In the last few years, there have been thousands of data breaches culminating in leaks of sensitive private information including, name, address, email ID and passwords. Now, the US Federal Bureau of Investigation (FBI) says pranksters are using the leaked information to harass the public with swatting.
Such hacked databases are often dumped on online forums for free. For pranksters, that is a treasure trove. As people reuse passwords over and over again, pranksters take that advantage to hijack smart home devices and place calls to emergency response teams. The FBI said that the pranksters often spoof the calls, making them look like it came from the victim's home. As the SWAT team or law and enforcement agents break into the victims' house, pranksters live-stream the video by taking over security cameras.
"As law enforcement responds to the residence, the offender watches the live stream footage and engages with the responding police through the camera and speakers. In some cases, the offender also live streams the incident on shared online community platforms," the FBI said in a statement.
What is Swatting?
While making prank calls to law enforcement agencies has existed for decades, swatting has slowly gained popularity. Swatting is making a hoax call to the emergency services, informing about an "immediate threat to human life". In such emergencies, the law enforcement deploys SWAT (Special Weapons and Tactics) teams to control the situation. Such swatting attacks are motivated by revenge or harassment. However, the FBI warned that it could lead to human casualties. Swatting is a crime and if found guilty, it can lead to imprisonment and hefty fines.
In 2017, a hoax call led to the death of a 28-year-old man named Andrew Finch in Wichita, Kansas. The convict, Tyler Barriss from Los Angeles made a call to Wichita Police informing them that he had shot and killed his father and at the given address and was holding his family hostage. As the SWAT team entered the address, they shot down Finch.
"Confusion on the part of homeowners or responding officers has resulted in health-related or violent consequences and pulls limited resources away from valid emergencies," the FBI said.
Recent Increase in Swatting
Such incidents have increased in recent times. In 2019 alone, there were over 1,000 swatting incidents. With more people staying home during the pandemic, the number has significantly increased. Now that most smart home devices are vulnerable to hacking, pranksters are taking advantage of that and interacting with the law enforcement agents and live-stream the entire incident on hackers' forums.
Pranksters have also been using Discord's phonecord bot to place anonymize calls to the police. After reports of abuse, the feature was discontinued on Discord but many similar services have emerged since, aiding in spoofed calls. As per a ZDNet report, many have even placed requests on Reddit, asking for swatting service from hackers. To mitigate the risks, the FBI is working with smart device manufacturers to strengthen device security. The agency has also asked users to set a strong password and change it periodically.
"Smart home device manufacturers recently notified law enforcement that offenders have been using stolen e-mail passwords to access smart devices with cameras and voice capabilities and carry out swatting attacks," the FBI said, urging people to alert the law enforcement if they come across such attempts.