accesses since March 7, 2023
copyright notice
link to the published version: IEEE Computer, March, 2023; link to archive copy link to the related Ars Technica article by Ashley Belanger, 6/30/23 accesses since March 7, 2023
“Swatting” or “911 swatting” is a malicious act that involves making fraudulent 911 to cause emergency response teams such as law enforcement SWAT teams (that's where the gerund's root comes from) to react forcefully to a non-existent public threat. [1] Swatting is commonly an act of personal retaliation and/or revenge against targeted victim(s) for offenses real or imagined. 911 Swatting has become so widespread that several sub-classes have been defined:
911 swatting is closely aligned with criminal doxxing which reveals personally identifiable information to embarrass, traumatize, intimidate, bully, harass or encourage acts of violence against victims
In any of its current manifestations, 911 swatting is intuitively an act of primarily domestic terrorism directed against noncombatant targets for personal reasons. Although federal legislation against 911 swatting has been proposed over the past decade, as of this date none of this legislation has passed through Congress. Domestic terrorism legislation has a similar record. As a consequence, prosecution for 911 swatting and domestic terrorism is subsumed under other statutes dealing with fraud, civl rights, hate crimes, Patriot Act, etc. [11] One consequence of this legislative ambivalence is that there is no way to know exactly how widespread 911 swatting is because law enforcement does not track it as a separate category of crime. However, by everyone's estimate, 911 swatting is on the rise despite the spate of state laws that call for severe punishment.
Who's doing this? A mangy mix of people with low self-esteem and anger management issues? Pranksters? Ill-behaved gamers? Hackers and low life? In short, all of the above and more. With VoIP in their hands, what could possibly go wrong? Since 911 swatting involves computing and network technology, it's worth our attention.
911 swatting seems to be the latest knot on the thread of mischief that began with telephone pranking that likely dates back as far as telephony itself. The “Upjohn? – Yes. – Then go back to bed” gag likely dates back to the days of Alexander Graham Bell. And anonymous threats of death or violence by assault, bomb, or other terrorist acts, have accompanied humanity throughout history. These two threads converge in bogus threats which are specifically created to alter or disrupt target behavior through fear, intimidation, harassment, or guile. This convergence is the deflection point for 911 swatting for it is mischievous behavior that can be claimed to be ambiguous with respect to violent intent. While it could be intended as a prank, it could also be intended as a legitimate act of terrorism. As such, 911 swatting seems to enjoy a special place in the anonymous prank-harassment-bullying-doxxing-terrorism spectrum. 911 elevates vitriol, hate, and vengeance to the level of likely violence with the unique spin that the source of violence is law enforcement. It is, if you will, an individualized form ochlocracy – where every malcontent becomes a dangerous mob unto him/herself.
VoIP is telephony on the cheap where the digitized messaging is offloaded to the Internet. VoIP is simply an extension of the TCP/IP protocol suite that enables voice communication: the payloads of the packets are audio encodings. As with other practical and useful Internet services/protocols (e.g., the world wide web/HTTP, HTML, email/SMTP, POP, IMAP, multimedia streaming/RSTP. SCTP) the magic takes place at the application layer. VoIP is a conjunction of protocols framed around a core that includes the Session Initiation Protocol (SIP) [12] for connection management and the H.323 family of protocols for managing the multimedia communication [13]. It should be mentioned that as we use the term, VoIP excludes incompatible proprietary standards such as Skype that offer similar network-based services.
Since the packet payloads are multimedia encodings, the overall theme of SIP is similar to HTTP, but with the notable exception that uniform resource identifiers may also contain phone numbers as USER IDs. As with other multimedia delivery oriented protocols, SIP is ambivalent with regard to transport layer protocols. For our present purposes we need only recognize that (a) VoIP uses IPv4 and IPv6 packet payloads as the carriers of the audio/video media encodings, (b) that there is a hardware/software connection between a computer or computer system and some media appliances that are compatible with telephony, and (c) that packet addresses will include telephone numbers. After that, VoIP may be thought of as just another packet-based application within the TCP/IP protocol suite.
