A teenager from Washington state was arrested last week on charges of hacking into an Orange County, Calif., 911 system and tricking the Orange County Sheriff’s Department (OCSD) into sending a SWAT team to an innocent couple’s home in Lake Forest.
The accused perp, 19-year-old Randall Ellis of Mulkiteo, Wash., will be brought to California where he’ll face felony charges for endangering the lives of the homeowners, identified by reports as Stacey Cerwin-Bates and Doug Bates. No one was hurt, but the whole thing could have ended in a tragedy.
It Was a Dark and Stormy Night
At approximately 11:30 p.m. on March 29, Ellis hacked into the Orange County 911 system, according to the Orange County District Attorney’s (OCDA) office. Ellis is accused of randomly picking the names of the married Lake Forest couple, whom he had never met, from his home in Washington and assuming their identities on the 911 system, the OCDA said. Ellis is also accused of prank calling their home, where the couple was sleeping with their two toddlers, in order to confirm the victims’ names.
Ellis then allegedly used the victims’ names and address and claimed to have shot and murdered someone in the Lake Forest home. He also threatened to shoot additional people, according to the OCDA, which sparked the sheriff’s department there to deploy a SWAT team. When the team arrived at the Lake Forrest home, Doug Bates heard rustling in the bushes outside and believed it to be a prowler. He took a knife from the kitchen and went into the backyard, where he found the SWAT team pointing assault rifles at him, the OCDA reported.
The SWAT team handcuffed both parents at gunpoint and held them until it was determined the report was a fake.
Up to 18 Years in Prison
Ellis is charged with one felony count of computer access and fraud, two felony counts of false imprisonment by violence, one misdemeanor count of falsely reporting a crime, and two felony counts of assault with an assault weapon by proxy. The term “proxy” alleges that the defendant was not in possession of the weapons but was directly responsible for their use. If convicted on all counts, he faces a maximum sentence of 18 years in state prison.
Ellis was arrested in Snohomish County, Wash., last Friday and waived extradition Wednesday at an extradition hearing. He is being held without bail and is scheduled to be arraigned on Oct. 22 at the Central Justice Center in Santa Ana, Calif., the OCDA said.
Hacking Technique
Exactly how Ellis allegedly hacked into the Orange Country 911 system remains unclear.
“We’re not going to share exactly how he hacked into the system, but … he hacked into our Orange County 911 emergency system and was able to send some information indicating there was a homicide emergency in a home in Lake Forest, and he was doing this all from his home in Washington,” Farrah Emami, a spokesperson for the OCDA, told TechNewsWorld.
The Orange County District Attorney High Tech Crimes Unit and OCSD linked Ellis to the crime using forensic computer technology, but would not divulge details on how they did so.
“This is the first time it’s happened in Orange County. It has happened in other parts of the country, and we have evidence linking Mr. Ellis to committing similar crimes in other states, but this is the first time he’s being prosecuted for it,” Emami noted. “We have evidence indicating he did this in California, Arizona, Washington and Pennsylvania.”
A Real Hack or Just a Spoof?
It’s possible that the act was committed by hacking directly into the Orange County 911 system, but it’s also possible to spoof a 911 system’s caller ID features by using a service called SpoofCard. SpoofCard lets someone change what someone sees on their caller ID display when they receive a phone call.
Currently, using SpoofCard appears to be legal, but that may change. Both the U.S. Senate and House of Representatives have passed separate and slightly different bills that would make it illegal for people to knowingly transmit misleading caller ID information with the intent to defraud or cause harm, according to SpoofCard.
SpoofCard, for its part, says it doesn’t condone using its service to defraud, harass or cause harm. An example of a legitimate use for SpoofCard could be a doctor phoning a patient from a personal home number and not wanting to disclose that number via caller ID.
Enticing a SWAT team to deploy on an innocent victim is sometimes known as “SWATting” among malicious pranksters. Four people in Texas were indicted in June in the U.S. District Court for the Northern District of Texas for conspiracy to access protected telecommunications equipment. They were allegedly teaching others how to make fake 911 calls.