Comments on: Hacker Gets 3 Years For 911 Hoax http://www.liquidmatrix.org/blog/2008/03/28/hacker-gets-3-years-for-911-hoax/ Bringing Fire To The Village: Your Source For Computer, Network & Information Security News from Dave Lewis, Security Blogger Sat, 05 Jul 2008 03:42:30 +0000 http://wordpress.org/?v=2.5.1 By: CJ http://www.liquidmatrix.org/blog/2008/03/28/hacker-gets-3-years-for-911-hoax/#comment-68633 CJ Fri, 28 Mar 2008 13:53:15 +0000 http://www.liquidmatrix.org/blog/2008/03/28/hacker-gets-3-years-for-911-hoax/#comment-68633 "Wow...this could have cost someone their life." Indeed. Swatting is a particularly bad deal in that you are almost always anonymous (unless you mess up such as this kid did) and all 911 reports generally must be followed up on. http://en.wikipedia.org/wiki/Swatting I work for an organization that provides a variety of critical infrastructure services, including fielding first responders such as police and fire. We practice incident response scenarios that include a flood of legitimate-sounding 911 traffic in order to understand how we might be able to triage the real reports that come in between the cruft. If you DoS a 911 call center with fake reports and don't have a method to triage, people will indeed die. An example of how difficult it is for ill-funded organizations (remember that most 911 call centers are run by City or County government that prioritizes fixing potholes before critical infrastructure protection) to track down callers: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/02/14/BATLV38B8.DTL “Wow…this could have cost someone their life.”

Indeed. Swatting is a particularly bad deal in that you are almost always anonymous (unless you mess up such as this kid did) and all 911 reports generally must be followed up on.

http://en.wikipedia.org/wiki/Swatting

I work for an organization that provides a variety of critical infrastructure services, including fielding first responders such as police and fire. We practice incident response scenarios that include a flood of legitimate-sounding 911 traffic in order to understand how we might be able to triage the real reports that come in between the cruft. If you DoS a 911 call center with fake reports and don’t have a method to triage, people will indeed die.

An example of how difficult it is for ill-funded organizations (remember that most 911 call centers are run by City or County government that prioritizes fixing potholes before critical infrastructure protection) to track down callers:

http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/02/14/BATLV38B8.DTL

]]>