Dedicated VOIP providers like Intermedia Unite, RingCentral, and Vonage work in this space, as do high tech companies such as Microsoft. All VoIP businesses offer suites of cloud-based services that can include such things as SMS messaging, call monitoring, voicemail-to-email conversion, video conferencing, etc. Such suites fall under the rubric of unified communications-as-a-service (UCaaS). When offered by traditional high tech companies, these suites are integrated with their existing products. Microsoft, for example, integrates their VoIP offering their Teams platform and Microsoft 365 infrastructure. Current cloud-based VoIP offerings are the fulfillment of the NSF-sponsored Global Schoolhouse Project that interconnected four K-12 classrooms in the U.S. and England [14][15] and Cornell University's CU-SeeMe videoconferencing platform, both of which date back to the mid-1990s. [16]
As VoIP is built upon TCP/IP, the latter's vulnerabilities carry over to the former and becomes enhanced. Where traditional Internet denial of service attacks might involve packet flooding to overwhelm the network interface cards, VOIP DOS attacks could use similar techniques to overwhelm VoIP routers and circuits with bogus VoIP phone calls. In addition, VoIP hacking has additional attack vectors such as toll fraud because, unlike Internet TCP/IP traffic, VoIP is a revenue-based service. In addition to DOS and theft of services, VoIP is in principle vulnerable to the same range of malware as the Internet itself, including those that result in data theft, impersonation fraud, eavesdropping, call tampering, and all sundry forms of malware. Needless to say, remediation is also similar. [17]
Of VoIP vulnerabilities, spoofing is the most directly relevant to 911 swatting. But where packet spoofing in TCP/IP would normally involve the use of inauthentic IP or MAC addresses to achieve stealth, with VoIP spoofing involves the use and manipulation of inauthentic caller IDs. It should be remembered that the Internet was not built around a robust security model that required authentication. And since packet crafting makes virtually every element of a packet header fungible, there's not much that can be done about it. The packet-fungibility-VoIP-ship set sail in the 1960s with the launch of TCP/IP long before VoIP was conceived. VoIP hacking for the most part is just the current manifestation of TCP/IP protocol bending.
In short, VoIP attack tactics follow familiar patterns including reconnaissance and scanning, topology mapping, active and passive fingerprinting, password detection, and so forth. Those familiar with the principles of network forensics will note the similarities with Enable Security's SIPVicious toolkit. [18]
In short, since VoIP is based upon the TCP/IP protocol suite, it is to be expected that it can be hacked, that user's personal information is vulnerable to misuse, that packets can be corrupted, users may find communication meta data unreliable, specifically including caller ID. Armed with spoofed caller IDs and source IP address, VoIP swatters are ready for business.
The Truth in Caller ID Act of 2009/S30 [19] makes it illegal for any person within the U.S. to “cause any caller identification service to knowingly transmit misleading or inaccurate caller identification information with the intent to defraud, cause harm, or wrongfully obtain anything of value ” [emphasis added] unless specifically exempted (e.g., law enforcement, court actions). In 2020, the Federal Communications Commission (FCC) used this law to fine a telemarketing company for spoofing caller IDs during political robocalls. [20] Unfortunately, the use of spoofed caller IDs to discourage call tracing and avoid call blocking are not specifically addressed in this legislation. Further. there is a logical problem with the structure of this legislation as it focuses on the intent of the source rather than the activity. One must ask what legitimate, lawful uses, if any, society should expect of caller ID spoofing. Crafting criminal law around the predicted intentions of criminals rather than the criminal conduct is a sub-optimal strategy. The same mistake of attempting to build in “intent” was made with Do Not Call legislation as exemptions were made for political calls, not-for-profit organizations, pollsters, surveyors and the like, who collectively proclaim their activity is a public service of indispensable social value. Attempts to frame unacceptable behavior around intent invariably disfavors the general public interest. The motivations behind this approach are motivated by political, economic, and parochial interests and not the welfare of society.
