Philosophically Secure

Imagine having a SWAT team under your command, willing to go just about anywhere you ask them to. Now also imagine that you’re a 15 year old kid with nothing better to do than play pranks on your friends. Carnage ensues.

This article, titled SWAT team goes to wrong home in 911 scam, from Salinas, CA, discusses a situation where the above presumptions were actually true. Apparently, a kid from Chicago was chatting online with another kid in Salinas, and decided to prank him. Using a yet to be determined method of spoofing his caller ID, he made his phone number appear to be the one of his “friend” in California. He then called 911 and told them he was being attacked by men with assault rifles. The police department obviously takes an emergency call like this seriously, so they dispatched a SWAT team to the unsuspecting boy’s house. Meanwhile, the guy back in Chicago is probably giggling like a school girl, knowing what is about to happen.

I haven’t heard the term “swatting” before, but that is what the media is calling this type of prank, which is actually a serious crime. The hard part in prosecuting something like this is attribution, just like any crime committed over the Internet. The swatter could literally be across the world in China. He could also be working with a group of people, simultaneously causing chaos at police departments across the country, or targeting a particular area. This type of attack makes me think of denial of service or intrusion detection system flooding. If you do it enough, eventually your targets become preoccupied with all the false alarms, and are not able to respond to a true emergency that might be happening at the same time.

Now, using caller ID to quickly and accurately determine someone’s location in a 911 call is generally very effective and helpful. A lot of times people calling 911 are too frazzled to even remember their address. But how can we ensure that these swatting pranks don’t get out of hand? As far as I can tell, the only real solution is something like the Truth in Caller ID Act, which was proposed by the Senate. That’s unfortunate, since I’m usually not a proponent of new, restrictive legislation, but some people will always abuse the system and ruin it for the rest of us.

I recently came across a nifty set of tools called MSF eXploit Builder. This was developed to speed up the process of creating Metasploit Framework (MSF) exploit modules, as well as editing existing ones. Granted, this is very new and not yet mature software, but it looks like the developers will be porting it over to Ruby. That should greatly increase the robustness of the code, since they can directly call the MSF API instead of hacking around it. But either way, it’s a cool idea and someone actually built it.

This is some cool research done by Dreamlab to “hack” the latest Microsoft 27 MHz wireless keyboards. It looks like the hardest part was reverse engineering the proprietary protocol. After that, the encryption was trivial, and the key was even passed in the clear.

There are more technical details in the PDF paper, such as this gem:

The one byte USB Hid code is encrypted using a simlple XOR mechanism with a single byte of random data generated during the association procedure.

That’s a pathetic attempt at security, really. Maybe Microsoft were hoping that no one would try hacking a keyboard, or that the new protocol would save them, but they should know better by now.