Skip to comments.Police: 'Threat matrix' dictated SWAT team response at Powell Avenue home
Posted on 06/26/2012 10:19:42 AM PDT by Altariel
EVANSVILLE Stephanie Milan, 18, was relaxing in her familys living room Thursday watching the Food Network when a heavily armed squad of Evansville police officers arrived on the front porch.
Dressed in full protective gear, police broke the storm door of the home at 616 East Powell Ave. the Milans front door was already open on the hot summer day. They also broke a front window. They tossed a flashbang stun grenade into the living room that made a deafening blast. A short distance away, a local television crews cameras were rolling. The police had invited the station to videotape the forced entry of the residence.
Stephanie Milan said she managed to remain calm because she knew her family hadnt done anything wrong. Still, she was stunned and confused.
After speaking to Milan and her grandmother, Louise, police determined those inside the house had nothing to do with their investigation.
Police were executing a search warrant for computer equipment, which they said was used to make anonymous and specific online threats against police and their families on the website topix.com.
The front door was open. Its not like anyone was in there hiding, said Ira Milan, Stephanie's grandfather and owner of the property for many years. To bring a whole SWAT team seems a little excessive.
Ira Milan said the perpetrator of the threats likely used Stephanies Internet service connection from an outside location, which led police to the East Powell Avenue address.
But Police Chief Billy Bolin said, We have no way of being able to tell that, and the concerning Internet posts definitely come back to that address.
I think it was a show of force that they are not going to tolerate this, said Ira Milan, But what about the residents and what they have to tolerate?
After noting he has lived there for 30 years, Milan said, No one has ever been arrested at my house.
Bolin said Friday that department records indicated relatives associated with the address had criminal histories.
Mayor Lloyd Winnecke said Friday he spoke to Bolin about the incident and was satisfied that police were justified in forcibly entering the home.
They had what they thought were very specific threats against police officers, their families and the communities, Winnecke said.
He said police told him that the Milans storm door and window were being repaired at city expense.
Workers were at the Milan home on Friday repairing the storm door and broken window. Carpet inside the house was stained with black residue from the flashbang grenade.
Ira Milan said police offered to pay for the damage. Laptops and a cellphone belonging to Stephanie Milan a May graduate of Signature School who will attend the University of Southern Indiana this fall and major in radiology were seized in the raid and remained in police possession on Friday.
Bolin said the SWAT team used its standard knock and announce procedure of knocking on the wall and repeating the words police search warrant three times before entering.
The police chief said the procedure doesnt require officers to wait for a response.
Its designed to distract, he said.
The decision to use force
Police used what they called a law enforcement threat matrix to determine the proper response to information in the posts. One post mentioned explosives, and another specifically named Bolin and referenced the area where he lives. But no other officers names or addresses were identified.
Sgt. Jason Cullum, a police department spokesman, said one person had posted that he possessed explosives, and that Evansville is going to feel the pain. That threat, Cullum said, played a major role in dictating the police response.
Cullum said the conversation at topix.com which concerned officers began under a blog headline.
It said, EPD leak: Officers addresses given out, or something along those lines. There were some generalized comments about people not liking the police, and that didnt really concern us, Cullum said, but then the threats became more specific and suggested officers families could be at risk.
Time stamps on the postings indicated that they were made Wednesday evening. Cullum defended the departments action.
We brought them out and talked to them, Cullum said of the Milans. They were released at the scene. Investigators felt they were not involved in the posting.
This is a little more difficult that a traditional crime scene, because were dealing with the Internet. They definitely werent expecting (a SWAT team at the door). The reason we did that is the threats were specific enough, and the potential for danger was there.
This is a big deal to us, Cullum said. This may be just somebody who was online just talking stupid. What I would suggest to anybody who visits websites like that is that their comments can be taken literally.
The search warrant
Police were executing a search warrant approved by a judge. Such warrants are routinely filed in the Vanderburgh County Clerks Office, but officials in the clerks office said Friday afternoon they had no record of a warrant served on that address.
When asked by the Courier & Press for access to the document that allowed them to force entry to the home, Bolin refused. He said it might contain information that would compromise their investigation. However, he said the document didnt contain names of any suspects.
We have an idea in our mind who it is, but we dont have evidence yet, Bolin said.
Vanderburgh County Prosecutor Nick Hermann also refused to release the warrant.
The Courier & Press filed Freedom of Information requests Friday afternoon seeking the document from the police department, clerks office and prosecutors office.
Well, you know, SWAT teams need practice too. Plus, they have to justify their existence by knocking down screen doors. Presumably the family didn’t have a pet dog since none were reported killed.