Subsequent to S30, the FCC introduced two rules that bear directly on the ability of law enforcement agencies to identify the source of 911 calls: Kari's Law and the RAY BAUM'S Act that took effect January 6, 2020. [21] Kari's Law required all new multi-line telephone systems (MLTS) to support 911 direct dialing with appropriate notifications and alerts to the particular branch location (e.g., front desk, security office) along with location and callback information. Ray Baum's Act required that every multi-line telephone system (MTLS) send a “dispatchable location” with every 911 call along with a call source ID to the public safety answering point (PSAP) (e.g., 911 call center) regardless of the technological platform used. This specifically includes, but is not limited to the installed MTLS base of legacy private branch exchange (PBX), central office exchange service (Centrex), and key telephone systems (KTSs) along with interconnected Voice over Internet Protocol (VoIP), internet-based Telecommunications Relay Services (TRS), mobile text, and hybrid systems. [22] While the original intent of Kari's Law and RAY BAUM'S Act was to facilitate emergency services response to legitimate threats to public safety, when viewed from the lens of S30, they can also be seen to apply to 911 swatting. Like all anti-crime legislation, they also have the unintended effect of motivating tech-savvy 911 swatters to step up their game.
That depends and the penalties are a moving target depending on jurisdiction. In California under Senate Bill 333, it is a misdemeanor crime to intentionally and knowingly make a false 911 call. This carries a penalty of one year in county jail and/or a $1,000 fine. But it is a felony crime to make a false 911 call if one knows, or should have known, that the emergency response will likely lead to great bodily injury or death. The penalty for this felony is up to 3 years in county jail and/or $10,000 fine plus reimbursement of reasonable costs to responding agencies. [23]
In Michigan under Penal Code Section 750.411a effective Jan 1, 2013 it became a misdemeanor crime to intentionally make a false report to a 911 operator or law enforcement which is punishable for up to 93 days' imprisonment and/or a $500 fine, but it is a felony crime if personal injury results which is punishable up to 5 years' imprisonment and/or $20,000. If death results, the punishment increase to up to 15 years' imprisonment and/or a fine up to $50,000. [24]
Other states (e.g., Minnesota, Florida) have followed suit with similar 911-swatting legislation. Connecticut and Nevada have expanded the legislative theme to anti-doxxing legislation [25] [26]. Although federal legislation has been proposed [27], as of this writing there is no federal statute that specifically relates to 911-swatting or doxxing. Whatever federal legislative protections are available are currently subsumed under laws relating to interstate threats, conspiracies, endangering public safety, compromising national security, etc. The state legislative reactions to 911-swatting appears to embrace the general theme that if no one is hurt, such a crime would constitute a misdemeanor; else, a felony. Some states (e.g., New York) subsume some swatting under existing laws that penalize a “depraved indifference to human life.” Although there are examples of successful federal prosecution of swatters and doxxers [28], for the foreseeable future any significant statutory relief is likely to be piecemeal, fragmented, and local. States have been more united in legislating the operational side of 911 laws, including VoIP, than the protection of privacy. [29]
We can add 911 swatting, VoIP swatting, and doxxing to our list of anti-social, cultural phenomenon at this point – along with social media disinformation campaigns, privacy-abusing apps and websites, the surveillance economy, etc. Interestingly enough, one of the earliest reports of 911 swatting was actually a hoax. [30] But it's not a hoax any longer, but rather very real, very dangerous, and on the rise. The problem is exacerbated by the fact that the hacking aspects are documented on the Internet. [31][32] There is no question that the current malaise deserves continued vigilance by the computing and networking communities.
