • Michael Sale, Director Online Engagement, Avaya Client Services
  • Dan Pratt, Senior Director, Business Transformation and Strategy, Avaya Client Services

According to our six experts, our predictions for these 2016 trends proved to be spot on—and they will continue to be a force in 2017:

  • Use of hybrid/private cloud

    will continue to dominate for large enterprises until public cloud providers can demonstrate that compliance to privacy/security regulations such as HIPAA can be achieved. However, Public Cloud is quickly becoming a flexible and effective delivery model for the midmarket.

  • A flexible delivery model

    to achieve growth in modular steps that helps IT maximize ROI and support rapid business scaling has been, and will continue to be, extremely successful. Taking some of the burden off the enterprise enables IT managers to focus on more strategic corporate initiatives.

  • The need for person-to-person human touch

    will continue to rise. It will become critical in 2017 as unassisted support and self-healing systems grow smarter in identifying trends and problems before they happen and engage in machine-to-machine maintenance for resolution. The use of video will be more widely used, providing personalization and higher customer satisfaction.

The panel thinks that 2017 will mean an increasing focus on smart customer centric engagement when it comes to service. In 2017, it’s all about using analytics and even smarter technology to increase customer satisfaction (CSAT) scores, loyalty and revenue—and to achieve a better return on investment.

The Avaya panel sees these three trends emerging in 2017:

  • Transforming legacy systems and increased customer use of omnichannel will streamline the customer journey to increase customer satisfaction, loyalty and revenue.

    For example, many retailers will transform their Contact Centers into profit centers. The shopping experience for their customers starts on the mobile device or web-based applications—retailers want it to end with an order placed. The customer will experience a seamless transition from mobile to voice (or to web chat or video) without having to repeat who they are and what they want to purchase. The agent will already know the value of the customer to their company and will provide a personalized shopping experience.

  • Analytics, Internet of Things (IoT), and big data will enhance the experience of the Customer Journey.

    The predictive and preemptive active workflow will match people to people, machine to machine, as preferred by the customer for maximum satisfaction and profit. For instance, service vendors will use data captured from customer service requests, alarms, outage history, and project volume to identify risks and take appropriate actions to proactively mitigate issues. Utility companies can leverage web-based applications to proactively communicate to customers the status of affected service areas via maps on smart phones, reducing the burden of customers calling the service center to report an outage. Similarly alarm companies will analyze alarms and preemptively fix them before the consumer arrives home.

  • Demand for holistic application service management will grow as siloed and disparate cloud applications shift focus from managing assets in the field to delivering on business processes.

    Enterprises will need a dashboard that provides a single pane view by business process vs CPU performance. The workforce needs to be trained to leverage all the data in a way that includes human touch.

The year 2017 promises to be very exciting as service transforms and demonstrates its value by preemptively fixing issues before they become problems. It is imperative that knowing the customer and providing what they want, as well as the human touch, will become ever more critical in a big data world. After all, it’s all about the customer experience!

What do you see emerging in 2017? Drop me a note at sithomso@avaya.com

Avaya’s 2017 Tech Trends to Watch: the Distinguished Dozen

With the Age of Intelligence fully underway, 2017 is destined be a landmark year for mobility, data and very cheap hardware. Here are Avaya’s 12 trends to watch in 2017 and the impacts they could have on life as we know it.

  1. Customers and business executives demand one-click collaboration on all devices.

    For decades, contact center agents have quietly dealt with cobbled together desktops that force them to click through as many as 18 different applications during one customer service call. The notion of one-and-done (one phone call, no transfers, problem solved) in the contact center isn’t always true from an agent experience perspective. Mobile employees, on the other hand, don’t have the same level of patience or tolerance, especially going into 2017.

  2. The rise of Communications Platform as a Service (CPaaS) in recent years is enabling businesses to utilize the cloud to embed foundational team engagement functions such as IM, presence, and click-to-call into cloud applications. With these functions just a click away, mobile employees can be more productive than ever. No more time spent searching for a meeting invite, opening the invite, clicking on a link, entering a passcode—all of which are doable on a mobile phone but create a cumbersome experience. The functions can be embedded into and then launched from within a cloud-based CRM application such as salesforce.com, making the experience from any device much more efficient and simply better.