Now that we have thousands of examples of false IP address associations, via “SWATing” political opponents, isn’t it time LEOs update their execution criteria?
File a lawsuite, walk into court and demonstrate that there is ample evidence to cite that IP address associations ARE UNRELIABLE!!!!!
I am really getting sick of the lefts depraved humor and intimidation tactics.
This has got to be satire! Not even the SWAT thugs are this bold.
I think it was a show of force that they are not going to tolerate this,
gee almost like a police state
I think it was a show of force that they are not going to tolerate this,
gee almost like a police state
Jack booted thugs
And these scum wonder why they get death threats.
That is, unless, you have a static IP, like I do.
In that case, it’s likely that these people had a wide open wireless Internet connection, used simple WEP encryption on their wireless router, or simply didn’t change the defaults, like so many retail-level, non-technical people fail to do.
Using programs such as KeePass (search KeePass on SourceForge.net) to generate complex random passwords or entering some numbers and symbols into your standard passwords makes cracking your wireless network that much harder.
If you don’t know how to secure your wireless network, either abstain from having one or hire someone to do it for you.
I imagine you just might get a visit from these thugs.
While my connection is secure, I have a lot of trouble with blaming those that don’t. If the police receive a threat through the mail with a return address on the envelope, are they then allowed to storm the house bearing that address???
Welcome to the New America, where we are all presumed guilty until proved innocent!
Yep. Wander into any subdivision.....and how many 192.168.0.100’s or 192.168.1.104’s you think you’d find?
I have to agree. These local armies are an unconstitutional threat and it's time to end them for good. They are far more dangerous than ANY criminal element out there.
SWAT teams and everything associated with them must be outlawed.
Revolver, Radio, badge and brain. Can't do the job with those tools, find another line of work.
That’s the IP range of the router, not the IP of the service the router is connected to.
As the great Eazy E said.
“With out a gun and a badge what do you got,
a sucker in a uniform waiting to get shot”!
How do people stay so calm. I would be throwing down on the fools after the dust settled. I mean my temper would get me beat.
Or even scarier - so many people with 127.0.0.1 it’s almost like people don’t care any more.
If it’s unsecured, I can latch onto it.....and know everything I’d want to know. Way too easy. I obviously skipped the “pick an open SSID” step out of my reply above.
The bigger point is that very, very few have unique static IP’s.
IPs and MAC addresses can be spoofed with little effort. Something as simple as changing the Reply-To address in MSOutlook or Thunderbird can mislead someone into thinking you’re someone you’re not.
There’s no surefire way to be safe in the digital age except to reduce your digital footprint as much as possible. In the age of social media, it’s really as simple as searching the web for someone with an opposing viewpoint and targeting them. Easy solution? Stay off of social media.
I agree with your assessment, Gads, and there need to be more legal avenues to prosecute police and SWAT for errant raids.
Ah, that makes more sense now, I read your post wrong.
I also turn off SID broadcasting in addition to the encryption as well as MAC filtering.
So many manufacturers have done this “one touch setup” crap that completely removes the human element from security and creates simple-to-guess garbage passwords with poor wireless security.
I’ve demonstrated to numerous neighbors how easy it was to get into their networks, and they’ve all asked me to help secure them. I never charge when they ask. Heck, even my wireless network got broken into a few years ago after I neglected to turn off port forwarding for a test I was conducting. There ARE ethical hackers out there, but they’re a lot fewer than those who wish to exploit you.
This should be normally turned off by default I believe, but that is definitely one of those that can be easily missed.
I run numerous services from my domain, so I have port forwarding on for a lot of ports. If you have something answering on the other end, it’s not so bad, but if you just have ports wide open with nothing there, it’s an avenue into your network.
Unfortunately mine was a SQL port which was used to attempt a back door brute force attack on a voice server, but I use 160 - 220 bit randomly-generated passwords saved to a key database on an encrypted thumb drive, so the chances of them actually doing any damage was pretty small; and I caught the attempt through DDoS logging on my router.
You got that some’bitch locked up nice and tight, I run a web server on an obscure port for testing purposes, but pretty much everything else is plugged up like public toilet.
For your edification.
The comments at the article mostly support the stormtroopers.
The zombies outnumber us.
Been involved in IT security and networking for over 10 years. The threats evolve but even the oldest exploits are still around and lurking.
I’m actually disappointed in retail-level manufacturers like Linksys (Cisco), dLink, and NetGear for releasing products that are so faulty. Sure it’s on the consumer to lock down their networks, but when they make it as easy as pressing a button to make a connection, you have to expect that those with the know-how are going to exploit it.
Easy does not mean secure.
