$500,000 Bail for Teen Hacker Who Dispatched SWAT Team

Oct. 23, 2007 — -- A teen accused of hacking a 911 police computer system and triggering the deployment of a team of heavily armed police officers to the home of an innocent and unsuspecting California family will be arraigned next month, as bail was set Monday at $500,000.

Prosecutors accused 19-year-old Randall Ellis, of Mulkiteo, Wash., of using his computer and a recorded audio track to trick Orange County police into believing he had shot and killed someone in the Lake Forest, Calif., home of Doug Bates and Stacey Cerwin-Bates and would shoot more people.

Prosecutors and police have been tight-lipped about exactly how Ellis hacked their system, but cybersecurity experts told ABCNEWS.com that such breaches are easy and indicative of police departments' lax security systems.

Moments after receiving the 911 call March 29, SWAT teams and helicopters were dispatched to the home.

Awakened by the noise and believing there was a prowler outside, Bates stepped into his yard wielding a kitchen knife only to be swarmed and handcuffed by officers carrying machine guns.

"You have to look at this from the SWAT team's perspective," said Farrah Emani, spokeswoman for the Orange County District Attorney. "They thought they had been called to the scene of a homicide and saw a man with a weapon; it's fortunate they did not shoot him."

Ellis has been charged with "one felony count of computer access and fraud, two felony counts of false imprisonment by violence, one misdemeanor count of falsely reporting a crime, and two felony counts of assault with an assault weapon by proxy," according to a statement by the Orange County District Attorney.

Ellis' attorney, Ronald Bower, confirmed that the teenager would be arraigned Nov. 16. He said California took the rare step of individually collecting Ellis from the Washington state jail he has been held at since his arrest last Friday. That action, combined with the high bail, indicate how serious the California police are taking the case.

"We are going to enter a not-guilty plea in November," Bower said. "Putting in a not-guilty plea does not mean the case will go to trial, but it opens the door to things like psychological evaluation. … The bail is extremely high, and like the unique extradition, it underscores that they're very serious about this."

"I believe the assault with an assault weapon by proxy charge," essentially blaming someone for using a weapon from miles away, "is the first of its kind in California," Bower said.

Security experts said the skills involved in the alleged hack were pretty basic and indicate just how vulnerable many security systems are to such breaches.

"Police departments just don't have the skills to secure their own computers. This kid was probably browsing the Internet and realized there was an easy way to access the system," said Robert Graham, a former hacker and now CEO of the security firm Errata Security.

Graham said despite the hacker label, part of the alleged scheme may have involved something as easy as putting a fake phone number into a voice-over-Internet program. When the police department's caller ID showed the number of the Bates family home, police officers assumed the call was coming from that house.

"Those with even small computer skills can 'spoof' the caller ID themselves. This is possible via Vonage or the all-in-one services that you might get through your cable provider. The Skype phone client can easily be used to spoof the phone number," Graham said, referring to popular voice-over-Internet phone services.

He compared putting a fake phone number into such a program with writing a fake return address on an envelope; someone reading that address would assume on first blush that it was authentic.

Pradeep Khosla, a cybersecurity expert and dean of Carnegie Mellon's College of Engineering, said the government needs to help local police departments invest in increasing their security.

"Hacking into most systems isn't that difficult," he said. "Every system has bugs or loopholes, and it's only a matter of time before hackers exploit those."

"911 systems are essential to public safety, and the government has to invest in research and development that makes them more secure. You can imagine a hypothetical scenario where organized gangs or terrorists use the same techniques to flood 911 systems with wrong information and then attack someplace else."