http://blog.wired.com/27bstroke6/2007/11/guilty-plea-pho.html
By Kevin Poulsen
Wired.com
November 15, 2007
An Ohio man has pleaded guilty to a federal conspiracy charge for being
part of a gang of "swatters" -- one of them blind -- who used Caller ID
spoofing to phone the police with fake hostage crises, sending armed
cops bursting into the homes of innocent people.
Stuart Rosoff of Cleveland, Ohio (right, in a 2004 mugshot) pleaded
guilty to one count of conspiracy last Friday in federal court in the
Northern District of Texas.
The case seems to confirm that swatters are using simple Caller ID
spoofing to pull these unfunny hoaxes -- and not "hacking into 911"
after all. But the court documents indicate that Rosoff was part of a
remarkably sophisticated gang of old-school phone phreaks with serious
access to at least one phone company's computers, which they used to get
information on their targets.
The alleged brain behind of much of the phone hacking was a minor in
Boston, identified in three separate guilty pleas from group members as
"M.W." M.W. comes across as a master of social engineering, who had
enough access to phone company systems to listen in on calls. He is also
blind.
According to a stipulation (.pdf) by Rosoff and prosecutors, Rosoff
worked with M.W. to obtain "telephone numbers, pass phrases, employee
identification numbers, and employee account information used by the
conspirators by various means including through 'social engineering' or
pretexting of telephone calls to telecommunications company employees,
'war dialing', trafficking in pass phrases and access information with
other phone 'phreakers,' etc."
M.W. allegedly made more that 50 telephone calls to the Verizon
Provisioning Center in Irving, Texas, "and obtained unauthorized access
to the computers located there, and used the access to obtain
telecommunications services including Caller I.D. blocking and call
forwarding."
The informal swatting conspiracy unfolded in 2004 after Rosoff started
hanging out on free telephone chat lines, particularly the "Jackie
Donut," the "Seattle Donut" and the "Boston Loach" where people around
the world chat by calling in or connecting online.
At some point Rosoff and at least five other chatters, including M.W.,
started making the swatting calls, largely targeting other people on the
party lines, or those people's friends and family members. They used
Caller I.D. spoofing services to adopt the phone number of their
intended victim, and phoned non-emergency police lines with threats.
For example, in September 2006, co-conspirator Guadalupe Santana
Martinez (.pdf) targeted the father of a female party line participant.
The swatter called the police in Alvardo, Texas while spoofing the
father's number, identified himself as the father and told the police
dispatcher that "he had shot and killed members of the … family, that he
was holding hostages, that he was using hallucinogenic drugs, and that
he was armed with an AK47." He went on to demand $50,000 and
transportation across the border to Mexico, "and threatened to kill the
remaining hostages if his demands were not met."
It's heartening to learn that blind phone phreaks (and party lines) are
still around after all these years. But it's sad to hear how the hackers
are misusing their superpowers. According to Rosoff's plea:
As a result of the swatting telephone calls at least two victims
received injuries. Rosoff was aware that injuries were received by
one victim, an infirm, elderly male who resided in New Port Richey,
Florida, and that as a result of the swatting activities by the
coconspirators normal municipal activities were disrupted in
Yonkers, New York and other locations due to false emergency calls
resulting in a SWAT response, i.e. road closings, etc.
It's not clear how many people were targeted. Prosecutors count more
than 100 victims, but that includes telecom providers and emergency
responders, as well as the people spoofed. Financial losses ranged from
$120,000 - $250,000.
Jason Trowbridge, another alleged conspirator, used the LexisNexis-owned
database service Accurint to get consumer records on the gang's target,
prosecutors claim. Martinez pleaded guilty in April, and co-defendant
Angela Roberson copped a plea in October. Trowbride and co-defendant
Chad Ward are set for trial in December.
Ward is an alleged victim and perpetrator of swatting. According to
Roberson's stipulation (.pdf), Martinez swatted Ward in September of
last year following a tiff within the group.
__________________________________________________________________
Visit InfoSec News
http://www.infosecnews.org/
This archive was generated by hypermail 2.1.3 : Fri Nov 16 2007 - 04:44:53 PST