BERLIN — Investigators may not know the “who” or the “why” when it comes to multiple bomb threats that have been levied against local schools in the past two weeks, but they may know “how” it’s being done.
“The FBI is involved and aware of what we are dealing with,” said Lt. Edward Schreier of the Worcester County Sheriff’s Office. “This is not limited to the lower shore.”
While investigators wouldn’t say for sure what was being used to pull off these robo-call bomb threats, they hinted that it may be associated with what hackers call “swatting” and “spoofing,” and using Voice Over Internet Protocol (VoIP) with the help of a SIP Trunk (Session Initiation Protocol) to essentially place multiple calls at one time and disguise where the calls are coming from using data lines, rather than traditional phone lines.
“It appears to be something like that,” said Schreier, “but we are looking into all available technology in regards to this incident.”
A Tech-Based Crime
According to Dave Huras, president of the Communications Fraud Control Association, swatting is a term used in the hacker world to describe a spoof call that is done with the intent to elicit a response from law enforcement officials.
“Sometimes hackers want to show how talented they are so they do these things to show off essentially,” he said, “but with swatting, it’s sometimes done merely to create chaos and mess with the police. I don’t know what the motivation here is obviously, but what I do know is that swatting is taken very seriously and law enforcement will prosecute to the fullest extent if they catch them.”
But catching up to those behind these threatening calls to schools could prove to be difficult.
“SIP trunks are extremely difficult to trace”, said Sam Card, CEO of Cards Technology, “and if the hacker knows what they are doing, you could dial a bunch of different numbers at a time, throw in an automated message and spoof the caller ID with a different number to cover your traces.”
Card also pointed out the ease in which to acquire this type of technology.
“SIP trunks and VoIP technology are appealing because it’s a cheaper alternative than the traditional twisted copper land lines,” he said, “so people are switching over because of the price and all of the things the technology allows you to do.”
“It Happens More Than We’d Like’
Yet, as with any technology or product, things can often be used for dark or illegal purposes.
“It unfortunately happens more than we’d like in our industry,” said Huras. “But, while there are some things that technology allows us that law enforcement has a hard time keeping up with, everything leaves a trace somewhere. It can just take a lot of time.”
For instance, Huras says that investigators are likely fast tracking the subpoena process to gain access to phone and URL numbers, while sweeping local phone carriers for suspicious trends and data. Yet, that data could have been masked and misdirected in hopes of leading investigators through the endless maze of cyberspace.
“All of this stuff adds layer upon layer of steps for law enforcement,” said Huras. “The investigation can end up like a multi-layered beast with many complex dance steps that must be carefully mastered and executed to even get close to solving it.”
Lt. Mike McDermott, who is one of the investigators on this case for the Worcester County Sheriff’s Office, said progress is being made.
“We have been able to pull back the layers of the onion in this case,” he said, “and it’s very tedious IT stuff. It’s all about misdirection, and it’s not just happening here, it’s happening all over the country.”
McDermott also revealed that the young juvenile that was taken into custody in connection with the first bomb threat that was made at Stephen Decatur High School last week, was a “less skilled copycat” than what investigators are dealing with now. He used his own cellular phone.
“Most of what we are dealing with isn’t even originating from a phone line,” said McDermott. “There’s a lot more nuance to this, and it shows off how people are using the dark side of technology to threaten people and disrupt life as we know it.”
Culprits Likely Advanced
Huras and Card both agree that the culprits in this case are most likely not rookies.
“It’s probably just someone showing off their Internet Kung Fu,” said Huras. “It doesn’t take a high degree of skill to do something like this, but it would take an advanced hacker with a very thorough understanding of things like routing, and call flow to not get caught after this long.”
Card countered that although the advent of VoIP technology has made spoofing a much easier thing to do, there are other things to consider.
“The other thing people need to remember is that viruses aren’t just designed to destroy information,” said Card. “Sometimes they are created to take over a computer and create a bot-network of computers that can all be used for illegal activity. To me, this is probably just a really elaborate prank, but it could be something worse, too.”