Announcement

Collapse
No announcement yet.

Tech Crime Blotter

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Tech Crime Blotter

    If it doesn't make you laugh it will make you cry.

    http://www.networkworld.com/news/200...0209securityal

    Swatting is becoming a real problem according to the FBI and the hacker community should make a very strong denouncement of this practice.

    xor
    Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

  • #2
    Re: Tech Crime Blotter

    Hah! We were having a party down here in Orlando with some Anonymous. We were streaming video of the party from 711chan and we had cut it off. A few people from Raidchan thought it would be a good idea to swat us because we refused to turn it back on. It was an interesting experience to say the least, because it was hard to explain to a muscle headed cop about Anons and the internets and how you can know someone online as a friend but really have no freaking clue who they are. No arrests were made, though ;/
    "As Arthur C Clarke puts it, "Any sufficiently advanced technology is indistinguishable from magic". Here is my corollary: "Any sufficiently technical expert is indistinguishable from a witch"."

    Comment


    • #3
      Re: Tech Crime Blotter

      Wasn't the admin of a chan site victim of a swatting in Canada or something?

      As the UK is currently home of youths attacking fire and ambulance services I'm used to the notion of severe stupidity. Not sure how the government would tackle a problem of swatting, its not like you can just blacklist some areas (which has been suggested to stop attacks on emergency services here).

      Comment


      • #4
        Re: Tech Crime Blotter

        Originally posted by Thsyrus View Post
        Wasn't the admin of a chan site victim of a swatting in Canada or something?

        As the UK is currently home of youths attacking fire and ambulance services I'm used to the notion of severe stupidity. Not sure how the government would tackle a problem of swatting, its not like you can just blacklist some areas (which has been suggested to stop attacks on emergency services here).
        Yea, I think moot (4/7chan owner) got swatted. We know who did it exactly and apparently he spoofed the number as if it was coming from 911, so they can't track him :3 I'm not that big into phreaking so I don't exactly know how it was done. D: Its a big problem, I guess, the Orlando SWAT commander said that they have been responding to swatting pranks all year on the rise, etc.
        "As Arthur C Clarke puts it, "Any sufficiently advanced technology is indistinguishable from magic". Here is my corollary: "Any sufficiently technical expert is indistinguishable from a witch"."

        Comment


        • #5
          Re: Tech Crime Blotter

          Originally posted by xor View Post
          Swatting is becoming a real problem according to the FBI and the hacker community should make a very strong denouncement of this practice.
          (Bold addition in format is my own.)

          Strangely enough, this gets into politics. You could easily say that you are against it, but telling the "hacker community" that they *should* (or should not) denounce something is an example of something called political activism with a captive audience.

          We don't need any political agendas like this. Choosing to tell people that they should (or should not) , "take a stand," on any point, and choosing to tell people that they should (or should not), "denounce," something each provide opportunity for dichotomy and dissension in an already fragmented community of people with dissimilar beliefs.

          Not bringing this up now for this use of, "should," and political action will likely cause people to wonder why it wasn't brought up here, but is brought up elsewhere. Solution? Nix it when I see it.

          Swatting appears to be a bad idea, but I won't use the forums to push that as something that other people should believe and agree with me.

          Other than that, it is a good topic for discussion.
          (Leaving thread open.)
          Last edited by TheCotMan; March 2, 2009, 15:40.

          Comment


          • #6
            Re: Tech Crime Blotter

            I think the bigger issue here is the inherent flaws in the current CallerID system and the fact that the 911 centers are relying upon the CallerID system for their information.

            It should be more difficult to spoof the CallerID information, maybe we need a special CallerID format for VoIP systems where most of the spoofing is happening.

            I don't really have a good answer for a solution, but the problem clearly lies with the current CallerID system.
            A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

            Comment


            • #7
              Re: Tech Crime Blotter

              Not that I think its right or correct, but I think the most predictable course of action is that states will start to "outlaw" changing your caller ID.
              "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

              Comment


              • #8
                Re: Tech Crime Blotter

                There is a way in asterisk to reveal phones numbers though I don't know what kind of systems the 911 services run on. This was demoed at The Last Hope.

                "Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos." I think we have seen in recent history where at least the first 2 lines of my sig are true. Swatting, and Octo-Mom, perhaps when she does her pr0n0 the trinity will be complete.

                xor
                Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

                Comment


                • #9
                  Re: Tech Crime Blotter

                  Originally posted by theprez98 View Post
                  Not that I think its right or correct, but I think the most predictable course of action is that states will start to "outlaw" changing your caller ID.
                  I don't see a reason why an end user of the phone system should be able to change their information. I'm open to reasons why.

                  I don't think we need government regulation in the area, but I think maybe the phone companies should take a more proactive approach in preventing it from happening.

                  If there is a legitimate need to do so, then maybe the companies should setup a website where you can change it online so that the changes are logged.

                  Of course, it would have to be a really secure website. ;)
                  A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

                  Comment


                  • #10
                    Re: Tech Crime Blotter

                    I appreciate the prank for the joke aspect of it, but I work in law enforcement and I know what resources are wasted/ not actually there if a REAL emergency were to occur.

