SWATting – Is the 911 Network Secure?

This Avaya CONNECTED Blog
is also available as an MP3 Audio File


Over the past several years a recurring theme on this podcast, and unfortunately in the news, is the practice of “swatting”. Swatting is when a caller places a call to a 911 center with the intention of invoking a SWAT team response to their intended victims location. Many times this is done out of revenge, or a poor joke, but in either case it can be a costly and highly dangerous situation for both police response teams, as well as the intended SWAT victim.

But just how do these young hackers exploit the 911 system? Is there a security hole in the network that needs to be plugged? Fortunately, there isn’t a hole in the system, nor is there a secret backdoor that is been breached by telephone hackers. The system is operating as designed, and the perpetrators are simply manipulating their caller ID thereby “fooling” the system.

Back in my teenage days, caller ID didn’t exist, providing complete anonymity when making a telephone call. When the phone rang, you had no idea who is going to be on the other end. But that all changed in the mid-80s when caller ID became an option in most major cities, and now is a widespread feature available just about anywhere. In fact I would be surprised to find an area where caller ID was not offered by the local CLEC or ILEC.

For the most part, caller ID spoofing requires some level of control within the network, as on regular telephones, the caller ID is not actually transmitted by the device, nor is it possible to send outbound caller ID on an analog POTS circuit. For the originating device to send custom caller ID, a primary rate interface or basic rate interface with a D channel would be required.

Since many do not have a digital circuit, or a PBX or telephone capable of generating custom caller ID, most telephone phone phreaks resort to services such as Spoofcard. The way Spoofcard works, is that you make a call to an access number, and then enter the destination number that you would like to call. The account is managed online where you can provision whatever caller ID number you would like to be displayed at the far end. When the call reaches the terminating central office, a query is made based on the calling line ID number, and the name associated with that number is then displayed to the destination. Fortunately, it’s not quite as easy as that. Even though the caller has masked their telephone number and name to the destination, there is still a telephone record on their originating line to the Spoofcard service, which leaves behind a breadcrumb trail that is very easy for the police or FBI to follow.

With the advent of voice over IP services, the potential pranksters are able to use the Internet to access service providers, which also provide the ability to provision the outbound calling line ID number, and ultimately trigger a name associated with that to whomever you call. Again, even though the breadcrumb trail is not quite as obvious, it certainly is there, and when you look at the level of ethernet forensics being deployed by public safety officials, rest assured, if they go looking for you, they will find you.

Another common practice is to exploit the telecommunications devices for the deaf, or TDD units. Placing a call from these types of devices to national relay services creates a physical firewall between the prankster and public safety. But fortunately, the physical connection of the originating telephone call to the relay service is logged, and can be physically traced.

When I read the full details of many of these swatting attempts, most have telltale signs that public safety is getting very attuned to. For example, many arrive on the administrative lines and not the 911 circuits. There are probably two reasons for this. The first is that the phone phreakers are probably afraid that the administrative PSTN lines are not as advanced as the 911 lines, and they are afforded more anonymity and scrutiny. Although that sounds like a great explanation, in today’s world it’s simply not true. Point-to-point connections made in the PSTN are logged and traceable regardless of the termination type. And although there is no dramatic music and clock ticking away while public safety initiates a trace on the line, those connections can be tracked well after the call was completed.

Getting a SWATting call to land on a 911 line is not impossible, but much more difficult and unpredictable. It typically requires a much higher level of knowledge of the terminating network, and those details are just not easily found out. Even if they are, public safety often changes those details on an ongoing basis to protect against information being made public and usable for any length of time.

Just this past week, LAPD change their policy on these types of calls, where they will no longer publicly acknowledge them when they occur. This is being done in the hopes of reducing the “hacker celebrity status” of the perpetrator. You’ll also notice that several arrests are now being made as public safety understands how the network is being manipulated, and safeguards have been put into place to capture the appropriate data. This is all being done under the auspices of the Communications Assistance for Law Enforcement Act or CALEA (pronounced clee-ah). This is the United States wiretapping law that was passed in 1994 in an effort to enhance the ability of law enforcement and intelligence agencies to conduct electronic surveillance. It also requires telecommunication carriers as well as manufactures of telecommunications equipment to provide built-in surveillance capabilities and wiretap points that allow federal agencies to monitor all communications in real time.