    The CPaaS market in 2015 was valued at $400 million and is expected to reach $8.1 billion in 2019. The one-and-done, click-to-collaborate generation of mobile employees is here to stay.

  3. A CIO and a CMO walk into a bar….

    CIO vs. CMO is no longer a battle, it’s on its way to becoming the most strategic partnership in the c-suite. With the ease and free availability of cloud applications throughout the recession, CMOs and their scrappy marketing teams tasked with building sales funnels to drive business with little to no budget learned quickly the power of the cloud. Cloud-available marketing tools and applications that were free to download and trial for a limited time enabled the marketing department to easily bypass the CIO as they built out their cloud-based toolkit and efficient processes. When the time came to begin having budget discussions again, the CMO had results-driven use cases that provided a solid argument for the marketing department to be awarded a good chunk of the IT budget.

  4. That was 2010. This is 2017.

    Now, with customers and employees using a variety of mobile channels to communicate with enterprises and engage teams of people to get work done, the value of communications is more noticeable than ever, as is the CMO’s influence on IT purchases. But with the growing enterprise security concerns coupled with the need for real-time, pervasive analytics that are everywhere across the enterprise, it’s time for a truce.

    The CMO can no longer rebel alone but the CIO can also no longer be the sole purveyor of all things IT. By partnering and gaining a greater understanding and appreciation for each other’s roles and objectives, these two technology-driven leaders have the opportunity to redefine how business gets done when real time, contextual communications and quality of user experience are at the forefront of all IT purchase decisions.

  5. Internet of Everything causes segmentation to combat ransomware.

    Ransomware can prevent the user from using their computer and accessing data. The computer and its data are held “hostage,” under complete control of a hacker, until a ransom is paid to the hacker. What happens when the computer is a glucose monitor? Or wireless ultra sound monitor? Or a pacemaker? The Medical Internet of Things has become just another vast playground for hackers to manipulate with the intent to profit. Unlike a company’s enterprise infrastructure or a smart phone, when hackers break into medical devices, lives are literally at stake, which drives up the ransom that can range from hundreds of dollars to thousands to regain access to a computer, network and/or files.

  6. Any Internet of Things poses a huge security risk, more so than the average computer on a network. Most objects in the new connected world are developed with minimal security features making them very vulnerable endpoints. It’s incumbent upon the network to provide the utmost level of security needed for each object: Enter segmentation.

    Network segmentation separates the network into secure zones that allow IoT devices to be separated from standard IT devices and applications. If an IoT device is hacked, it’s only the devices in that zone that are threatened. The zone and its contained devices are easily identifiable for immediate reaction to the security breach.

  7. Financial industry to drive innovation as financial customer experience goes mobile.

    Mobile is not just a form factor, it is a different experience. Mobile financial services are becoming more context-aware and going beyond replacing the basics you can do on a web site. While the mobile, financial services customer experience has been cumbersome and time-consuming with passwords, codes and security questions, advances in context-aware computing will enable the mobile customer experience to be on par with other mobile experiences.

  8. Biometric technologies such as voice authentication, fingerprint and facial recognition are ready for prime time and banking institutions are ready. Barclays was one of the early adopters of voice authentication. Executives at Barclays report that customer satisfaction has improved significantly with the simple acknowledgement that many of their customers wanting mobile experiences and providing a secure option.

    With context-aware computing for banking, financial and insurance on target to grow from $3.25 billion in 2013 to $13.8 billion in 2018, 2017 is shaping up to be a very pivotal year for mobile customer experience in financial services.

  9. Blockchain goes mainstream.

    Blockchain is not just for cryptocurrency anymore. In fact, most of blockchain deployments will be in the security and fraud areas, and expect fintech to massively use it. It will also change how payments are made.

