February 29, 2008

Seymour Butts

An excellent article by Kevin Poulsen in Wired Magazine explains a pernicious form of prank calling known as “swatting.”

At 4 in the morning of May 1, 2005, deputies from the El Paso County Sheriff's Office converged on the suburban Colorado Springs home of Richard Gasper, a TSA screener at the local Colorado Springs Municipal Airport. They were expecting to find a desperate, suicidal gunman holding Gasper and his daughter hostage.

"I will shoot," the gravely voice had warned, in a phone call to police minutes earlier. "I'm not afraid. I will shoot, and then I will kill myself, because I don't care."

But instead of a gunman, it was Gasper himself who stepped into the glare of police floodlights. Deputies ordered Gasper's hands up and held him for 90 minutes while searching the house. They found no armed intruder, no hostages bound in duct tape. Just Gasper's 18-year-old daughter and his baffled parents.

A federal Joint Terrorism Task Force would later conclude that Gasper had been the victim of a new type of nasty hoax, called "swatting," that was spreading across the United States. Pranksters were phoning police with fake murders and hostage crises, spoofing their caller IDs so the calls appear to be coming from inside the target's home. The result: police SWAT teams rolling to the scene, sometimes bursting into homes, guns drawn.

It turns out that a brilliant and socially awkward teenager was responsible for the phone call, which appeared to come from Gasper’s home.

The teenager, and others like him, used in-depth knowledge of the technical aspects of the phone system along with social engineering in order to make prank calls, turn off and reroute phone lines, obtain free services from the phone companies, and perform various acts which run from the mundane and annoying to the potentially dangerous and deadly.

In a super-connected world, the actions of hyper-empowered individuals such as this boy demonstrate the vast potential not just for mischief but also for great damage that can be done by intelligent people with a good understanding of social responses and excellent technical knowledge. If the wrong types were to develop this further, one could see potential for distant and dangerous attacks of other sorts. Mind you, the boy in question did not use a computer to perform his mischief. He simply developed sophisticated understanding through exacting open source research, networks of other like-minded individuals, and exploitation of human intelligence.

Other applications that would allow, for instance, insurgents in Iraq to mask the source of anonymous tip or provide false information to Iraqi Security Forces also present themselves.

It is a brave new world...