Doug Bates got up to lock the doors and grabbed a knife. A beam from a flashlight hit him. He peeked into the backyard. A swarm of police, assault rifles drawn, ordered him out of the house. Bates emerged, frightened and with the knife in his hand, as his wife frantically dialed 911. They were handcuffed and ordered to the ground while officers stormed the house.

The scene of mayhem and carnage the officers expected was nowhere to be found. Neither the Bateses nor the officers knew that they were pawns in a dangerous game being played 1,200 miles away by a teenager bent on terrifying a random family of strangers.

They were victims of a new kind of telephone fraud that exploits a weakness in the way the 911 system handles calls from Internet-based phone services. The attacks – called “swatting” because armed police SWAT teams usually respond – are virtually unstoppable, and an Associated Press investigation found that budget-strapped 911 centers are essentially defenseless without an overhaul of their computer systems.

The AP examined hundreds of pages of court documents and law-enforcement transcripts, listened to audio of “swatting” calls, and interviewed two dozen security experts, investigators, defense lawyers, victims and perpetrators.

While Doug and Stacey Bates were cuffed on the ground that night in March 2007, 18-year-old Randal Ellis, living with his parents in Mukilteo, Wash., was nearly finished with the 27-minute yarn about a drug-fueled murder that brought the Orange County Sheriffs Department SWAT team to the Bateses home.

In a grisly sounding call to 911, Ellis was putting an Internet-based phone service for the hearing-impaired to nefarious use. By entering bogus information about his location, Ellis was able to make it seem to the 911 operator as if he was calling from inside the Bateses home. He said he was high on drugs and had just shot his sister.

According to prosecutors, Ellis picked the Bates family at random, as he did with all of the 185 calls investigators say he made to 911 operators around the country.

“If I would have had a gun in my hand, I probably would have been shot,” said Doug Bates, 38.

In a separate, multistate case prosecuted by federal authorities in Dallas, eight people were charged with orchestrating up to 300 “swatting” calls to victims they met on telephone party chat lines. The three ringleaders were each sentenced to five years in prison. Two others were sentenced to 2 1/2 years. One defendant pleaded guilty last week and could get a 13-year sentence. The remaining two are set to go on trial in February.

A similar case was reported in Salinas, Calif., where officers surrounded an apartment where a call had come in claiming men with assault rifles were trying to break in. In Hiawatha, Iowa, fake calls about a workplace shooting included realistic gunshot sounds and moaning in the background. In November, a teenage hacker from Worcester, Mass., pleaded guilty to a five-month swatting spree including a bomb threat and report of an armed gunman that caused two schools to be evacuated.

Many times, however, swats dont get fully investigated or reported.

Orange County Sheriffs detective Brian Sims spent weeks serving search warrants on Internet providers before he identified Ellis through his numeric computer identifier, known as an IP address.

Unlike calls that come from landline phones, which are registered to a fixed physical address and display that on 911 dispatchers screens, calls coming from peoples computers, or even calls from landline or cell phones that are routed through spoofing services, could appear to be originating from anywhere.

Scores of Caller ID spoofing services have sprung up, offering to disguise callers origins for a fee. All anybody needs to do is pony up for a certain number of minutes, punch in a PIN code and specify whom theyre calling and what theyd like the Caller ID to display.

Spoofing Caller ID is perfectly legal. Legitimate businesses use the technology to project a single callback number for an entire office, or to let executives working from home cloak their home numbers when making outgoing calls.

At the same time, criminals have latched onto the technique to get revenge on rivals or get their kicks by harassing strangers.

“Were not able to cope with this very well,” said Roger Hixson, technical issues director for the National Emergency Number Association, the 911 systems industry group. “Were just hoping this doesnt become a widespread hobby.”

Source