[ISN] Swatters tricked AT&T while making fake 911 calls

From: InfoSec News (alerts@private)
Date: Wed Nov 21 2007 - 00:06:36 PST


http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9048039

By Robert McMillan
November 20, 2007 
IDG News Service

A Cleveland, Ohio man has pled guilty to participating in a scheme that 
involved using AT&T employee passwords and identities to place false 911 
calls to emergency dispatch centers.

Stuart Rosoff is facing as much as five years in prison and a $250,000 
fine after pleading guilty to charges of harassing people by tricking 
911 operators into dispatching police SWAT (Special Weapons And Tactics) 
teams to the homes of their unsuspecting victims. Rosoff was part of a 
group of about 15 to 20 people who met in chat rooms and telephone party 
lines to exchange information on how to conduct their attacks, according 
to court documents.

Rosoff is considered the lead defendant in a federal case against 
members of the group. Two other members have pled guilty, and two 
others, Jason Trowbridge and Chad Ward, are still facing trial.

Virtually unknown until recently, swatting gained national attention 
last month when 19year-old Randall Ellis was arrested after allegedly 
dispatching a SWAT team to the home of an unsuspecting couple in Orange 
County, California. That incident cost county officials nearly $20,000. 
On Friday, Ellis plead not guilty to charges stemming from the March 29 
incident. He is not believed to be connected with Rosoff or his group.

The Rosoff group has been connected to about 60 incidents, including one 
in January 2007, according to Detective Larry Cole with the Snohomish 
County Sherriff's Office in Washington State. In that case, a Rosoff's 
co-conspirator named Guadalupe Santana Martinez ended up dispatching 35 
county employees, including the SWAT team to a Snohomish County home in 
the middle of the night. "He built enough information and called 911 and 
faked that he was committing a serious crime at the time," he said. 
"When our patrols responded, nobody answered the door, so it ended up 
being an activation of our SWAT team."

In a June 12, 2006 incident, Martinez is alleged to have called 911, 
saying that he was high on hallucinogenic drugs, had shot and killed 
family members and was holding hostages.

Martinez used a spoof card to conceal his identity in this case, 
according to court filings, but in the Snohomish County incident he used 
an even simpler technique: he blocked his caller ID and simply gave 911 
operators his victim's number, according to Cole. "Even with our 911 
system if you use some blocked numbers for privacy reasons it's hard for 
our 911 system to read them," he said.

Martinez and Angela Roberson, and another group member, have since 
pleaded guilty to swatting charges.

Court documents state that he and other group members used social 
engineering techniques against telephone companies such as AT&T.

For example, Martinez would call an internal AT&T number claiming to be 
a service representative working in the field in order to get 
information on victims and sometimes even terminate their phone service, 
Cole said. "He would fake that he was an AT&T employee, call the 
internal phone number... and they would give him that information."

According to an affidavit by U.S. Federal Bureau of Investigation 
Special Agent Allyn Lynd, "AT&T employees were being victimized by the 
swatting group by the misappropriation of the AT&T employees' identities 
and passwords in order to make the swatting group's illegal access 
appear more legitimate."

One of the group's members, Matthew Weigman, had registered telephone 
service for himself under the name of an AT&T representative, the 
affidavit states.

Members of the group were able to spoof their phone numbers using 
commercially available "spoofing cards," as well as special hardware 
that could be used to spoof the ANI (Automatic Number Identification) 
caller identification system used by some telephone systems.

They accessed systems at AT&T subsidiary CTS Telecommunications, in 
Grand Prairie, Texas, the Verizon Provisioning Center in Irving Texas, 
and the Frontier Telecommunications center in Rochester, New York, 
according to court fillings.

AT&T did not return calls for comment.

Cole said that the group swatted people for two reasons: for kicks, and 
to get even. "They had very limited social skills so they were kind of 
immature," he said.

Martinez who is described as the one generally responsible for making 
the telephone calls, was nicknamed the "Wicked Wizard." He would often 
swat victims as a way of getting even for some chatroom slight, Cole 
said. "I think it was a power trip for him. It was his way of being the 
big man."


__________________________________________________________________      
Visit InfoSec News
http://www.infosecnews.org/



This archive was generated by hypermail 2.1.3 : Wed Nov 21 2007 - 00:21:14 PST