                    Someone mentioned regulation above, registering who uses caller IDs and what they are spoofing, etc. To be honest, I cannot think of a legitimate reason to spoof a caller ID. We work with a Women Abuse shelter on our property, but they go through the phone company to anonomize their phones. (but we all know that can be bypassed easily http://blog.wired.com/27bstroke6/2009/02/trapcall.html)

                    The problem is even if they outlawed caller ID spoofing(at the most extreme), there will always be ways around it.
                    "As Arthur C Clarke puts it, "Any sufficiently advanced technology is indistinguishable from magic". Here is my corollary: "Any sufficiently technical expert is indistinguishable from a witch"."

                    Comment


                    • #11
                      Re: Tech Crime Blotter

                      i am not in law enforcement, so take that into consideration when i post here, but what if the solution could also (at least in part) be approached from the other end of the issue.

                      as i see it, the whole response practice might do with a bit of reform. sending fully-armored people blindly into an assault situation without any recon of the scene first just comes off as reckless to me. i spoke of a similar theme when the whole Boston/Mooninintes scare happened when i asked "how come the first responding officers don't have the power to call something off"

                      if there is a perceived threat at a bank or a house or, hell, anywhere... is it that bad an idea for dispatch to have the nearest black and white cruise past the scene first? of course, if the windows are dark and no one is seen outside, i don't know what the next step is, but yeah... it just puzzles me that this isn't part of the response process.

                      or, like xor said, if phone calls are routed through toll-free switches doesn't that force the actual and true ANI data to be revealed? it was demo'd at HOPE and made perfect sense. i don't know enough about how deeply embedded in the system a call ID spoof happens to understand whether this would/would not be a solution... but i'd love to hear an explanation from someone who knows the details.
                      "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
                      - Trent Reznor

                      Comment


                      • #12
                        Re: Tech Crime Blotter

                        I thought about the response as well in regards to this when I first started reading about swatting a couple months ago. I'm not sure there's a really good answer, with the litigious society that we have now, if the police don't respond appropriately in due time, they could be open to a suit. Of course, the same goes for responding incorrectly to a falsified call.

                        It's too bad that a$$holes seem to find it funny to waste public resources and potentially have people injured/killed all for a 'prank'. I don't see how these are even considered pranks, there's nothing funny about it.

                        I think the only way to stop this is to take a hard long look at the current CallerID system and determine a way to fix it there.

                        Does anyone have any contact with a 911 center to see if anything has been addressed with the operators there in regards to this?
                        A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

                        Comment


                        • #13
                          Re: Tech Crime Blotter

                          Originally posted by streaker69 View Post
                          I thought about the response as well in regards to this when I first started reading about swatting a couple months ago. I'm not sure there's a really good answer, with the litigious society that we have now, if the police don't respond appropriately in due time, they could be open to a suit. Of course, the same goes for responding incorrectly to a falsified call.

                          It's too bad that a$$holes seem to find it funny to waste public resources and potentially have people injured/killed all for a 'prank'. I don't see how these are even considered pranks, there's nothing funny about it.

                          I think the only way to stop this is to take a hard long look at the current CallerID system and determine a way to fix it there.

                          Does anyone have any contact with a 911 center to see if anything has been addressed with the operators there in regards to this?
                          I can call over to my 911 center and ask them how they handle this as well as speak to the SWAT commander here to find out what they do.
                          "As Arthur C Clarke puts it, "Any sufficiently advanced technology is indistinguishable from magic". Here is my corollary: "Any sufficiently technical expert is indistinguishable from a witch"."

                          Comment


                          • #14
                            Re: Tech Crime Blotter

                            Originally posted by Deviant Ollam View Post
                            i am not in law enforcement, so take that into consideration when i post here, but what if the solution could also (at least in part) be approached from the other end of the issue.

                            as i see it, the whole response practice might do with a bit of reform. sending fully-armored people blindly into an assault situation without any recon of the scene first just comes off as reckless to me. i spoke of a similar theme when the whole Boston/Mooninintes scare happened when i asked "how come the first responding officers don't have the power to call something off".
                            I think I explained it at the time, but a patrol officer doesn't have that kind of authority. It doesn't work that way. It would be kind of like a private attempting to call off a battle. They certainly can and do call in observations, but it doesn't mean they have the authority call off further action.

                            Originally posted by Deviant Ollam View Post
                            if there is a perceived threat at a bank or a house or, hell, anywhere... is it that bad an idea for dispatch to have the nearest black and white cruise past the scene first? of course, if the windows are dark and no one is seen outside, i don't know what the next step is, but yeah... it just puzzles me that this isn't part of the response process.
                            The nearest cruisers go and establish a perimeter. Their function is to stabilize.

                            The problem with Boston and the Moonies, as well as the with "swatting", is that when a worst case scenario is called in, the cops have to assume the worst is true. To do otherwise, is to risk peoples' lives when it is a real situation. It's one of those "we have to be right every time" situations. If you get it wrong once, people can die.

                            Here's what I wrote about this type of thing back when the Moonies guerrilla marketing campaign was such big news:
                            https://forum.defcon.org/showpost.ph...4&postcount=66

                            Originally posted by streaker69 View Post
                            Does anyone have any contact with a 911 center to see if anything has been addressed with the operators there in regards to this?
                            I'll talk to the PD where I was Chief. They currently have a rather large 911 PSAP, serving about 25 public safety agencies.
                            Thorn
                            "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

                            Comment


                            • #15
                              Re: Tech Crime Blotter

                              How about not having a land line phone tied to your address? No phone = no address for swat to show up at.
                              PGP Key: https://defcon.org/html/links/dtangent.html

                              Comment

                              Working...
                              X