
Serial Swatter Bragged He Hit 100 Schools, 10 Homes - robin_reala
https://krebsonsecurity.com/2018/01/serial-swatter-swautistic-bragged-he-hit-100-schools-10-homes/
======
izacus
Hrmf, in a society where police doesn't shoot innocent unarmed people swatting
as a concept doesn't really exist - it's called "prank call" and while it's
still a rather serious crime, it's something that's solved by a fine and a
strong talking to.

Policemen killing unarmed innocent people is the problem that really needs
solving - how the hell can innocent people be killed by policemen and not a
single person in police chain of commands gets jailed? Why wasn't a single
head of police removed from post and why aren't training approaches being
reevaluated?!

~~~
jadell
You are correct in everything you wrote, except for one thing.

> Policemen killing unarmed innocent people is the problem that really needs
> solving

No, policemen killing unarmed innocent people is _a_ problem that really needs
solving. But it isn't solved yet. Until it is, swatting someone should be
considered an act of violence. The person calling in the swat is doing so
specifically because of the potential for violence, and they should be
punished accordingly.

Stopping the police from shooting unarmed and innocent people is the long term
solution. Until that is in place, there needs to be consequences for those who
would exploit police violence for their own ends. These are issues that can be
worked on in parallel.

~~~
izacus
I would honestly say (although I'm not from US) that preventing the police
from murdering any innocent person is of paramount priority over pretty much
anything. Stopping the police violence shouldn't ever be a "long-term
solution".

Punishing the caller after all won't do anything to save more people - police
killings are happening at alarming rate with swatters or without. It'll just
satisfy your lust for revenge which doesn't really do anything. Just consider
the rising amount of jailed people in US and comparatively low change in crime
rate. Use brain to solve problems, not your first emotional response.

~~~
jadell
And not being from the US, I think you're ignoring the reality of how large a
problem "preventing the police from murdering any innocent person" actually is
here. It shouldn't be, but it is, and we have to work in the world we live in,
not the one we wish for.

In the current reality in the US, calling the police about a violent crime
underway will provoke a violent response. The caller certainly knows this. We
should absolutely be working very hard to change that, but until it changes,
trying to hand wave it away by saying, "it shouldn't be that way," ignores
reality.

~~~
jMyles
> how large a problem "preventing the police from murdering any innocent
> person" actually is

Are we excluding problems for first-in-line treatment because they are
"large?" If so, that's new in the American political experience.

~~~
jadell
No. My original comment stated "These are issues that can be worked on in
parallel."

~~~
romwell
I would like to add to your statement that in the criminal justice system,
intent plays a big role in determining the punishment for the crime.

Given the public knowledge of police violence in the US, especially in
responses to potentially violent situations, the intent of swatter in the US
is very different from the intent of a prank-caller elsewhere, and should be
seen differently.

To paraphrase, if you approach a gate, and I open it for you with a remote,
that act doesn't make me a bad person (living in a gated community, I often do
that without thinking).

The same act would be quite different if I knew there's an angry alligator on
the loose inside, and I opened the gate to see how fast you'd run from the
said alligator (moreso if you didn't even intend to enter).

The problem of the free-roaming alligator is not to be neglected, but it will
take time and effort to solve. In the meantime, people who open the gate won't
be treated too kindly.

A counterpoint would be that, as sad as the consequences are, at least more
people are aware of the gator as a result - and not just the ones who have to
live next to it while the landlord keeps doing nothing for decades.

~~~
brokenmachine
What an oddly specific and tangential metaphor that was...

------
jMyles
A reasonable, mature, and just society will pay very little attention to this
person, but pay very much attention to the vulnerability that this person has
irresponsibly disclosed.