  10. Blockchain is the underpinning technology of digital currency bitcoin. Today, more than 40 top financial institutions and companies across a number of industries are testing this distributed ledger technology as a trusted way to track the ownership of assets without the need for a central authority. This could speed up transactions and cut costs while lowering the chance of fraud.

    Considering the rise in security hacks and fraud cases worldwide, this is an important step for fintech (A term that is applied to a segment of start-ups that is developing truly disruptive technology such as mobile payments, money transfers, loans, asset management). Typically any technology experimented with by fintech is destined to trigger a cultural shift, driving permanent change to our daily lives.

  11. The team collaboration battle heats up.

    Reaping the benefits of team engagement and collaboration has been a struggle with siloed applications for content creation and sharing, project management, document management, and real time interactions. But when the results of using these tools show an increase in productivity is up to almost 13% and 97% of businesses say they use these tools to better serve their customers more efficiently, the hope for collaboration nirvana is still very much alive.

  12. In 2017, we will see more opportunities for businesses to redefine their team engagement workflows and improve their productivity with a single platform containing a family of intelligently integrated collaboration applications. “Silos be gone” will be the battle cry of those seeking true team engagement and collaboration tools, and their cries will finally be answered.

  13. Big data analytics 3.0 creates demand for skilled work force, practical uses.

    Enterprise IT adoption of big data analytics grows and creates demand for services. While machine learning can yield enormous benefits, data scientists will still be needed to understand what to model and improve. Machines are good at manipulating huge data sets, which people handle with difficulty. People are good at understanding causality, which an area machines struggle with.

  14. Who are these masters of data? Harvard Business Review reported that data scientist is the sexiest job of the 21st That article appeared in 2012. Today, the need for data scientists is greater than ever because the amount of data being generated is greater than ever and growing. Add to that, the fact that machines are smarter but still need supervision and guidance, it’s clear that the demand for data scientists is not going away. Companies need these scientists who are not only curious about “what if,” but also have the skills and knowledge to analyze thousands of petabytes of data that reside in all forms of rows and numbers, and can mashup data to analyze it in a way never imagined.

    In 2017, with the tremendous increase in data needing analyzed, more companies will begin training data-focused employees to become the skilled data scientists that are greatly needed.

  15. ID please.

    Business and consumer demand for apps on devices continues to drive the need for security and strategies for managing information. Beyond securing big data is the additional need of securing identity data.

  16. Identity data is different than the data consumers are accessing when engaging with apps. With the number of apps growing faster than the number of people, securing identity data on each and every app is an added consideration for companies developing apps as well as companies selectively utilizing apps for customer engagement.

    As companies continue their efforts to digitally transform in 2017, this process will shine an even brighter spotlight on the need for modernizing security, in particular identity access management systems. Companies must abandon their legacy identity security tools and begin deploying new systems that are highly scalable and equipped with high-end encryption enable a high quality user experience as well as the best security.

  17. Customer service scores take on new importance.

    Poor quality costs businesses billions each year. IT managers must focus on culture, analytics, and best practices to reduce risk and losses. Peer reviews, social media posts will be analyzed integrated in real time in customer experience strategies, as opposed to being reviewed periodically. Like high frequency trading changed the brokerage industry, high frequency customer segmentation will create new revenue opportunities for the innovators.

  18. The ability to segment customers enables companies to identify specific areas of interest, likes, and dislikes—and plan communications strategies that are then customized, more personalized and therefore, more likely to be accepted, not rejected. The ongoing challenge is that consumer choice and always-on access to multiple choices has changed how consumers think and react to information and buying opportunities. Consumers, led by the millennial generation, are more open to trying new things, seeking alternative choices.

    Add to this, the growing need for speed and sense of urgency, and obtaining and then maintaining high levels of customer satisfaction no longer has little to nothing to do with brand loyalty. Rather, it has to do with how quickly a company can become aware of when a customer tries something new and different, and then segment that customer accordingly.

    In 2017, the opportunity for real-time predictive analytics in the main customer service touch point, the contact center, is now. As customer segmentation must be done faster and in real time, so must the analysis of all the real-time customer data. With digital transformation knocking down siloes across the enterprise, the contact center’s ability to gain access to real time customer data and gain predictive incite to create better, relevant customer experiences is more real than ever.

