Guilty Plea: Phone Phreaks Use Caller-ID Spoofing to Get Foes Raided By SWAT

Guilty Plea: Phone Phreaks Use Caller-ID Spoofing to Get Foes Raided By SWAT

by Kevin Poulsen, m.wired.com
November 15th 2007


An Ohio man has pleaded guilty to a federal conspiracy charge for being part of a gang of "swatters" — one of them blind — who used Caller ID spoofing to phone the police with fake hostage crises, sending armed cops bursting into the homes of innocent people.

Stuart Rosoff of Cleveland, Ohio (right, in a 2004 mugshot) pleaded guilty to one count of conspiracy last Friday in federal court in the Northern District of Texas.

The case seems to confirm that swatters are using simple Caller ID spoofing to pull these unfunny hoaxes — and not "hacking into 911" after all.  But the court documents indicate that Rosoff was part of a remarkably sophisticated gang of old-school phone phreaks with serious access to at least one phone company’s computers,  which they used to get information on their targets.

The alleged brain behind of much of the phone hacking was a minor in Boston, identified in three separate guilty pleas from group members as "M.W."  M.W. comes across as a master of social engineering, who had enough access to phone company systems to listen in on calls. He is also blind.

According to a stipulation (.pdf) by Rosoff and prosecutors, Rosoff worked with M.W. to obtain "telephone numbers, pass phrases, employee identification numbers, and employee account information used by the conspirators by various means including through ‘social engineering’ or pretexting of telephone calls to telecommunications company employees, ‘war dialing’, trafficking in pass phrases and access information with other phone ‘phreakers,’ etc."

M.W. allegedly made more that 50 telephone calls to the Verizon Provisioning Center in Irving, Texas, "and obtained unauthorized access to the computers located there, and used the access to obtain telecommunications services including Caller I.D. blocking and call forwarding."

The informal swatting conspiracy unfolded in 2004 after Rosoff started hanging out on free telephone chat lines, particularly the "Jackie Donut," the "Seattle Donut" and the "Boston Loach" where people around the world chat by calling in or connecting online.

At some point Rosoff and at least five other chatters, including M.W., started making the swatting calls, largely targeting other people on the party lines, or those people’s friends and family members. They used Caller I.D. spoofing services to adopt the phone number of their intended victim, and phoned non-emergency police lines with threats.

For example, in September 2006, co-conspirator Guadalupe Santana Martinez (.pdf) targeted the father of a female party line participant. The swatter called the police in Alvardo, Texas while spoofing the father’s number, identified himself as the father and told the police dispatcher that "he had shot and killed members of the … family, that he was holding hostages, that he was using hallucinogenic drugs, and that he was armed with an AK47." He went on to demand $50,000 and transportation across the border to Mexico, "and threatened to kill the remaining hostages if his demands were not met."

It’s heartening to learn that blind phone phreaks (and party lines) are still around after all these years. But it’s sad to hear how the hackers are misusing their superpowers. According to Rosoff’s plea:

As a result of the swatting telephone calls at least two victims received injuries. Rosoff was aware that injuries were received by one victim, an infirm, elderly male who resided in New Port Richey, Florida, and that as a result of the swatting activities by the coconspirators normal municipal activities were disrupted in Yonkers, New York and other locations due to false emergency calls resulting in a SWAT response, i.e. road closings, etc.

It’s not clear how many people were targeted. Prosecutors count more than 100 victims, but that includes telecom providers and emergency responders, as well as the people spoofed. Financial losses ranged from $120,000 – $250,000.

Jason Trowbridge, another alleged conspirator, used the LexisNexis-owned database service Accurint  to get consumer records on the gang’s target, prosecutors claim. Martinez pleaded guilty in April, and co-defendant Angela Roberson copped a plea in October. Trowbride and co-defendant Chad Ward are set for trial in December.

Ward is an alleged victim and perpetrator of swatting. According to Roberson’s stipulation (.pdf), Martinez  swatted Ward in September of last year following a tiff within the group.

Original Page: http://m.wired.com/threatlevel/2007/11/guilty-plea-pho/

Shared from Read It Later

 אל

Comments