Doug Bates and his wife, Stacey, were in bed around 10 p.m., their 2-year-old daughters asleep in a nearby room. Suddenly they were shaken awake by the wail of police sirens and the rumble of a helicopter above their suburban Southern California home. A criminal must be on the loose, they thought.
Doug Bates got up to lock the doors and grabbed a knife. A beam from a flashlight hit him. He peeked into the backyard. A swarm of police, assault rifles drawn, ordered him out of the house. Bates emerged, frightened and with the knife in his hand, as his wife frantically dialed 911. They were handcuffed and ordered to the ground while officers stormed the house.
The scene of mayhem and carnage the officers expected was nowhere to be found. Neither the Bateses nor the officers knew that they were pawns in a dangerous game being played 1,200 miles away by a teenager bent on terrifying a random family of strangers.
They were victims of a new kind of telephone fraud that exploits a weakness in the way the 911 system handles calls from Internet-based phone services. The attacks — called "swatting" because armed police SWAT teams usually respond — are virtually unstoppable, and an Associated Press investigation found that budget-strapped 911 centers are essentially defenseless without an overhaul of their computer systems.
The AP examined hundreds of pages of court documents and law-enforcement transcripts, listened to audio of "swatting" calls, and interviewed two dozen security experts, investigators, defense lawyers, victims and perpetrators.
While Doug and Stacey Bates were cuffed on the ground that night in March 2007, 18-year-old Randal Ellis, living with his parents in Mukilteo, Wash., was nearly finished with the 27-minute yarn about a drug-fueled murder that brought the Orange County Sheriff's Department SWAT team to the Bateses' home.
In a grisly sounding call to 911, Ellis was putting an Internet-based phone service for the hearing-impaired to nefarious use. By entering bogus information about his location, Ellis was able to make it seem to the 911 operator as if he was calling from inside the Bateses' home. He said he was high on drugs and had just shot his sister.
According to prosecutors, Ellis picked the Bates family at random, as he did with all of the 185 calls investigators say he made to 911 operators around the country.
"If I would have had a gun in my hand, I probably would have been shot," said Doug Bates, 38.
In a separate, multistate case prosecuted by federal authorities in Dallas, eight people were charged with orchestrating up to 300 "swatting" calls to victims they met on telephone party chat lines. The three ringleaders were each sentenced to five years in prison. Two others were sentenced to 2 1/2 years. One defendant pleaded guilty last week and could get a 13-year sentence. The remaining two are set to go on trial in February.
A similar case was reported in Salinas, Calif., where officers surrounded an apartment where a call had come in claiming men with assault rifles were trying to break in. In Hiawatha, Iowa, fake calls about a workplace shooting included realistic gunshot sounds and moaning in the background. In November, a teenage hacker from Worcester, Mass., pleaded guilty to a five-month swatting spree including a bomb threat and report of an armed gunman that caused two schools to be evacuated.
Many times, however, swats don't get fully investigated or reported.
Orange County Sheriff's detective Brian Sims spent weeks serving search warrants on Internet providers before he identified Ellis through his numeric computer identifier, known as an IP address.
Law enforcement hopes lengthy prison terms will deter would-be swatters. Technology alone isn't enough to stop the crimes.
Unlike calls that come from landline phones, which are registered to a fixed physical address and display that on 911 dispatchers' screens, calls coming from people's computers, or even calls from landline or cell phones that are routed through spoofing services, could appear to be originating from anywhere.
Scores of Caller ID spoofing services have sprung up, offering to disguise callers' origins for a fee. All anybody needs to do is pony up for a certain number of minutes, punch in a PIN code and specify whom they're calling and what they'd like the Caller ID to display.
Spoofing Caller ID is perfectly legal. Legitimate businesses use the technology to project a single callback number for an entire office, or to let executives working from home cloak their home numbers when making outgoing calls.
At the same time, criminals have latched onto the technique to get revenge on rivals or get their kicks by harassing strangers.
"We're not able to cope with this very well," said Roger Hixson, technical issues director for the National Emergency Number Association, the 911 system's industry group. "We're just hoping this doesn't become a widespread hobby."
The 911 system was built on the idea it could trust the information it was receiving from callers. Upgrading the system to accommodate new technologies can be a huge task.
Gary Allen, editor of Dispatch Monthly, a Berkeley, Calif.-based magazine focused on public-safety communications centers, said dispatchers are "totally at the mercy of the people who call" and the fact they don't have technology to identify which incoming calls are from Internet-based sources.
Allen said upgrading the communications centers' computers to flash an Internet caller's IP address could be helpful in thwarting fraudulent calls. He said an even simpler fix, tweaking the computers to identify calls from Internet telephone services and flash the name of the service provider to dispatchers, can cost under $5,000, but is usually still too costly for many communications centers.
But because this style of fraudulent calls is so new, and many emergency-dispatch centers receive few Internet calls in the first place, those upgrades are not frequently done.
Swatting calls place an immense strain on responding departments. The Orange County Sheriff's Department deployed about 30 people to the Bateses' home, including a SWAT team, a helicopter and K-9 units. It cost the department $14,700.
They take their toll on victims, too.
Tony Messina, a construction worker from Salina, N.Y., was swatted three times by the gang broken up by the federal authorities in Dallas. He was even arrested as the result of one call, because authorities found weapons he wasn't supposed to have while they were searching the house.
Messina had made some enemies on a party line he frequented to flirt with women. Some guys disliked him and out of jealousy, he says, they started swatting him.
The first time, he was home alone with his two poodles when officers swarmed his backyard at 6 a.m. According to Messina, the callers said he had "killed a hooker and sliced her ear to ear, blood all over the place, I'm doing drugs and if you police come over here I'm going to kill you, too." After a few hours at the police station, he was let go.
Two weeks later, he was detained outside his house. A month later, he was in bed watching TV when he saw someone with a flashlight at his window. He went outside and was handcuffed while deputies searched his house and car.
Messina had been told to call 911 himself if the swatting calls happened again, and when the deputies realized it was another fraudulent call, Messina was let go. He said he suffered bruised ribs that kept him out of work for a month and a half.
Investigators say swatters are usually motivated by a mixture of ego and malice, a desire for revenge and domination over rivals.
Jason Trowbridge, one of the defendants currently serving a five-year sentence, told the AP in a series of letters from prison that the attacks started with the standard fare of prank callers — sending pizzas and locksmiths to victims' homes — escalated to shutting the power and water off and eventually led to swatting.
"Nobody ever thought anyone would get hurt or die from a SWAT call," he said.