• United States




Swatting: Disruptive, embarrassing, and juvenile

Feb 03, 20094 mins
Business Continuity

Did you ever wonder where the hackers went who spread chaos and mayhem just for fun?  Those not-for-profit entrepreneurs who made our lives exciting?  Well, some are alive and well in the world of 911 prank calls known as “swatting.”

What is swatting?

According to,

…swatting is an attempt to trick an emergency service (such as a 911 operator) to dispatch an emergency response team. The name is derived from SWAT (Special Weapons and Tactics), one type of such team.

The number and severity of these prank calls have been increasing, some swatters starting with sending pizzas to unsuspecting home owners and graduating to sending police to someone’s home as part of a serious crime in progress report.  Law enforcement is trying to crack down.

According to a recent article at,

  • 18-year-old Randal Ellis, living with his parents in Mukilteo, WA, placed 185 calls to 911 operators across the country before being apprehended.  He was sentenced to three years imprisonment.
  • In another case, eight people were charged with “orchestrating up to 300 ‘swatting’ calls to victims they met on telephone party chat lines.
  • Late last year, a teenager from Worcester, Mass. pleaded guilty to a numerous calls over a 5-month period, which included a bomb threat and a report of an armed gunmen at two schools.

Source: The dangerous game of ‘swatting’, Jordan Robertson, The Associated Press, 2 February 2009

The methods used to place these calls depend on 911 operator inability to tell the difference between a spoofed call and a real call.  One threat is caller ID spoofing.  This doesn’t take much effort, given the helpful Web sites available, such as SpoofCard.  Another, more popular method, is spoofing caller ID over VoIP. 

Why you should care

The two primary reasons a swatter does what he or she does are fun or revenge.  Swatting incidents can cause business interruption or embarrassment for executives.  For example, swatters can call in a fire, bomb, or other type of incident with impunity which would cause building evacuation.  Disgruntled employees, shareholders, or activists might spoof one or more home phone numbers of key executives to call in heinous crimes in progress at their residences, prompting a response by police–and local news teams.

And we haven’t even started with the damage terrorists might cause with well placed swats.   For example, some pranksters have called in utility service disconnects.  Just think what people with bigger agendas might attempt.

What can you do?

Swatting calls are typically made to 911 services.  Work with local organizations and government officials to ensure minimum safeguards are in place.

[Gary Allen, editor of Dispatch Monthly, a Berkeley, Calif.-based magazine focused on public-safety communications centers] said upgrading the communications centers’ computers to flash an Internet caller’s IP address could be helpful in thwarting fraudulent calls. He said an even simpler fix, tweaking the computers to identify calls from Internet telephone services and flash the name of the service provider to dispatchers, can cost under $5,000, but is usually still too costly for many communications centers.

But because this style of fraudulent calls is so new, and many emergency-dispatch centers receive few Internet calls in the first place, those upgrades are not frequently done.

Source: The dangerous game of ‘swatting’, Jordan Robertson, The Associated Press, 2 February 2009

Regardless, 911 services should implement solutions which allow them to verify, within reason, caller location.

You should also work with your enterprise phone service provider to see if it has methods to help eliminate or identify spoofed calls, preferably before they reach your PBX.  Finally, if you believe your organization is or has been the victim of swatting, inform law enforcement.  The best way to hinder what is often an example of asinine recreational activity is to clearly demonstrate consequences (i.e., jail time).


Tom Olzak is an information security researcher and an IT professional with more than 34 years of experience in programming, network engineering and security. He has an MBA and a CISSP certification. He is an online instructor for the University of Phoenix, facilitating 400-level security classes.

Tom has held positions as an IS director, director of infrastructure engineering, director of information security and programming manager at a variety of manufacturing, healthcare and distribution companies. Before entering the private sector, he served 10 years in the U.S. Army Military Police, with four years as a military police investigator.

Tom has written three books: Just Enough Security, Microsoft Virtualization, and Enterprise Security: A Practitioner's Guide. He is also the author of various papers on security management and has been a blogger for, TechRepublic, and Tom Olzak on Security.

The opinions expressed in this blog are those of Tom Olzak and do not necessarily represent those of IDG Communications Inc. or its parent, subsidiary or affiliated companies.