SWAT teams, residents victimized by 911 fraud

Doug Bates and his wife, Stacey, were in bed around 10 p.m., their 2-year-old daughters asleep in a nearby room. Suddenly they were shaken awake by the wail of police sirens and the rumble of a helicopter above their suburban Southern California home. A criminal must be on the loose, they thought.

Doug Bates locked the doors and grabbed a knife. A beam from a flashlight hit him. He peeked into the backyard. A swarm of police, assault rifles drawn, ordered him out of the house. Bates emerged, frightened and with the knife in his hand, as his wife frantically dialed 911. They were handcuffed and ordered to the ground while officers stormed the house.

The scene of mayhem and carnage the officers expected was nowhere to be found. Neither the Bateses nor the officers knew that they were pawns in a dangerous game being played 1,200 miles away by a teenager bent on terrifying a random family of strangers.

They were victims of a new kind of telephone fraud that exploits a weakness in the way the 911 system handles calls from Internet-based phone services. The attacks -- called “swatting” because armed police SWAT teams usually respond -- are virtually unstoppable, and an Associated Press investigation found that budget-strapped 911 centers are essentially defenseless without an overhaul of their computer systems.

The AP examined hundreds of court documents and law-enforcement transcripts, listened to audio of “swatting” calls, and interviewed two dozen security experts, investigators, defense lawyers, victims and perpetrators.

While Doug and Stacey Bates were cuffed on the ground that night in March 2007, 18-year-old Randal Ellis, living with his parents in Mukilteo, Wash., was nearly finished with the 27-minute yarn about a drug-fueled murder that brought the Orange County Sheriff’s Department SWAT team to the Bateses’ home.

In a grisly sounding call to 911, Ellis was putting an Internet-based phone service for the hearing-impaired to nefarious use. By entering bogus information about his location, Ellis was able to make it seem to the 911 operator as if he was calling from inside the Bateses’ home. He said he was high on drugs and had just shot his sister.

According to prosecutors, Ellis picked the Bates family at random, as he did with all of the 185 calls investigators say he made to 911 operators around the country.

“If I would have had a gun in my hand, I probably would have been shot,” said Doug Bates, 38.

Last March, Ellis was sentenced to three years in prison after pleading guilty to five felony counts, including computer access and fraud, false imprisonment by violence and falsely reporting a crime.

In a separate, multistate case prosecuted by federal authorities in Dallas, eight people were charged with orchestrating up to 300 “swatting” calls to victims they met on telephone party chat lines. The three ringleaders were each sentenced to five years in prison. Two others were sentenced to 2 1/2years. One defendant has pleaded guilty and could get a 13-year sentence. The remaining two are set to go on trial this month.

A similar case was reported in Salinas, where officers surrounded an apartment where a call had claimed that men with assault rifles were trying to break in. In Hiawatha, Iowa, fake calls about a workplace shooting included realistic gunshot sounds and moaning in the background. In November, a teenage hacker from Worcester, Mass., pleaded guilty to a five-month swatting spree including a bomb threat and report of an armed gunman that caused two schools to be evacuated.

Many times, however, swats don’t get fully investigated or reported.

Orange County Sheriff’s Det. Brian Sims spent weeks serving search warrants on Internet providers before he identified Ellis through his numeric computer identifier, known as an IP address.

Law enforcement officials hope lengthy prison terms will deter would-be swatters. Technology alone isn’t enough to stop the crimes.

Unlike calls that come from landline phones, which are registered to a fixed physical address that is displayed on 911 dispatchers’ screens, calls coming from people’s computers, or even calls from landline or cellphones that are routed through spoofing services, could appear to be originating from anywhere.

Scores of Caller ID spoofing services have sprung up, offering to disguise callers’ origins for a fee. All anybody needs to do is pony up for a certain number of minutes, punch in a code and specify whom they’re calling and what they’d like the Caller ID to display.

Spoofing Caller ID is perfectly legal. Businesses use the technology to project a single callback number for an entire office, or to let executives working from home cloak their home numbers when making outgoing calls.

At the same time, criminals have latched onto the technique to get revenge on rivals or get their kicks by harassing strangers.

“We’re not able to cope with this very well,” said Roger Hixson, technical issues director for the National Emergency Number Assn., the 911 system’s industry group. “We’re just hoping this doesn’t become a widespread hobby.”

The 911 system was built on the idea that it could trust the information it was receiving from callers. Upgrading the system to accommodate new technologies can be a huge task.

Gary Allen, editor of Dispatch Monthly, a Berkeley, Calif.-based magazine focused on public-safety communications centers, said dispatchers are “totally at the mercy of the people who call,” considering that they don’t have technology to identify which incoming calls are from Internet-based sources.

Allen said upgrading the communications centers’ computers to flash an Internet caller’s IP address could help thwart fraudulent calls. He said an even simpler fix, tweaking the computers to identify calls from Internet phone services and flash the name of the service provider to dispatchers, can cost under $5,000 but is usually still too costly for many communications centers.

But because this style of fraudulent calls is so new, and many emergency-dispatch centers receive few Internet calls in the first place, those upgrades are not frequently done.

Swatting calls place an immense strain on responding departments. The Orange County Sheriff’s Department deployed about 30 people to the Bateses’ home, including the SWAT team, a helicopter and K-9 units. It cost the department $14,700.

They take their toll on victims too.

Tony Messina, a construction worker from Salina, N.Y., was swatted three times by the gang broken up by the federal authorities in Dallas. He was even arrested as the result of one call, because authorities found weapons he wasn’t supposed to have while they were searching the house.

Messina had made some enemies on a party line he frequented to flirt with women. Out of jealousy, he says, some guys started swatting him.

Investigators say swatters are usually motivated by a mixture of ego and malice, a desire for revenge and domination over rivals.