[1] M. Enzweiler, Swatting Political Discourse: A Domestic Terrorism Threat, 90 Notre Dame L. Rev. 2001 (2015) (Available online: https://scholarship.law.nd.edu/cgi/viewcontent.cgi?article=4619&context=ndlr)
[1] M. Enzweiler, Swatting Political Discourse: A Domestic Terrorism Threat, 90 Notre Dame L. Rev. 2001 (2015) (Available online: https://scholarship.law.nd.edu/cgi/viewcontent.cgi?article=4619&context=ndlr )
[2] H. Nigam, Celebrity ‘Swatting,” the Latest Craze for Kids, Huffpost, Jan 31, 2013. (available online: https://www.huffpost.com/entry/celebrity-swatting_b_2592404 )
[3] B. Gallagher, What you need to know about swatting, gamers' favorite harassment tactic, daily dot, June 16, 2018. (available online: https://www.dailydot.com/debug/what-is-swatting/ )
[4] G. Lopez, David Hogg's family was swatted. That's extremely dangerous., Vox, Jun 5, 2018. (available online: https://www.vox.com/policy-and-politics/2018/6/5/17429258/david-hogg-swatting-parkland-shooting )
[5] A. Waller, Former Neo-Nazi Leader Sentenced to 3 Years in ‘Swatting' Scheme, The New York Times, May 4, 2021. (available online: https://www.nytimes.com/2021/05/04/us/john-cameron-denton-atomwaffen-division.html )
[6] S. Machkovech, NJ legislator who sponsored anti-swatting bill gets swatted, Ars Technica, 4/14/2015. (available online: https://arstechnica.com/tech-policy/2015/04/nj-legislator-who-sponsored-anti-swatting-bill-gets-swatted/ )
[7] M. Keith, A drag queen Twitch streamer who was targeted in a recent uptick in swatting says the livestreaming service needs to protect users' privacy, Business Insider, Nov 26, 2021. (available online: https://www.businessinsider.com/drag-queen-twitch-streamers-swatting-livestreaming-2021-11 )
[8] I. Oluo, White supremacists 'swatted' my home to silence me. I will not be silent, The Guardian, 30 Aug 2019. (available online: https://www.theguardian.com/lifeandstyle/2019/aug/30/ijeoma-oluo-essay-swatting-hoax-white-supremacists )
[9] R. McMillan, An Extortionist Has Been Making Life Hell for Bitcoin's Earliest Adopters, Wired, Dec. 29, 2014. (available online: https://www.wired.com/2014/12/finney-swat/ )
[10] H. Berghel, A Collapsing Academy, Part II: How Cancel Culture Works on the Academy, Computer , 54:10, pp. 138-144, 2021. (available online: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9548027 )
[11] G. Myre, Why The Government Can't Bring Terrorism Charges in Charlottesville, NPR's All Things Considered, August 14 2017. (available online: https://www.npr.org/2017/08/14/543462676/why-the-govt-cant-bring-terrorism-charges-in-charlottesville )
[12] M. Handley, H. Schulzrinne, E. Schooler, J. Rosenberg, RFC 2543: SIP: Session Initiation Protocol, Request for Comments, Network Working Group, Internet Engineering Task Force, March, 1999. (available online: https://datatracker.ietf.org/doc/html/rfc2543 )
[13] ITU-T Recommendation H.323, Infrastructure of audiovisual services – Systems and terminal equipment for audiovisual services, Telecommunication and Standardization Sector, International Telecommunication Union, 11/96. (available online: file:///C:/dumpster/downloads/firefox/T-REC-H.323-199611-S!!PDF-E.pdf )
[14] Global School House Phase One: Collaborative Uses of Internet Resources and Tools in the Classroom, Award #9319950, National Science Foundation, 1993. (available online: https://www.nsf.gov/awardsearch/showAward?AWD_ID=9319950 )
[15] J. Tan, What happened to the global schoolhouse?, University World News, online newsletter of the U. Pennsylvania Graduate School of Education, 16 September 2016. (available online: https://www.universityworldnews.com/post.php?story=20160913131137765 )
[16] J. Han & B. Smith, CU-SeeMe VR Immersive Desktop Teleconferencing, Prof. Fourth ACM International Conference on Multimedia, pp. 199-207. February, 2997. (available online: https://dl.acm.org/doi/pdf/10.1145/244130.244199 )
[17] M. Raimondi, VoIP Hacking Techniques, Hakin9 blog, undated, https://hakin9.org/voip-hacking-techniques/ .
