Man Hacks 911 System, Sends SWAT on Bogus Raid

An anonymous reader writes "The Orange County Register reports that a 19 year old from Washington state broke into the Orange County California 911 emergency system. He randomly selected the name and address of a Lake Forest, California couple and electronically transferred false information into the 911 system. The Orange County California Sheriff's Department's Special Weapons and Tactics Team was immediately sent to the home of a couple with two sleeping toddlers. The SWAT team handcuffed the husband and wife before deciding it was a prank. Says the article, 'Other law enforcement agencies have seen similar breaches into their 911 systems as part of a trend picked up by computer hackers in the nation called "SWATting"'"

Proxy

[kilo_foxtrot84]

assault with an assault weapon by proxy I find this charge to be very interesting. Are there any sort of precedents for it?

How does this keep happening?

I'm really naive about security, so I can't understand how these security breaches happen time and time again. If these systems were web based, or offering some kind of web or internet service which necessitated having open TCP ports I'd find this easier to understand. Why is it that ordinary office systems (and bespoke Command and Control Systems), and documents sitting on file servers behind corporate firewalls, with no direct connection to the outside world are always so vulnerable? Surely it's possible to run an internal network (ethernet or whatever) in such a way as to make it completely inaccessible from the outside world, while running an email and web gateway?

Re:Good grief

[Guppy06]

"It's a pretty harrowing experience for the innocent victim but at least it was just a prank."

It's all fun and games until someone gets shot for resisting arrest?

Re:Good grief

[Firethorn]

"Sure, SWAT is trained not to shoot first and ask questions later, "

I'm afraid that I'd have to disagree with this. At least compared with normal officers, SWAT is indeed trained to shoot first.

This can be considered acceptable if SWAT usage is restricted to high risk situations, where not using these tactics is likely to result in more deaths, but some areas have them serving most of the warrents - even on unarmed, non-violent dentists moonlighting as bookies.

Re:Good grief

[IndustrialComplex]

Very true. The average bank robbery results in about $5,000 stolen by the robber.

Consider that you could probably make $30,000 per year as a bus driver. You would have to rob at least 5 banks per year to come close (No taxes :p) . I'd imagine that after the 3rd bank you would jump up pretty high on the FBI watchlist.

An average 'tech' job probably earns you more than the most active bank robber.

Re:Drugs

[Jherek+Carnelian]

Or maybe if drugs were legal, the guy would have just made up a different crime instead to get the SWAT team to go to the house. If drugs were legal, then politicians would not have felt the need to grand-stand so much about "being tough on drugs" and thus would never have funded the SWAT team in the first place.

Re:Good grief

[Odin_Tiger]

Better approach: Anonymously send all relevant info to a well-known security researcher or group who is more likely to know what to do with it and not easily silenced without creating a Streisand Effect.

felony murder

[westlake]

Interesting. The fact that the armed men are cops, doesn't change that? Is there an expectation that cops should shoot someone?

It was called "the felony murder rule" when I first heard of it years ago.

It means, simply, that you are responsible for any deaths, from any cause, that were set in motion by your criminal misconduct. You abduct a child who suffocates in your closet, or a woman who goes into a diabetic coma.

It is reckless endangerment, raised to the n(th) power.

Re:Good grief

[overbaud]

I think if we are going to talk about ultimate responsibility it is with the developers and vendor of the software. They failed to write secure software for a mission critical system. Their failure was a lack of foresight, testing or both. Personally I am surprised that on slashdot where ripping vedors security seems to be a hobby that the fingers weren't pointed in this direction first post. It was the brains at the start of the process that failed, not the brawn at the end of it.

Re:Good grief

[k1e0x]

Not true. Cops kill lots of people because they *think* they are armed..

Or maybe some of think its fun.. read this, you'll be sick. http://www.lewrockwell.com/grigg/grigg-w10.html

Re:Would not have been murder

[NMerriam]

Is there an expectation that cops should shoot someone?

No, but the legal standard used in most places is not whether or not you EXPECT harm to happen, rather whether the harm is a reasonably foreseeable consequence of your action. Most juries would agree that sending armed officers to a house in the night represents a pretty predictable and finite set of outcomes, some of which involve violence (whether to the resident or the police).

So, for example, if you rob a bank with a toy gun, you're obviously not intending to shoot someone, but if the security guard shoots at you and hits an innocent bystander, you'll be charged with that death because it was a reasonably foreseeable consequence of waving what appeared to be a weapon in front of an armed guard.

