Swatting is a dangerous and illegal hoax or prank in which someone falsely reports a critical incident to law enforcement, with the intention of causing a heavily armed police or SWAT team to respond to a specific location. Swatting-as-a-Service (SaaS) is a disturbing development where individuals can pay others or hire “services” to carry out swatting attacks on their behalf. What you need to know about both phenomenons can be found here, including recent incidents of note and What Next? in terms of prevention and mitigation.
Swatting and Swatting-as-a-Service
Swatting is a dangerous and illegal hoax or prank in which someone falsely reports a critical incident, such as a hostage situation, bomb threat, or other life-threatening emergency, to law enforcement, with the intention of causing a heavily armed police or SWAT team to respond to a specific location. The term “swatting” is derived from “SWAT,” which stands for Special Weapons and Tactics, referring to specialized police units trained for high-risk situations.
The typical scenario of swatting involves an individual or group of individuals making a false emergency call to the police, often disguising their identity or location. They might use methods like caller ID spoofing or voice-changing software to make it more challenging for authorities to trace the call back to them. The false report may include fabricated details intended to escalate the perceived danger, leading to a more substantial law enforcement response.
Swatting can have severe consequences, including:
1. Potential for Violence: Swatting incidents can turn violent, as heavily armed law enforcement officers may forcefully enter the reported location, potentially injuring or endangering innocent individuals who are unaware of the false report.
2. Waste of Resources: Swatting diverts significant law enforcement resources, including personnel and equipment, from legitimate emergencies, potentially delaying responses to actual crises.
3. Legal Consequences: Swatting is illegal in most jurisdictions and can result in criminal charges for the perpetrator, including charges related to making false reports, harassment, and endangering public safety.
4. Emotional and Psychological Trauma: Individuals who become victims of swatting often experience emotional distress and trauma due to the sudden and terrifying intrusion by law enforcement.
Swatting-as-a-Service (SaaS) is a disturbing development where individuals can pay others or hire “services” to carry out swatting attacks on their behalf. These services may provide anonymity to the person requesting the swatting, making it even more challenging for law enforcement to track down the responsible party.
Efforts have been made to combat swatting, including stricter penalties for those caught engaging in this dangerous activity and enhanced law enforcement training to distinguish genuine emergencies from hoaxes. Additionally, advancements in technology have been employed to trace the origin of false emergency calls more effectively.
It is crucial to emphasize that swatting is a dangerous criminal act with serious consequences, and it should never be used as a prank or form of harassment. Law enforcement agencies take swatting very seriously, and individuals who engage in swatting may face significant legal penalties.
As reported at The Record:
“Remember ding-dong ditch? Kids would ring a doorbell — maybe numerous times in a single afternoon — and then run away. That childish prank has given way to something called swatting. Here’s what you need to know:
- The FBI has created a national repository for local law enforcement to voluntarily report swatting incidents. However, it’s deemed only a first step in tackling this form of cyber crime.
- Swatting requires a multi-pronged solution and the legislation to tackle this issue is currently insufficient, requiring patchwork of statutes to prosecute offenders. This highlights a need for a more robust form of legislation at a federal level.
- Several states like Washington, Texas, and Maryland have strong anti-swatting legislation, setting a good model for federal level law. Yet, the heterogeneity across state laws demand for federal protection to ensure uniformity in victims’ recourse and defenses.”
From The Hill:
The FBI is tracking “swatting” incidents in a national database as the dangerous form of prank call becomes more common…Swatting incidents take place when a person calls the police claiming there is a dangerous person, kidnapping or a mass shooting at a house, hoping for police to respond in force. The incidents have most commonly targeted internet celebrities and live streamers, but musicians like Rihanna and Justin Bieber have also been victims of swatting. Earlier this year, swatting incidents also became more common at schools. Dozens of schools were targeted with hoax active shooter threats in a single week in March. Following that string of false calls, Senate Majority Leader Chuck Schumer (D-N.Y.) called on the FBI to track the incidents more closely and work to prevent them. In 2021, a 60-year-old man from Tennessee died of a heart attack as police raided his house in a swatting attack. An 18-year-old was sentenced to five years in prison for the threat.
Recent advances in technology, including the use of artificial intelligence, have made it more difficult to catch people who commit swatting. Callers can obscure their computer IP addresses and fake voices to mask their identities. There has been no centralized database to track swatting incidents until now, so the exact number of occurrences is unknown. The Anti-Defamation League estimated there were 1,000 swatting incidents in 2019. The new FBI database has already tracked 129 swatting incidents since the start of May, according to a statement from the agency.
As reported by MOTHERBOARD (August 2023): As the U.S. deals with a nationwide swatting wave, Motherboard has traced much of the activity to a particular swatting-as-a-service account on Telegram. “Torswats” uses synthesized voices to pressure law enforcement to specific locations. In fact, Motherboard has found, this synthesized call and another against Hempstead High School were just one small part of a months-long, nationwide campaign of dozens, and potentially hundreds, of threats made by one swatter in particular who has weaponized computer generated voices. Known as “Torswats” on the messaging app Telegram, the swatter has been calling in bomb and mass shooting threats against highschools and other locations across the country. Torswat’s connection to these wide ranging swatting incidents has not been previously reported. The further automation of swatting techniques threatens to make an already dangerous harassment technique more prevalent.