  19. Looking for a driverless ride?

    Future generations will not have to take driver’s education. With its low-latency, high performance, ultra-reliable capabilities of the 5G mobile network is the ability for telecommunications companies to power machine-type innovations. This is the network that has the greatest capacity for enabling self-driving cars and the Internet of Things. The 5G is expected to be widely available by 2020.

  20. More than two dozen corporations are already working on self-driving cars from Google, to Apple, to Bosch, to Mercedes, to Tesla. General Motors has made two significant acquisitions in this area—Sidecar’s assets and Cruise Automation—and invested $500M in Lyft. The American auto manufacturer plans to have self-driving taxis ready for testing with Lyft in 2017.

    With safety being the number one priority for the companies doing the research and development as well as the regulators, the current expectation is that autonomous cars will be generally available by 2025.

    It’s quite possible that kids born as recent as 2010 will not have to take driver’s education. No more Driving Miss Daisy, she’ll be able to have her own ride all to herself.

  21. Drone dreaming goes sky high.

    Drones are one of the most popular new forms of information gathering available. Surveillance, public safety, agriculture and inspection are the use cases transforming drones from a high-flying hobby to a strategic business improvement and communications application.

  22. Similar to autonomous cars, drone performance is expected to excel with wider availability of the fifth generation mobile network. Whether equipped with video cameras to transport real-time, live video and images from a disaster back to public safety officials, or a fleet of drones conducting a crop survey, or a building or oil rig inspection, drones provide the missing, middle-ground view between satellite imagery and ground-level.

    For enterprises, the opportunities to incorporate drone technology into business communications and re-imagine traditional industries is very real. Price Waterhouse Coopers reported that the commercialization of drones in vertical industries ranging from construction to insurance could lead to a $125B disruption. The expectation is that drones can improve business with new found operational efficiencies as well a capital expenditure improvements not previously ever envisioned, let alone realized.

  23. A robot and a human walk into a bar…?

    When the use of robots, also known as artificial intelligence, in the workplace to improve productivity and save companies money initially made headlines decades ago, primarily for assembly line work, redundant tasks. The reality was that the technology wasn’t mature enough to act without human intervention. The attitude of the average person was: Leave working with robots to the scientists and Hollywood, why would I ever interact with a robot?

  24. Enter the Age of Intelligence. Perhaps a more appropriate description here is the Age of Technological Maturity and Acceptance. Robots and average people have matured enough to co-exist. Technology has reached the point where it is proven that robots can be programmed to perform tasks with 100% or better accuracy. The simplicity of the user experience, whether programming or interacting with a robot, has made the use of robots something the average person can not only relate to, but in 2017, will find they can’t live without.

    In various industries such as health sciences, military and public safety, robotics and automation are improving human lives. In the most digitally advanced hospitals, robots are helping reduce the risks of infections of workers by disinfecting patient and operating rooms. They are programmed to work in labs to draw blood, dispense medications, deliver meals, all while moving among people using elevators and automatic doors.

    Looking at military and public safety, human first responders and human-operated responders are working together. Using a robot to enter a highly dangerous area such as a burning building to look for survivors, investigate a bomb threat, enter a hazardous waste spill or investigate a hostage situation are scenarios where more human lives are saved.

    Will a robot and a human ever walk into a bar in 2017? Princess Leia would certainly want us to believe it’s possible.

Looking Ahead

As the above trends come to fruition in 2017 in various ways, so will the need for IT teams to be ready for change.

Change is inevitable in every company in order to survive as evidenced by the number of digital transformation projects going on in companies of all sizes worldwide. Add to this the fact that traditional industries will continue to be disrupted, the need for change is greater than ever.

In 2017, IT organizations will be challenged more than ever to keep up with ongoing change while balancing the need for greater security with the ability to deliver secure change with a sense of urgency.

Review our eBook of Avaya’s 2017 Technology Trends anytime.