[18] Communication Breakdown blog, Enable Security website, 2022. (available online: https://www.rtcsec.com/article/ )
[19] S. 30 — 111th Congress: Truth in Caller ID Act of 2009.” www.GovTrack.us. 2009. November 30, 2029. (available online: https://www.govtrack.us/congress/bills/111/s30 )
[20] California telemarketer fined $10M by FCC over political ad. AP NEWS, November 18, 2020. (available online: https://apnews.com/article/pete-wilson-california-san-diego-a07ed022634a247235c7d18fc3a00419 )
[21] PUBLIC SAFETY AND HOMELAND SECURITY BUREAU ANNOUNCES JANUARY 6, 2020, EFFECTIVE DATE OF NEW RULES IMPLEMENTING KARI'S LAW AND SECTION 506 OF RAY BAUM'S ACT, FCC Public Notice, December 5, 2019. (available online: ( https://docs.fcc.gov/public/attachments/DA-19-1236A1.pdf )
[22] Who is Affected by Kari's Law and the Ray Baums Act?, FCC Summary Document, Federal Communications Commission, Oct., 2020. (available online: https://www.911.gov/assets/Karis_Law_And_RAY_BAUMS_Act-Oct_2020.pdf )
[23] California Senate Bill 333, 2013-2014 Regular Session, Passed 2013-09-09. (available online: https://legiscan.com/CA/text/SB333/2013 )
[24] Michigan Penal Code Section 750.411a, False report of crime or report of other emergency…, effective Jan 1, 2013. (available online: https://www.legislature.mi.gov/(S(lfgmzs3kqpttt2czlpjvqoec))/mileg.aspx?page=GetObject&objectname=mcl-750-411a)
[25] Connecticut General Assembly Raised Bill No. 989, An Act Concerning Online Harassment, effective October 1, 2021. (available online: https://www.cga.ct.gov/2021/TOB/S/PDF/2021SB-00989-R00-SB.PDF )
[26] Nevada Assembly Bill No. 296, An act relating to crimes; defining certain terms for the purposes of the crime of doxxing, etc., Enacted June 4, 2021. (available online: https://legiscan.com/NV/text/AB296/2021 )
[27] H.R. 4057, A Bill to amend title 18, United States Code, to establish a criminal violation for using false communications with the intent to create an emergency response…., November 18, 2015. (available online: https://www.congress.gov/114/bills/hr4057/BILLS-114hr4057ih.pdf )
[28] New York Man Sentenced To 24 Months in Prison For Internet Offenses, Including "Doxxing," "Swatting," Making a False Bomb Threat, and Cyber-Stalking, Department of Justice Press Release Number 16-128, July 11, 2016. (available online: https://www.justice.gov/usao-dc/pr/new-york-man-sentenced-24-months-prison-internet-offenses-including-doxxing-swatting )
[29] MLTS E911 Laws and Regulation By State, Milleninia Technologies report, June 13, 2019. (available online: https://mtvoip.com/mlts-e911-laws-and-regulation-by-state/ )
[30] S. John, 15-Year-Old Gamer Convicted in 'Swatting' Hoax: Satirical Article Creates Stir on Social Media, International Business Times, 09/01/13. (available online: https://www.ibtimes.co.uk/15-year-old-gamer-convicted-swatting-hoax-satirical-article-creates-stir-social-media-1463463 )
[31] L. Thandel, voIP caller id spoofing – call hack, technical navigator online, June 30, 2019. (available online: https://technicalnavigator.in/voip-caller-id-spoofing-call-hack/ )
[32] Communication Breakdown blog, Enable Security website, 2022. (available online: https://www.rtcsec.com/article/ )