'Swatting' celebrities is far too simple
CNN — It is frighteningly easy to pull off a "swatting" prank, a disturbingly hot trend in which pranksters falsely report horrific crimes at celebrity's houses in order to draw law enforcement to those homes.
The hoaxes -- dubbed swatting because because SWAT teams are sometimes dispatched to respond -- aren't a new phenomenon. The FBI warned about the trend back in 2008. But they have grabbed headlines recently after a large number of Hollywood celebrities were targeted. The list includes Justin Timberlake, Ashton Kutcher, Justin Bieber, Tom Cruise, Ryan Seacrest, Rihanna, Miley Cyrus and Russell Brand.
The dangerous scams are usually carried off in one of two ways, and both are dead simple.
One of the most commonly used swatting tactics is caller ID spoofing. The quick and free trick makes a call appear to the 911 operator as though it is coming from inside the celebrity's house. Google "caller ID spoofing," and you'll find scores of websites and apps that can accomplish this by entering just three phone numbers: yours, the recipient's, and the number you'd like the recipient to think you're calling from.
"The scary thing is that this isn't even hacking," said Chester Wisniewski, a senior security advisor at Sophos Canada. "This is just logging in and abusing a service."
Even pre-teens can launch these attacks. Earlier this year, a 12-year-old was sentenced to two years in juvenile detention after he admitted to swatting Ashton Kutcher and Justin Bieber's homes last October.
Operators of 911 services have no way to identify instances of caller ID spoofing.
"You could call it a hole in the system," said Lee Moore, the principal of 911 Consult, which works with law enforcement to implement their 911 systems. "We go with the phone number information that we receive, and check the location of that number. There's no inherent system to allow us to look at a 10-digit number and know that it is indeed what it says it is."
A second swatting method sidesteps the traditional phone system altogether. Some swatters use a teletypewriter (TTY) relay -- a phone system created for people who are deaf -- to place 911 calls.
Here's how TTY works: The caller dials a relay service, and types messages on a TTY machine. An operator calls the other party and acts as an intermediary, speaking the typed messages to the hearing person, and typing the spoken messages to the TTY user.
The TTY system is appealing to swatters because the Federal Communications Commission requires relay services to keep TTY calls, and callers, confidential. Even if relay operators believe a 911 call may be a hoax, they're generally prohibited from intervening -- calls must be relayed verbatim.
The hoaxers who swatted security researcher Brian Krebs, writer of the blog Krebs on Security, used the TTY method. Krebs said police officers pointed a shotgun and a semi-automatic rifle at him as they searched his house.
It's unclear how, or whether, the TTY or emergency response systems could be changed to help stop swatting.
"You wouldn't want them sharing these calls, or being able to intervene on hearing-impaired people's discussions," Krebs told CNNMoney. "But at a certain point, common sense needs to take over."
The Los Angeles County sheriff's spokesman Steve Whitmore declined to comment on how law enforcement plans to combat these swatting methods. "We really would not talk about something like that," he said. The Los Angeles Police Department did not respond to a request for comment.
Police, lawmakers and security experts are scrambling for a potential solution. Meanwhile, the dangerous pranks continue.
"I was fortunate enough to open the door to the police," Krebs said. "If a SWAT team kicks someone's door down at 3 a.m., and that homeowner is armed, you can see how this could go very, very wrong."