Caller ID-spoofing 911 callers busted!

16 November 2007

Late in October of 2007, a story hit the news wires about people getting raided by local SWAT teams because someone had called up the local 911 services and claimed that gang wars had broken out, heavily armed people on drugs had killed their families, and stuff like that. Some pretty bad things went down as a result, and as one would expect law enforcement doesn't take kindly to anyone monkeying around with their communications networks, especially when lots of heavily armed cops wearing body armor are called out as a result. A subsequent investigation revealed that a group of phone phreaks around the country have been behind the so-called jokes that resulted in the homes of a number of innocent families being raided, and the police have repaid the favor in spades. As it turns out, they were using caller ID spoofing techniques to make the calls appear to come from different home addresses, which fooled the 911 call center staff into thinking that something was truly amiss. Interestingly, the group used a number of techniques to pull this off, from good old-fashioned social engineering over the phone to what appears to be cracking the switches that route calls from point to point. In some instances, systems were supposedly compromised so deeply that members of the group could listen in on phone calls elsewhere, probably by enabling and abusing the three-way calling functionality of those telephony switches. Another member of the group had access to LexisNexis and was doing go-tos on at least some of the targets, either to figure out the address to spoof or to determine how best to fuck with the targets.