Update Hell! And lose this cornucopia of opportunities to practice their methods and maybe shoot some dogs or even citizens and get paid vacations as rewards for their “mistakes?”
There are many instances of hired techs installing back door spyware.
Make sure the person helping is certified and undergoes regular background checks. Also, even if you turn off your wireless feature and use wired connections, the router / firewall still needs to be secured properly. A web crawler could still seek to penetrate the firewall (like Stuxnet).
Can you say “pigs” ? “Wannabe nazi ninja storm troopers” ? “Scum that should be fired and prosecuted” ?
I knew you could. Police officers (no relation to the above) should be disgusted by such tactics.
Make threats against a (non-VIP) private citizen, and the police will yawn. Make threats against the police, and the SWAT team will "make an example" of you.
Yes. Heaven forbid some goon's family might be at risk. I can't really understand why some might not like the police.
Perhaps it's because the cops don't really care who's house they break into or who's grandmother is rousted/shot/killed?/i
Turning off SSID broadcast doesn’t do much except keep the really stupid criminals out. There are plenty of free tools which will still find your network.
Good discipline on the password complexity but there are numerous ways to hack databases without a password. MySQL just announced a bug where it allowed access 1 out of every 256 attempts without verifying the password.
Failure to patch databases is the most common reason.
My suggestion is to never allow your database server to be connected directly to the internet even with a firewall.
storm troopers, one and all
This assumes that you are important enough for someone to go through the effort in attempting to find your router. As you pointed out, suppressing the SSID is just one layer to keep the morons out and moving to the next schmuck.
I don’t use that sort of DB. Look up KeePass on SourceForge.net. It creates an encrypted database in which all of your passwords are stored. It’s really a great little program.
I installed it on a thumbdrive which I encrypted and paired to the TPM in my secure desktop. Any passwords I need are accessed from that thumbdrive and are inaccessible unless the thumbdrive is plugged into the secure desktop, the TPM is authenticated, and the 160 bit passkey is typed in to unencrypt the database. Essentially it’s 3-factor authentication.
I also use the encrypted thumbdrive to save my MSOutlook PST/OST files, my banking credentials, MSMoney DB, and Firefox profile. Now granted if I ever lost this thing or it was otherwise destroyed, I’d be hopelessly lost, but I treat this device like I treat my wallet.
You can never be too careful.
Sadly you’re right. Even the *ahem* techs *clears throat* at Geek Squad can have questionable credentials. Never use someone who advertises on a road sign or on a public bulletin board, IMO.
Your best bet is someone who works in the industry as an engineer or administrator who does more than answer phones at a help desk. That’s not to say that help desk people aren’t technically ethical or knowledgeable, but help desk is usually where IT people 1) start their career and/or 2) end their career. I worked help desk for 6 years and have been doing engineering work for 15. If you don’t have the drive to get out of help desk you’re either a masochist or lazy.
Every database has its vulnerabilities. We tested on Oracle DB and had every password within 15 minutes. Security isn’t just passwords or encryption. They certainly help but it takes the whole picture to keep things locked up.
Key management applications help manage passwords and keepass is one. Sounds like a good system you have going there.
Most people won;t have the skills, the patience or the money to do this, but the purchase of one of the smaller wireless SonicWALLs like the TZ100W with the full security suite will present more of a challenge then most casual or semi-casual hackers and script kiddies can muster.
SonicWALL treats the wireless side as an entirely different subnet, and you must set up explicit firewall rules to allow your WLAN users access. And that’s in addition to using ACLs to allow/deny users.
SonicWALL devices are also good at detecting IP spoofing and other threats. Not cheap, but easily worth the $600 - $800 you’ll spend. www.sonicguard.com is a good resource.
If you have a network then you are important enough. You probably have banking, tax, or other personal info. If nothing else I can use your network to hack other people.
That way you get a visit from the swat commandos instead of me.
I run a security company so we see a lot of what happens.
I’d second the Sonicwall recommendation. We scan our sonicwall on a regular basis and have found it to be pretty darn good.
If nothing else dump the cheap crap verizon/comcast gives you and at least put a linksys in. Those aren’t too terrible.
I understand DB vulnerabilities but admittedly steer clear of them mostly out of ignorance but also out of a lack of need.
I don’t run any DBs on my home network anymore, esp. with all of the stories I hear and read about DB security.
In a domain environment, I force all DBAs to change the default ports to prevent script kiddies from banging on the door and enact two-factor authentication for administration (usually certs and complex passwords).
Authentication needs to be looked at with a fine-toothed comb. Passwords/phrases are old-tech. Smart cards, biometrics, and character/vision-based authentication make more sense, IMO.