Spoofing and Swatting: The Threat to Public Safety and the American Public

Imagine lying quietly in bed with your family in the house and hearing some rustling outside your window in the backyard. Sure, you might call the police or you might just go investigate to see what it might be. Just to be careful, you take your lawfully owned firearm with you or perhaps a kitchen knife just in case. Once you go outside you are quickly confronted by several individuals wearing body armor, helmets, masks, and heavily armed yelling at you to immediately drop your weapon and get down. Is it the police? Is it some nefarious group attempting to heist your house? Who knows, but failure to comply may cost you your life.

Image: Flickr user JOE 13 | used under Creative Commons Attribution-NoDerivs 2.0 Generic license

After you are taken into custody and the dust settles, you find out your local law enforcement agency received an emergency 9–1–1 call from inside of your home by a male subject claiming to have murdered his family and threatening suicide by cop. The police tell you the call originated from your home phone, they heard what sounded like screaming and yelling, and had every indication that you intended to die by police action tonight. This explains why they responded with the response they did. Congratulations, you have just been the victim of spoofing and swatting and it nearly cost you your life. Why would someone choose you and your family for this sadistic joke? Who knows? Maybe you made someone mad at work, said the wrong thing on social media, someone is trying to extort money from you, or, maybe you were just the unlucky address chosen for this prank tonight. In September 2014 there was a pretty large incident involving juveniles seeking revenge for on-line gaming activities. So the reason could be just about anything unfortunately.

Spoofing refers to the modification of caller identification information to conceal the true identity of a caller. Calls placed to 9–1–1 are made with spoofed caller ID information by using commercial spoofing programs and other means to convince first responders that the emergency call was originating from the victim’s address. Swatting refers to falsely reporting an emergency to a police agency to cause a response of a special weapons and tactics (SWAT) team to an address, or making false reports to elicit an emergency response.

Unfortunately, this is not out of the realm of possibility today. This is also not a new phenomenon. Back in the mid-2000’s hackers began to spoof numbers to get SWAT teams to go to houses of unsuspecting victims with guns drawn. At one time, this was something that a person had to have some hacking skills or other technical knowledge to make happen. Not so much today and the threat still persists.

Image: http://www.kpbyerslaw.com/1/post/2013/10/-caller-id-act-2009-whats-the-truth-behind-it.html

Programs readily available via the internet and mobile applications make it much easier for the average person to conceal their identity to make calls by generating false information. Many of these market themselves as harmless tools to conceal your identity for a variety of reasons, but if used improperly can generate these types of incidents. Despite laws in place that make this type of activity illegal and the FBI generating public education campaigns, this is still a problem facing law enforcement agencies across the nation.

These are not only illegal and dangerous for all parties involved but the response can be exceptionally costly. These measures are typically perpetrated by young, savvy, computer hackers who exploit the limitations of the 9–1–1 emergency system and advances in computer technology. Swatting or spoofing is difficult to detect in real time given the fact the information being received by dispatch appears to be correct and legitimate. This information is relayed to responding officers who also respond on the belief they are receiving legitimate information. The community is placed in danger as responders rush to the scene, taking them away from true emergencies. Officers are also placed in danger as unsuspecting residents may try and defend themselves. Incidents may be sent in to either 9–1–1 or via non-emergency numbers through text based messaging relay services. There may not necessarily be a person’s voice on an audio call reporting the incident. This problem is expected to continue to be an issue with the deployment of text to 9–1–1.

Image: City of Phoenix Police Department Communications Bureau

There are some characteristics of hoax threats however:

  • Suspicious story or scenario given by the caller
  • Tone of caller and background noise does not match the situation
  • Claims of hostages, rifles, explosives, or automatic weapons present at the location
  • Calls originating from an unknown source or “relay service” or other ISP application enabling proxy calls
  • No signs of forced entry at location
  • No unusual activities or out of place vehicles in the area
  • Individual claims to be armed and suicidal or intends to shoot law enforcement upon arrival
  • Story changes or escalates during the call
  • Only a single caller is reporting a high-profile incident
Image: http://pixgood.com/police-light-wallpaper.html

For public safety personnel this growing trend is exceptionally dangerous. In addition to the typical dangers of these types of responses, swatting has been used to divert emergency personnel to allow other criminal activities to occur nearby. More recently, there have been concerns over radio frequency jamming operations occurring once personnel arrive at the scene of these to disable tactical communications to potentially harm personnel or further complicate the response. Unfortunately, as technology continues to make our lives easier, it also poses new risks and threats that public safety personnel and the public must be aware of.