~~~
ggg9990
I don't think it needs to be an either or. I would like to see this swatter
executed and I would like to see major police tactics reform.

~~~
empath75
You can't have major police tactics reform without a reform of gun laws to go
around with it. Police have to assume that there is a possibility that anyone
that they interact with is armed to the teeth. I'm not sure you can reasonably
ask police to unilaterally disarm and still expect them to be able to handle
mass shootings when they do occur.

~~~
epicureanideal
>> Police have to assume that there is a possibility that anyone that they
interact with is armed to the teeth.

They should be trained to interact professionally and as calmly as possible
with people who are armed to the teeth. If it's such a regular occurrence, why
are they dealing with it with the same panicked exaggerated responses as an
untrained civilian would?

I think we need a discussion as a society around how much risk we expect
police to take on. Similar to how astronauts or military personnel take on
calculated risks.

Human spaceflight is REALLY expensive if you want only 1 death per 10,000
launches.

Having police is REALLY expensive in terms of innocent civilian casualties if
you want 1 death per 10,000 interactions with "believed to be armed" (but
maybe not actually armed) civilians. How many deaths of innocent people equal
the death of one police officer? What is the proper ratio? 10 to 1? 100 to 1?

~~~
ggg9990
It should be less than 1:1. The police officer should be asked to take on more
risk than the general public if they are to claim that they are "brave."

------
watertom
Seems like a pretty effective method for terrorism.

I'm afraid of the police because they are essentially unchecked and usually
their behavior is rubber-stamped.

The simple fact that they charge into a situation without __ANY
__reconnaissance highlights exactly why I 'm afraid of the police.

The thought of them showing up at my house because "someone" called the police
is actually a terrifying thought.

An organized group calling in SWATTING situations around the country would
create a serious level of fear.

~~~
epicureanideal
I certainly don't encourage it, but an organized group calling in a huge
amount of swattings, so much so that it becomes a regular occurrence, might
actually be a way of reducing the danger in swattings and reduce police
aggressiveness.

If each police force responds several times to this kind of prank call, it
would hopefully demonstrate to them the need to change their operating
procedures.

Unfortunately several dozen or more innocent people might be killed or wounded
before they realize their rules of engagement etc. need updating.

~~~
jMyles
> an organized group calling in a huge amount of swattings, so much so that it
> becomes a regular occurrence

> I certainly don't encourage it

Why not? This seems like a very reasonable, sober approach to testing this
problem. If SWAT teams can't pass this test, they need to be put on pause
until they can be repaired.

I mean, we do this sort of pentesting for things as trivial (at least by
comparison) as bank accounts and health records. We're talking about people
being murdered in cold blood here. I damn well think that a SWAT team needs to
be able to demonstrate that it can survive a falsified report without
murdering somebody.

------
cantrip

      > Over 20 schools and homes
      > Homes I'm about 10 now
      > Schools I'm at about 100
    

Is no one going to reference the typo in that admission?

Isn't it possible he meant to say 10 schools?

------
jasonmaydie
I'm still surprised that police would go shooting up a place without even
verifying that the situation they are supposed to be handling even exists.

~~~
maxxxxx
I would really like to see a discussion how different police forces in
different countries would handle this. My guess is that German police would
first stay outside and look at the situation. I doubt they would go straight
in. The American attitude of going straight in seems in line with high speed
chases. I think in most countries these would be viewed as too dangerous.

Does anybody anything about strategies of different police forces?

~~~
coolspot
They did stay outside. There is body cam video[777].

Person came out of house and made a lot of hand movements. Got shot.

[777]
[https://www.youtube.com/watch?v=0UKp05HDXCU](https://www.youtube.com/watch?v=0UKp05HDXCU)

~~~
maxxxxx
That's just nuts. Can't they hide behind their cars or something and watch?
Why shoot from such a distance just based on movement? I don't know what I
would do if I got woken up at night, a flashlight in my face. With them being
so trigger happy you are almost guaranteed to be shot. Imagine your dog or
child ran out in this situation. How are you supposed to behave? Stand still
and watch them get shot?

