911 hoax calls becoming a bigger problem

Aug 15 2011 - 5:35pm

A California couple with a 2-year-old daughter is awakened late at night by heavily armed police storming their home after a false report of a shooting.

A Texas family is stunned when officers with automatic weapons respond to their house expecting a drug-fueled murderer who is demanding $50,000 in exchange for hostages.

And a Wyckoff, N.J., neighborhood is put on lock-down as the Bergen County SWAT team shoots tear gas into what proves to be a home occupied only by a cat.

In each case, the people who wound up in the crosshairs were actually victims of a dangerous and increasingly common hoax known as "swatting," so called because a bogus emergency call prompts the response of a SWAT team.

It is typically perpetrated by young, savvy computer hackers who exploit the limitations of the 911 emergency system and advances in computer technology to cover their tracks, experts and law enforcement officials say. They do it for bragging rights or revenge, but it costs taxpayers and puts innocent people at risk, experts say.

A federal law signed late last year takes aim at swatting by imposing large fines on those who are caught, but in recent years authorities have also sent swatters to prison on federal fraud convictions.

"This is a federal crime, and I'd say to these people that, if you persist pursuing this type of entertainment, it's just a matter of time before local and state authorities and the FBI come knocking on your door," said Kevin Kolbye, assistant special agent in charge of the FBI's Dallas office. That office spearheaded the first federal swatting case in 2008 and has tracked more than 100 other swatting incidents nationwide since then.

The swatting incident in Wyckoff occurred at the home of cybercrime expert Parry Aftab.

A man called the Wyckoff police station on a Saturday afternoon in July reporting that he had killed four people and held two hostages inside Aftab's home.

Thirty officers quickly surrounded the house. They told neighbors to stay inside. They sent remote-controlled robots to peer into windows. They reached Aftab on her cellphone. She was out of town but told police to do what they needed to do.

After a three-hour standoff, police discovered that the phone number that appeared on the call display in the station was spoofed to disguise the caller's true location and identity. Wyckoff police are investigating the call, but Police Chief Benjamin Fox has said the probe may be difficult.

"It's not like the prank phone calls of years ago," said Lt. Mike Devine, who oversees Bergen County's SWAT team and has been with the unit for 13 years.

Part of why swatting is so alarming to emergency responders is that virtually anyone with access to the Web can do it. Voice-over-IP phones, which rely on an Internet connection, allow a caller to choose the number that the recipient sees. Many companies also offer caller ID spoofing services online.

They have legitimate uses: a doctor who wants his office number to appear when he is responding to a patient's emergency call from his cellphone, for example.

But it also allows swatters to appear to be calling from the home phone number of their targets, as they report a gruesome murder or a home intrusion.

"The reason it's become so popular is because it's relatively simple to fool the 911 network because of how it's built," said Mark J. Fletcher of Passaic County, N.J., a public-safety product manager for the business communications company Avaya. "Nationally, it seems to be happening a couple of times a month," he said, although those are only the cases that draw headlines.

The 911 system was created in 1968, long before wireless signals and Internet connections. So most call centers don't have equipment capable of determining if a call is coming through a computer phone line -- information that could be used to assess the credibility of an emergency call, Fletcher said. That could change in the coming years.

But for now, the system is susceptible to the likes of Matthew Weigman -- nicknamed "Li'l Hacker." The blind Massachusetts 18-year-old pleaded guilty in 2009 to charges related to swatting a family in Texas and other phone fraud schemes. He also hacked into phone company accounts to retrieve information about customers and intimidated witnesses, prosecutors said.

One of five swatters tracked down by the Dallas FBI office, he was sentenced to 11 years in prison.

"It seems to be more bragging rights and ego than monetary gain," Kolbye of the Dallas FBI said of swatters' motives. He said he has also seen instances when swatters targeted females who refused online sexual advances. "They tend to be very reclusive, sometimes social misfits, and computer savvy," he said. Swatters are typically males in their 20s and 30s who sometimes brag about their hoaxes in online forums and chat rooms, he said. Often they are hundreds of miles away from their victims.

In Aftab's case, police are trying to determine if she was targeted by hackers because of her frequent appearances on national television to speak out about online bullying and Internet security. Her websites were hacked into last July when she appeared on a "Good Morning America" segment about a young Florida girl who had been bullied by members of a Web forum. Anonymous members of the forum, 4Chan, bragged about taking down her websites and posting Aftab's personal information and malicious rumors online.

When a SWAT team is called out on a hoax, taxpayers foot the bill for the extra manpower. But the potential costs of swatting go well beyond dollars and cents.

"There's the opportunity cost of not being able to help out other people because you're tied up on a hoax," said Devine, the leader of the Bergen County SWAT team.

"This could also be a mechanism that terrorists use to cause a distraction at one location while the real event is happening at another location," said Roger Hixson, technical issues director at the National Emergency Number Association.

And then there's the real possibility of someone getting hurt or killed.

In 1993, Paramus Officer Vincent Brock died after he hit a utility pole on Route 4 while responding to a false 911 call from a stolen cellphone.

"They're putting themselves in harm's way over a prank," Devine said. "It's not a joking matter."

Lawmakers and authorities have tried to curtail the practice through legislation and prosecutions.

In June, the Federal Communications Commission implemented the Truth in Caller ID Act, which prohibits caller ID spoofing "with the intent to defraud, cause harm, or wrongfully obtain anything of value." It allows the agency to levy fines of up to $10,000. While adopting the new rules, the agency noted the increase in swatting.

Kolbye, of the FBI, said "law enforcement is becoming more aware of these kinds of incidents" and his office has given presentations to local and state authorities nationwide.

(c) 2011, North Jersey Media Group Inc.

Visit The Record, www.northjersey.com/.

Distributed by McClatchy-Tribune Information Services.


From Around the Web