[ISN] Guilty Plea: Phone Phreaks Use Caller-ID Spoofing to Get Foes Raided By SWAT

From: InfoSec News (alerts@private)
Date: Fri Nov 16 2007 - 04:35:07 PST


http://blog.wired.com/27bstroke6/2007/11/guilty-plea-pho.html

By Kevin Poulsen 
Wired.com
November 15, 2007

An Ohio man has pleaded guilty to a federal conspiracy charge for being 
part of a gang of "swatters" -- one of them blind -- who used Caller ID 
spoofing to phone the police with fake hostage crises, sending armed 
cops bursting into the homes of innocent people.

Stuart Rosoff of Cleveland, Ohio (right, in a 2004 mugshot) pleaded 
guilty to one count of conspiracy last Friday in federal court in the 
Northern District of Texas.

The case seems to confirm that swatters are using simple Caller ID 
spoofing to pull these unfunny hoaxes -- and not "hacking into 911" 
after all.  But the court documents indicate that Rosoff was part of a 
remarkably sophisticated gang of old-school phone phreaks with serious 
access to at least one phone company's computers, which they used to get 
information on their targets.

The alleged brain behind of much of the phone hacking was a minor in 
Boston, identified in three separate guilty pleas from group members as 
"M.W."  M.W. comes across as a master of social engineering, who had 
enough access to phone company systems to listen in on calls. He is also 
blind.

According to a stipulation (.pdf) by Rosoff and prosecutors, Rosoff 
worked with M.W. to obtain "telephone numbers, pass phrases, employee 
identification numbers, and employee account information used by the 
conspirators by various means including through 'social engineering' or 
pretexting of telephone calls to telecommunications company employees, 
'war dialing', trafficking in pass phrases and access information with 
other phone 'phreakers,' etc."

M.W. allegedly made more that 50 telephone calls to the Verizon 
Provisioning Center in Irving, Texas, "and obtained unauthorized access 
to the computers located there, and used the access to obtain 
telecommunications services including Caller I.D. blocking and call 
forwarding."

The informal swatting conspiracy unfolded in 2004 after Rosoff started 
hanging out on free telephone chat lines, particularly the "Jackie 
Donut," the "Seattle Donut" and the "Boston Loach" where people around 
the world chat by calling in or connecting online.

At some point Rosoff and at least five other chatters, including M.W., 
started making the swatting calls, largely targeting other people on the 
party lines, or those people's friends and family members. They used 
Caller I.D. spoofing services to adopt the phone number of their 
intended victim, and phoned non-emergency police lines with threats.

For example, in September 2006, co-conspirator Guadalupe Santana 
Martinez (.pdf) targeted the father of a female party line participant. 
The swatter called the police in Alvardo, Texas while spoofing the 
father's number, identified himself as the father and told the police 
dispatcher that "he had shot and killed members of the … family, that he 
was holding hostages, that he was using hallucinogenic drugs, and that 
he was armed with an AK47." He went on to demand $50,000 and 
transportation across the border to Mexico, "and threatened to kill the 
remaining hostages if his demands were not met."

It's heartening to learn that blind phone phreaks (and party lines) are 
still around after all these years. But it's sad to hear how the hackers 
are misusing their superpowers. According to Rosoff's plea:

    As a result of the swatting telephone calls at least two victims 
    received injuries. Rosoff was aware that injuries were received by 
    one victim, an infirm, elderly male who resided in New Port Richey, 
    Florida, and that as a result of the swatting activities by the 
    coconspirators normal municipal activities were disrupted in 
    Yonkers, New York and other locations due to false emergency calls 
    resulting in a SWAT response, i.e. road closings, etc.

It's not clear how many people were targeted. Prosecutors count more 
than 100 victims, but that includes telecom providers and emergency 
responders, as well as the people spoofed. Financial losses ranged from 
$120,000 - $250,000.

Jason Trowbridge, another alleged conspirator, used the LexisNexis-owned 
database service Accurint to get consumer records on the gang's target, 
prosecutors claim. Martinez pleaded guilty in April, and co-defendant 
Angela Roberson copped a plea in October. Trowbride and co-defendant 
Chad Ward are set for trial in December.

Ward is an alleged victim and perpetrator of swatting. According to 
Roberson's stipulation (.pdf), Martinez swatted Ward in September of 
last year following a tiff within the group.



__________________________________________________________________      
Visit InfoSec News
http://www.infosecnews.org/



This archive was generated by hypermail 2.1.3 : Fri Nov 16 2007 - 04:44:53 PST