SWATting – Is the 911 Network Secure?
This Avaya CONNECTED Blog
is also available as an MP3 Audio File
Over the past several years a recurring theme on this podcast, and unfortunately in the news, is the practice of “swatting”. Swatting is when a caller places a call to a 911 center with the intention of invoking a SWAT team response to their intended victims location. Many times this is done out of revenge, or a poor joke, but in either case it can be a costly and highly dangerous situation for both police response teams, as well as the intended SWAT victim.
But just how do these young hackers exploit the 911 system? Is there a security hole in the network that needs to be plugged? Fortunately, there isn’t a hole in the system, nor is there a secret backdoor that is been breached by telephone hackers. The system is operating as designed, and the perpetrators are simply manipulating their caller ID thereby “fooling” the system.
Back in my teenage days, caller ID didn’t exist, providing complete anonymity when making a telephone call. When the phone rang, you had no idea who is going to be on the other end. But that all changed in the mid-80s when caller ID became an option in most major cities, and now is a widespread feature available just about anywhere. In fact I would be surprised to find an area where caller ID was not offered by the local CLEC or ILEC.
For the most part, caller ID spoofing requires some level of control within the network, as on regular telephones, the caller ID is not actually transmitted by the device, nor is it possible to send outbound caller ID on an analog POTS circuit. For the originating device to send custom caller ID, a primary rate interface or basic rate interface with a D channel would be required.
Since many do not have a digital circuit, or a PBX or telephone capable of generating custom caller ID, most telephone phone phreaks resort to services such as Spoofcard. The way Spoofcard works, is that you make a call to an access number, and then enter the destination number that you would like to call. The account is managed online where you can provision whatever caller ID number you would like to be displayed at the far end. When the call reaches the terminating central office, a query is made based on the calling line ID number, and the name associated with that number is then displayed to the destination. Fortunately, it’s not quite as easy as that. Even though the caller has masked their telephone number and name to the destination, there is still a telephone record on their originating line to the Spoofcard service, which leaves behind a breadcrumb trail that is very easy for the police or FBI to follow.
With the advent of voice over IP services, the potential pranksters are able to use the Internet to access service providers, which also provide the ability to provision the outbound calling line ID number, and ultimately trigger a name associated with that to whomever you call. Again, even though the breadcrumb trail is not quite as obvious, it certainly is there, and when you look at the level of ethernet forensics being deployed by public safety officials, rest assured, if they go looking for you, they will find you.
Another common practice is to exploit the telecommunications devices for the deaf, or TDD units. Placing a call from these types of devices to national relay services creates a physical firewall between the prankster and public safety. But fortunately, the physical connection of the originating telephone call to the relay service is logged, and can be physically traced.
When I read the full details of many of these swatting attempts, most have telltale signs that public safety is getting very attuned to. For example, many arrive on the administrative lines and not the 911 circuits. There are probably two reasons for this. The first is that the phone phreakers are probably afraid that the administrative PSTN lines are not as advanced as the 911 lines, and they are afforded more anonymity and scrutiny. Although that sounds like a great explanation, in today’s world it’s simply not true. Point-to-point connections made in the PSTN are logged and traceable regardless of the termination type. And although there is no dramatic music and clock ticking away while public safety initiates a trace on the line, those connections can be tracked well after the call was completed.
Getting a SWATting call to land on a 911 line is not impossible, but much more difficult and unpredictable. It typically requires a much higher level of knowledge of the terminating network, and those details are just not easily found out. Even if they are, public safety often changes those details on an ongoing basis to protect against information being made public and usable for any length of time.
Just this past week, LAPD change their policy on these types of calls, where they will no longer publicly acknowledge them when they occur. This is being done in the hopes of reducing the “hacker celebrity status” of the perpetrator. You’ll also notice that several arrests are now being made as public safety understands how the network is being manipulated, and safeguards have been put into place to capture the appropriate data. This is all being done under the auspices of the Communications Assistance for Law Enforcement Act or CALEA (pronounced clee-ah). This is the United States wiretapping law that was passed in 1994 in an effort to enhance the ability of law enforcement and intelligence agencies to conduct electronic surveillance. It also requires telecommunication carriers as well as manufactures of telecommunications equipment to provide built-in surveillance capabilities and wiretap points that allow federal agencies to monitor all communications in real time.
So every seen an end to the continuous SWATting attempts on Hollywood? Probably not. But I will predict a drastic decline in those attempts, as well as an increase in arrests and convictions of those who choose to play this dangerous game. 45 years ago, prank phone calls may have been an amusing game.
“Is your refrigerator running? Then you better catch it!”
This might have given a five-year-old a stomach ache from the belly laughs. Today, reports of hostages and military grade weapons are going to get someone shot, and most likely killed. The obvious question is will next generation 911 make this problem worse?
Although it’s true that more opportunities may be present to initiate a SWATting attack, the standard tools and monitoring inherent in all networks today will make the detection much easier and faster shutting down the origination attempts. With the level of security being deployed in most networks today we easily have the technology to identify and capture those who choose to play.
Want more on E9-1-1? E9-1-1 Talk Podcast
Subscribe to my weekly E9-1-1 Talk Podcast here
Thanks for stopping by and reading the Avaya CONNECTED Blog on E9-1-1, I value your opinions, so please feel free to comment below or if you prefer, you can email me privately.
Public comments, suggestions, corrections and loose change is all graciously accepted 😉
Until next week. . . dial carefully.
Be sure to follow me on Twitter @Fletch911
APN is Powered by Cachefly
CacheFly is the world’s fastest CDN, delivering rich-media content up to 10x faster than traditional delivery methods. With a proven track record and over a decade’s worth of CDN experience, companies around the world choose the CacheFly CDN for reliable and unbeatable performance. For more information, visit www.cachefly.com