So every seen an end to the continuous SWATting attempts on Hollywood? Probably not. But I will predict a drastic decline in those attempts, as well as an increase in arrests and convictions of those who choose to play this dangerous game. 45 years ago, prank phone calls may have been an amusing game.

“Is your refrigerator running? Then you better catch it!”

This might have given a five-year-old a stomach ache from the belly laughs. Today, reports of hostages and military grade weapons are going to get someone shot, and most likely killed. The obvious question is will next generation 911 make this problem worse?

Although it’s true that more opportunities may be present to initiate a SWATting attack, the standard tools and monitoring inherent in all networks today will make the detection much easier and faster shutting down the origination attempts. With the level of security being deployed in most networks today we easily have the technology to identify and capture those who choose to play.


Want more on E9-1-1?  E9-1-1 Talk Podcast
Subscribe to my weekly E9-1-1 Talk Podcast here

Thanks for stopping by and reading the Avaya CONNECTED Blog on E9-1-1, I value your opinions, so please feel free to comment below or if you prefer, you can email me privately.

Public comments, suggestions, corrections and loose change is all graciously accepted 😉
Until next week. . . dial carefully.

Be sure to follow me on Twitter @Fletch911

Fletch_Sig.png 


CacheFly LogoAPN is Powered by Cachefly
CacheFly is the world’s fastest CDN, delivering rich-media content up to 10x faster than traditional delivery methods. With a proven track record and over a decade’s worth of CDN experience, companies around the world choose the CacheFly CDN for reliable and unbeatable performance. For more information, visit www.cachefly.com

Related Articles:

A Prison Partnership That’s Changing Lives with Intention and Compassion

As someone who passionately advocates for female empowerment and corporate social responsibility (CSR), you can imagine my excitement when I was invited to visit the Phoenix-based contact center of B2B lead generation agency Televerde. I had been familiar with Televerde as a sales and marketing solutions company, but I soon found out it’s so much more. Four of Televerde’s five contact centers in Phoenix are employed entirely by women incarcerated at Perryville-Arizona State Prison Complex. Here’s what I experienced during my recent visit.

Stepping Inside a Prisoner-Run Contact Center

The unsettling experience of entering a prison complex was immediately brightened by the smiling faces of Televerde’s contact center employees. Behind these smiles were infectious personalities, positive outlooks and ambitious attitudes that permeated the four walls of the facility. Underneath each woman’s classic orange jumpsuit was a deep propensity for learning, the kind that many organizations now consider their “steel bridge.”

Keeping this in mind, it didn’t surprise me to learn that 25% of these women continue to work with Televerde after they’re released from prison. Even more impressive, about half of Televerde’s Phoenix corporate office employees came from Perryville. Working in departments like IT, marketing, finance and HR, these women are qualified and educated with a GED at minimum. In fact, with Televerde’s support, numerous ladies have gone on to complete their bachelor’s and master’s degrees, and one Televerde alumna received her M.B.A. at Arizona State University and now heads the customer service organization, globally.

In conjunction with the two contact center managers appointed by Televerde to supervise the facility, these women were clearly helping to successfully run the operation. As I observed the contact center in action, I could see one woman acting as head of training. Another worked as a sales primer. These women were writing scripts, handling calls and managing data just like any other organization. They engaged in friendly conversations before starting their shifts. Each employee worked fluently and expertly in what looked like any other call center in the world.

TELEVERDE

I had the privilege of sitting down and speaking with these incredible women, where I learned more about who they were and how they came into this business. Each woman met Televerde’s work eligibility requirements: a sentence of 10 years or less for a non-violent crime, a specific level of phone articulation and personality skills, and at least six weeks of training. Each woman is paid a minimum wage for eight-hour shifts. In addition to training, Televerde supports these women by offering educational opportunities, mentorship, and career building skills as they transition out of prison.

It didn’t take long for me to see that this group of women had profound ideas about business, social responsibility, and female empowerment. Each of the women I sat with had far-reaching career goals. They desired to excel by continually developing their interpersonal and technology skills. They had countless questions about how to launch a career in STEM (science, technology, engineering and math). As a female CMO working in the male-dominated tech industry, I was honored to help these women develop a foundation upon which they could continue to build.