------
bb88
Personally, while I feel it's not pre-meditated murder, I do feel like it's
involuntary manslaughter.

I would like to see him get 10 years minimum without access to a phone or
outgoing communications.

------
walshemj
That guy has so destroyed his life swatting the fed means he's going to be a
person of interest for life to the TLA's

------
gech
Why don't we employ the NSA to provide value here, by tracing back the few
swatters that are responsible for the majority of these events? We know they
have the capability.

~~~
bb88
Probably because even if they could do it, we don't want the NSA to start
feeding potential criminal activity to the local police.

------
johansch
I could actually imagine things being better if proof-of-identity was required
for a phone number.

I really don't want IP access to run by the same scheme though.

How do these swatters fake phone numbers?

~~~
falcolas
Long story that I’m not fully familiar with short: the phone system suffers
from the same trust issues that the internet does. That is, it wasn’t designed
with things like adversarial users in mind.

EDIT: Am I incorrect in this statement? I'd love more feedback.

~~~
SilasX
Right but in this case it was unproxied VoIP, right? It should be easy (in the
sense of not requiring a forced universal protocol upgrade, I mean) to at
least protect against this kind of attack — a caller from an LA IP claiming to
be in Kansas.

~~~
falcolas
There is another story happening in parallel to this where the Police arrested
the wrong person based off the IP in use. IPs are just too ephemeral to trust
for any form of location data.

Not to mention the caller chose to call a line which would normally not have a
lot of need for those protections, in comparison to 911.

~~~
johansch
"IPs are just too ephemeral to trust for any form of location data"

That is just policy decision. It would, for example, be possible to declare
that no single IP should be used for more than two customers during a single X
hour block.

~~~
falcolas
A policy decision by whom? Specifically, how do you do this when IP spaces are
controlled by various unfriendly countries around the world? Politics aside,
the required technical coordination would be a nightmare. We can barely handle
BGP without conflicts as-is.

IPv4 space is also quite limited, and new devices are popping onto networks
all the time. I'm not even sure a IP time window is feasible without a full
move to IPv6 - something that policy makers have been trying to push on for
years without success.

~~~
johansch
>A policy decision by whom?

By your government?

> Specifically, how do you do this when IP spaces are controlled by various
> unfriendly countries around the world

You begin a "911-certified program" that requires your local ISPs to register
their IP ranges with some central authority. The rest is a bunch of detailed
but solvable details.

Your idealism when it comes to making this seem more complicatated that it
really is seems misplaced.

~~~
Canada
Your suggestion just isn't realistic when you look at how VoIP systems work in
practice. What you usually have are SIP clients talking to SIP servers which
then involve a bunch more servers and proxies and a slew of other protocols.
SIP traffic from the endpoint and the associated RTP stream could be tunneled,
often for very good reason. You can't prevent that with any kind of IP
registration scheme because then the client can't roam which defeats the best
reason to deploy VoIP in the first place. Providers are routing calls
dynamically for reliability and cost reasons. Sometimes when you ask a server
to terminate a call it just redirects it elsewhere. Even endpoints can
arbitrarily redirect calls.

Ultimately none of the providers involved can know where either end of the
call is. We can't even know their IP address for certain, let alone their
physical location. What we have for 911 is a form where the customer declares
their physical address and a disclaimer warning the customer that should they
move then emergency calls will not be routed to the most appropriate call
center and the operator will get the wrong address.

There's absolutely nothing we can do to prevent malicious people from abusing
it. Any attempt to do so would result in honest users being unable to call for
help in emergencies causing far more harm than the abuse we're trying to
prevent.

~~~
johansch
You are not going to convince me, or anyone else who understand the tech, that
this is a fundamentally unsolvable _technical_ problem, I promise. It all
boils down to compromises between regulation vs freedom, etc.

So, I do take issue when you say things like:

> There's absolutely nothing we can do to prevent malicious people from
> abusing it.