False positives bad, false negatives diabolical

[LrdDimwit]

I can do one worse. There are direct applications of this vulnerability to cover up criminal activity. For starters, there is the signal-to-noise ratio problem: DOS the system with an avalanche of bogus reports, then commit [crime] on the theory that there are so many invalid reports, the odds are real good there won't be any response to your legitimate report.

If you have something specific in mind, you can use this scenario:

1. WHILE (police_responded EQUALS true) DO:
Trick the 911 system into saying "home invasion in progress at [location]".

2. ???

3. Profit!

So it plays out something like this.

1. You trick the 911 system like this dumbass, and report [crime] at [location].
2. The police respond to an apparently legitimate call (false positive).
3. You trick the 911 system again, to give exactly the same reading as before. (Better would be slightly different calls at the same address, but let's keep it simple.)
4. The police suspect something, but respond anyway (false positive).

This proceeds, until eventually the police begin ignoring the false alarms (true negative). Now you have a location and a crime that you are absolutely sure the police are going to ignore. If this doesn't strike you as sinister, you have too much faith in humanity. So eventually, you arrive at:

5. You commit [crime] at [location].
6. The police ignore the call, because they've been getting nonsense calls all week at this place (false negative).

Re:Good grief

[Firethorn]

sworn in under the same oath

I really doubt that, where'd you hear it? I wouldn't be surprised at all if they're asked to swear an oath, but I doubt that it included:

'I, (NAME), do solemnly swear (or affirm) that I will support and defend the Constitution of the United States against all enemies, foreign and domestic; that I will bear true faith and allegiance to the same; and that I will obey the orders of the President of the United States and the orders of the officers appointed over me, according to regulations and the Uniform Code of Military Justice. So help me God.'

Why is it that the NYPD and US Marines hold joint training sessions in the practice building down at Floyd Bennet Field?

Probably because as a result of the drug war, gangs and such are almost military forces; presenting the police with the same problems?

Room clearing is pretty much the same, whether you're a marine clearing a building overseas or SWAT clearing a drug house.

Up here in ND, I know the Minot Police department, and the Ward county sheriff's office work closely with Minot AFB. The local bomb squads work with the people on base. It makes sense to share training and facilities sometimes.

Now, while I don't necessarily object to the existence of SWAT, I DO object to their usage for every little thing; you had many areas stand up teams where they may only get a truly SWAT worthy task once a year or more, yet said SWAT team costs money continuously. In an attempt to justify the costs they end up using SWAT where normal officers would be better - such as the city who uses SWAT for all their warrants.

In many of these areas they'd probably do better to take some regular officers and give them extra training - pick one of the better shooters to double as a sniper if necessary. Pick a few of the others to learn how to use a MP5, M4, or other assault rifle/submachine gun and advanced building clearing tactics. Those officers get a little extra pay in exchange for being 'on call' for the serious stuff.

Re:Would not have been murder

[stonecypher]

You're misunderstanding. Murder requires intent. The worst he could get would be reckless endangerment / manslaughter 1.

Re:Good grief

[crashfrog]

If a home owner does not have a reasonable expectation that a no-knock warrant may be served (e.g. not doing illegal things that might result in a SWAT raid), they may not be held legally responsible for shooting or killing an officer.

Unless they're black. Funny how that works.

Re:Good grief

[Johnny5000]

I do feel sorry for Bush sometimes, many of the "Bushisms" are probably due to mild dyslexia.

I think this guy said it well:

"George Bush is not stupid. He's evil. OK? There's a huge difference between stupid and evil."

"George Bush can speak perfectly well, just not when he's being caring or compassionate or concerned about human beings. That's when he stutters and says shit like 'Hey it's hard to put food on your family.' Which he actually said, he said it's hard to put food on your family. Do you know why he said that? 'Cause he could give a fuck how hard it is for you to put food on the table for your family. But you know when he gets really downright poetic and articulate and focused is when he's talking about war and death and murder and retribution. All of a sudden he's Dylan Thomas."

"Here's the thing, if you gave Darth Vader a big basket of puppies he'd look like a fucking imbecile. 'Hey Darth, how do you like those puppies?' 'Uh, well they're round...furry...to, uh, pet...here I don't really like puppies, here, take these.' 'What are you gonna do to Alderaan?' 'WE WILL DESTROY YOUR PLANET, YOU WILL BE DUST BENEATH THE HEELS OF OUR BOOTS!' That's George Bush! I know a supervillain when I see one!"