Getting to the Heart of Operations (Literally)

My experience at the Perryville-Arizona State Prison Complex can be summed up in one question an employee asked during our group conversation: “Did your impression of us change when you came in and saw us in our jumpsuits?”

These dedicated women were noticeably concerned about what others thought of them. They wanted to be accepted and respected, despite the poor decisions they’ve made in the past. Televerde reminds these women daily that just because they’ve made poor choices doesn’t mean they are bad people. The organization’s unique rehabilitation and education model allows us to see ourselves in these women. In showing compassion, empathy and respect, Televerde pulls back the curtain to reveal who these women really are. They are indeed convicts, but they are also part of the 14 million Americans who desire a full-time job. They’re flourishing members of today’s growing labor market. They’re hard-working, forward-thinking individuals who simply arrive to work in a different uniform than you and I do.

The benefits of this movement are astronomical. Televerde is helping to actively lower the rate of jobless individuals with a prison record, which is currently as high as 60%. The organization is empowering women by helping them determine what kind of leaders they want to be as they work to complete their sentences. The brand is reversing the psychological effects of U.S. penitentiaries that drive so many back to prison. Above all, however, Televerde’s mission serves as a critical reminder of the things we all must be constantly aware and in pursuit of: compassion, intention, kindness and respect.

TELEVERDE

We hear how companies need to go above and beyond for their customers, staff and communities at large. To me, there’s no better way to do this than by showing compassion and respect as an organization. Despite today’s rapid pace of innovation, the best way to connect and drive change is to simply be human. Imagine the profound global impact of more organizations understanding and embracing this sentiment. At the end of the day, we’re all in need of some help. We’re all in this together.

When it comes to corporate social responsibility, Televerde is walking the talk. For that, I give the brand a standing ovation. Learn more about Televerde’s mission.

3 CX Stats That May Change How You Think About Digital Transformation

Technologies like Artificial Intelligence, automation, big data, and the Internet of Things have made digital transformation an absolute necessity for organizations. With people, processes, services and things more dynamically connected than ever, companies are feeling relentless pressure to digitize, simplify, and integrate their organizational structures to remain competitive.

But there’s a big hole in the fabric of most digital transformation (DX) plans: the customer experience (CX). The problem isn’t that companies fail to understand the importance of the CX in relation to digital transformation. Rather, most fail to understand their customers well enough to envision a truly customer-centric, digitally-transformed environment. Just consider that 55% of companies cite “evolving customer behaviors and preferences” as their primary driver of digital change. Yet, the number one challenge facing executives today is understanding customer behavior and impact.

A massive part of digital transformation involves building a CX strategy, and yet customer centricity remains a top challenge for most. In fact, I encourage you to be your own customer within your organization. Walk in your customers’ shoes, contact your organization as your customers would. What was your web experience? Was the expert knowledgeable during a chat conversation? How well did the mobile app work for you? Did you have a connected experience? Given your experience, how brand-loyal would you be to your organization?

Here are three statistics that will get you rethinking your CX strategy in relation to digital transformation:

  1. 52% of companies don’t share customer intelligence outside of the contact center. In other words, over half of companies are limiting the customer journey to the contact center even though it naturally takes place across multiple key areas of business (i.e., sales, marketing, HR, billing). Businesses must ensure customers are placed with the right resource at the right time, whether it’s in a contact center or non-contact center environment. The key is being able to openly share customer data across all teams, processes and customer touchpoints.
  2. 60% of digital analytics investments will be spent on customer journey analytics by 2018. Customer journey analytics—the process of measuring the end-to-end customer journey across the entire organization—is critical in today’s smart, digital world. Companies are rapidly investing in this area to identify opportunities for process improvement, digitization, automation and, ultimately, competitive differentiation.
  3. 60% of customers change their contact channel depending on where they are and what they’re doing. This means organizations must focus less on service and more on contextual and situational awareness. Businesses must work to create a seamless experience—regardless of device, channel, location or time—supported by customer, business and situational context captured across all touchpoints.

The CX should influence every company’s digital transformation story. For more tips, insights, and impactful statistics check out our eBook, Fundamentals of Digital Transformation. Let me know what you think. We look forward to hearing from you.