Other Swatting and Swatting as a Service Incidents of Note
The Anti-Defamation League has tracked 26 calls threatening violence at synagogues from New York to California over the last month: The hoax calls to police departments or suicide hotlines around the country say that a man is considering killing himself and others or that a bomb has been placed in a building. The address given on the phone belongs to a synagogue that is livestreaming its services. In some cases, the callers watch in real time as police interrupt frightened worshipers. Later, clips of the incidents are posted online. The incidents are part of a string of 26 “swatting” calls aimed at synagogues in 12 states across the country that the Anti-Defamation League, a Jewish advocacy organization, has tracked for the last month, including at least five in New York City and state. “Swatting” refers to the police SWAT teams that are sometimes summoned in such cases. In New York, police officers have showed up at synagogues with bomb-sniffing dogs. In North Carolina, worshipers were evacuated. In California, callers said there was a backpack bomb hidden under a bench.
ADL Statement on Continued Series of Antisemitic Swatting Incidents Targeting Synagogues and Other Institutions
ADL (the Anti-Defamation League)…issued the following statement in response to a continuing series of incidents over the past four weekends involving the disruption of Jewish prayer services, as well as additional targets, through swatting and fake bomb threats targeting synagogues, posed by a group of online trolls.
From ANDROGURU: “In a surprising announcement, Daniel Micay, the lead developer of GrapheneOS, has revealed that he is stepping down from his role and will be replaced as a director of the GrapheneOS Foundation. Micay took to Twitter to share this decision and also expressed his intention to discontinue the use of public social media platforms. The move comes in light of the escalating level of harassment that Micay has been facing, including recent incidents of swatting attacks. GrapheneOS, a privacy-focused mobile operating system, has gained considerable recognition for its commitment to security and privacy in the digital age. The platform, known for its stringent security measures and emphasis on user control, has been lauded for providing individuals with a robust alternative to mainstream mobile operating systems. Micay’s departure as the lead developer of GrapheneOS raises questions about the future direction of the project.”
The Federal Bureau of Investigation (FBI) has released a public service announcement detailing a new threat to safety. The agency claims that pranksters are hacking smart devices with low cybersecurity protections to live-stream swatting incidents for public enjoyment. Offenders have been taking over victims’ smart devices as well as video and audio home surveillance devices to conduct swatting attacks. A swatting attack is when an individual knowingly reports a false serious crime, such as murder, against another individual who then has SWAT forces arrive at their residence. Swatting is not only illegal, but it endangers the livelihood of the innocent recipient, and in some cases, their families. The pranksters have been utilizing previously leaked credentials to break into devices in which the credentials are re-used. When law enforcement arrives, the offender is able to watch or broadcast the live stream footage and engages with the police through hijacked audio and visual capabilities. Swatting has increased across the US over the past few years and has resulted in deaths through accidental shootings.
Prevent and Mitigating the Risk of a Swatting or Swatting as a Service Incident
Preventing and mitigating the risk of a Swatting or Swatting-as-a-Service cyber attack requires a combination of proactive measures, education, and cooperation with law enforcement. Here are some steps you can take to reduce the risk:
1. Protect Personal Information
- Be cautious about sharing personal information online, including your home address, phone number, and other identifying details.
- Regularly review and adjust your privacy settings on social media platforms and online accounts to limit the visibility of your personal information.
2. Use Strong Authentication
- Enable two-factor authentication (2FA) on your online accounts whenever possible. This adds an extra layer of security and makes it more difficult for attackers to gain access to your accounts.
3. Secure Your Online Presence
- Use strong, unique passwords for each of your online accounts.
- Regularly update and patch your software, including operating systems and applications, to protect against vulnerabilities that could be exploited.
4. Educate Yourself and Your Family
- Teach family members about the dangers of Swatting and the importance of not sharing sensitive information online.
- Create a family emergency plan so that everyone knows what to do if a Swatting incident occurs.
1. Remain Calm and Comply
- If you believe you are the target of a Swatting attack, stay as calm as possible and cooperate fully with law enforcement officers. Follow their instructions carefully to avoid escalating the situation.
2. Contact Law Enforcement
- Report the incident to your local law enforcement agency as soon as possible. Provide them with any relevant information about the threat or the person behind it.
3. Document the Incident
- Keep records of any threatening messages or communications you receive, as well as any suspicious online activity.
- If possible, record phone calls or video streams during the incident for evidence.
4. Cooperate with Authorities
- Work closely with law enforcement to provide any information that may help them track down the perpetrator. This may include providing digital evidence or information about online interactions.
5. Online Safety Measures
- Continue practicing good online safety habits, such as securing your online accounts and protecting your personal information.
6. Raise Awareness
- Raise awareness about the dangers of Swatting within your community and online. Encourage others to be cautious about sharing personal information.
7. Support Legislation
- Support efforts to enact legislation that imposes stricter penalties on Swatting perpetrators. Strong legal consequences can act as a deterrent.
8. Engage in Cybersecurity Awareness Training
- Consider participating in cybersecurity awareness training programs to learn about online threats and how to protect yourself and your family.
VPNOverview also has a best-in-class resources on Swatting and Swatting-as-a-Service. Find it here:
Remember that Swatting is a serious crime that poses risks to public safety. Cooperating with law enforcement and taking preventive measures are essential steps in minimizing the risk and impact of such incidents.
Featured Image Source: ADL What is Swatting?