What It Takes to Be a Technology Leader in an Evolving Digital World

The definition of a leader varies greatly, especially in business. From my perspective a leader is defined by their ability to pivot and adapt to the evolution of a market. Like many companies today, Avaya, its customers and partners are riding the often daunting—yet consistently exciting—wave of digital transformation of the enterprise. As a technology leader, Avaya is not only pivoting and adapting to this new environment for itself, but pivoting and adapting our services and solutions to enable its customers and partners to thrive during their own transformations.

Unlike many of our competitors, digital transformation is something we saw coming years ago. We recognized right away that it wasn’t a passing fad but something that could truly transform how business gets done, with communications playing the most important role. We knew that for us to be successful, we would need to focus on transforming ourselves first so that our customers and partners could learn and benefit from our experiences, our lessons learned. During our own transformation, we gained that extra insight that we were able to leverage in the development of truly transformational solutions and services.

As we drove our own multi-year transformation, we also maintained our global market share leadership position in Contact Center. According to Canalys research, we hold more than 34% of the market, which is almost greater than the No. 2 and No. 3 competitors combined. No technology leader gets to claim this size of market share without making its customers a priority.

Last month for example, we hosted a private event in New York as part of our Future of Communication Experience series. The purpose was to update and inform specially invited customers about our portfolio roadmap and vision. We encouraged them to come with questions and to be prepared to have real, in-depth conversations about the challenges they’re facing during their own transformations. As always, it was a great experience for the customers and Avayans in attendance. Overall, customers from world-leading payment brands, to high-end retail chains, to players in the automotive industry said that they are very optimistic, confident and excited about what we have to offer today and what we have planned for the future. And next month we will be in Mexico City for our twelfth consecutive year with 3,000 Avaya customers and partners from all over the Americas. This is the largest customer and partner event we do all year.

In particular, two of the solutions our customers are most excited about are Avaya Oceana™ omnichannel contact center and Avaya Breeze™ development platform. These same solutions were recently touted as visionary by a global analyst firm as part of its latest Magic Quadrant ranking.

Avaya Oceana, which was launched last year, adds advanced multi-channel functionality to our own contact center solutions, such as Avaya Aura® Call Center Elite voice platform and Avaya Aura® Contact Center. It also integrates with third-party automatic call distribution solutions, as well as offering advanced reporting and customer journey mapping capabilities through Avaya Oceanalytics™ insights. Specifically, we have been told by analysts that Oceana’s new approach to routing—which is attribute matching so that it includes data consideration and customer journey mapping—is something our competitors simply can’t offer.

The Avaya Breeze platform, which Avaya Oceana was built upon, enables users to be flexible when responding to the ever-evolving digital marketplace. It has garnered industry recognition for its ability to enable developers to quickly create unique communications-enabled contact center applications and workflows for within and beyond the enterprise—with little or no development required and nearly instant deployment. We are seeing customers use Avaya Breeze to create unique applications tailored to their specific business and communications needs.

According to Irwin Lazar, Vice President and Service Director at Nemertes Research, “More than half of the companies are using or planning to use APIs to embed communications capabilities into their apps, while another 25% are looking at using them to build custom apps. Platforms like Avaya Breeze offer organizations the ability to deliver enhanced business value and execute on their digital strategies by integrating communications and collaboration into workflows, business processes and existing applications.”

These solutions are just the tip of the iceberg for Avaya. We are a long-standing industry standard with a significant global footprint. We are focused on continuing to expand and develop our solutions to meet the needs of our growing global customer base, with more than 5,400 patents awarded and pending, including foreign counterparts.

Our strong service provider and system integration partnerships around the world enable us to meet the needs of a wide variety of organizations, both large and midsize. We’ve received industry recognition for our strong Contact Center integration solutions.

Our continued strength in the industry is evident by our 300,000 customers worldwide. In fact, the top 10 largest banks worldwide are running Avaya solutions and 90% of Fortune 100 companies are Avaya customers.

At Avaya, we are re-imagining the industry, bringing visionary products and solutions to market, and enabling our customers to digitally transform their businesses with ease. I am excited and proud of our ability to continue to evolve, pivot and adapt to the changing business communications world. After all, that is the responsibility of a leader.