Swatting
Swatting
Swatting is a criminal harassment tactic of deceiving an emergency service (via such means as hoaxing an emergency services dispatcher) into sending a police and emergency service response team to another person's address. This is triggered by false reporting of a serious law enforcement emergency, such as a bomb threat, murder, hostage situation, or other alleged incident. It can also be triggered by a false report of a "mental health" emergency, such as reporting that a person is allegedly suicidal or homicidal and may or may not be armed.[3] In the United States, the maximum prison sentence handed down by a court in March 2019 on a swatter was 20 years in jail for a fatal 2017 swatting violation.[4]
The term derives from the law enforcement unit "SWAT" (special weapons and tactics), a specialized type of police unit in many countries, carrying military-style equipment such as door breaching weapons, submachine guns, automatic rifles, and sniper rifles. A threat may result in the evacuations of schools and businesses. Advocates have called for swatting to be described as terrorism due to its use to intimidate and create the risk of injury or death.[5]
Making false reports to emergency services is a criminal offense in many countries, punishable by fines and imprisonment.[6] It causes tax dollars to be wasted by the city or county when responding to a false report of a serious law enforcement emergency.[7][8] In California, swatters bear the "full cost" of the response which can lead to fines up to $10,000.[9]
Origins
Bomb threats were a concern to police in the 1970s, with some public buildings such as airports being evacuated in response to hoax calls that were designed to cause mass panic and public disruption,[10][11] or to delay exams at educational institutions.[12][13][14] In recent decades, hoax callers sometimes make use of techniques to disguise their identity or country of origin. [15][16]
Swatting has origins in prank calls to emergency services. Over the years, callers used increasingly sophisticated techniques to direct response units of particular types. In particular, attempts to have SWAT teams be dispatched to particular locations spawned the term swatting. The term was used by the FBI as early as 2008,[17] and has also entered into Oxford Dictionaries Online in 2015.[18]
Techniques
Caller ID spoofing, social engineering, TTY, prank calls, and phone phreaking techniques may be variously combined by swatting perpetrators. 911 systems (including computer telephony systems and human operators) have been tricked by calls placed from cities hundreds of miles away from the location of the purported call, or even from other countries.[19] The caller typically places a 911 call using a spoofed phone number (so as to hide the fraudulent caller's real location) with the goal of tricking emergency authorities into responding with a SWAT team to a fabricated emergency.
Swatting is linked to the action of doxing, which is obtaining and broadcasting, often via the Internet, the address and details of an individual with an intent to harass or endanger them.[20]
Laws
United States
In the United States, swatting can be prosecuted through federal criminal statutes:
"Conspiracy to retaliate against a witness, victim, or informant"[21][22]
"Conspiracy to commit access device fraud and unauthorized access of a protected computer"[21][23]
An accomplice may be found guilty of "conspiring to obstruct justice"[24][25]
In California, callers bear the "full cost" of the response which can range up to $10,000[9]
In 2011, California State Senator Ted Lieu authored a bill to increase penalties for swatting. His own family became a victim of swatting when the bill was proposed.[26] A dozen police officers, along with firefighters and paramedics surrounded his family home.
A 2015 bipartisan bill in Congress sponsored by Katherine Clark and Patrick Meehan made swatting a federal crime with increased penalties.[30][31] Congresswoman Clark wrote an op-ed in The Hill saying that 2.5 million cases of cyber stalking between 2010 and 2013 had only resulted in 10 cases prosecuted, although a source for this was not provided.[32][33] As revenge for the bill, an anonymous caller fraudulently called police to Rep. Clark's house on January 31, 2016.[34]
Brazil
In Brazil, Swatting can be prosecuted through the Criminal code as the following articles:
Slander (Article 138: To slander someone by falsely imputing to him a fact defined as a crime), with penalties up to two years and fine[35]
Slanderous denunciation (Article 339: To cause the initiation of a police investigation, a judicial proceeding, an administrative investigation, a civil inquiry or an administrative impropriety action against someone, imputing him a crime that he knows he is innocent) with penalties up to eight years and fine[35]
False communication of crime or misdemeanor (Article 340: To provoke the action of authority, communicating to him the occurrence of crime or of contravention that knows to have not occurred), with penalties up to six months or fine[35]
Injuries or deaths due to swatting
2015 incident
On January 15, 2015, in Sentinel, Oklahoma, Washita County, dispatchers received 911 calls from someone who identified himself as Dallas Horton and told dispatchers he had placed a bomb in a local preschool. Washita County Sheriff's Deputies and Sentinel Police Chief Louis Ross made forced entry into Horton's residence. Ross, who was wearing a bulletproof vest, was shot several times by Horton. Further investigation revealed that the calls did not originate from the home and led Oklahoma State Bureau of Investigation agents to believe Horton was unaware that it was law enforcement officers making entry. James Edward Holly confessed to investigators that he made the calls with two "nonfunctioning" phones because he was angry with Horton.[36] Ross, who was shot multiple times in the chest and arm, was injured, but was treated for his injuries and released from a local hospital.[37]
2017 incident
On December 28, 2017, Wichita police an officer shot a man named Andrew Finch in his Kansas home in a swatting incident. Andrew Finch later died at a hospital. Based on a series of screenshotted Twitter posts, the Wichita Eagle suggests that Finch was the unintended victim of the swatting after two Call of Duty: WWII players on the same team got into a heated argument about a $1.50 (USD) bet. On December 29, 2017, LAPD arrested 25-year-old serial-swatter Tyler Raj Barriss, known online as "SWAuTistic" and on Xbox Live as "GoredTutor36," in connection with the incident.[38][39][40][41] In 2018, Barriss was indicted by a federal grand jury along with two others involved in the incident. According to U.S. Attorney Stephen McAllister, the false hoax charge carries a maximum punishment of life in federal prison while other charges carry sentences of up to 20 years.[42] On March 29, 2019, Barriss was sentenced to 20 years imprisonment.[43] The gamer that recruited Barriss in the bet plead guilty to felony charges of conspiracy and obstruction of justice, and was sentenced to prison for 15 months as well as a two-year ban on playing video games.[44]
Other notable cases
In 2009, a blind phreaker, Matthew Weigman, was caught with the help of a Verizon fraud-investigator named Billy Smith. Weigman was sentenced to 11 years in federal prison after he pleaded guilty to charges including "involvement in a swatting conspiracy" and attempting to retaliate against a witness.[45][46]
In 2012, CNN interviewed political commentator Erick Erickson to discuss an incident in which he had been the victim of swatting. A caller to 911 gave Erickson's address as his own and claimed:
I just shot my wife, so.... I don't think I could come down there.... She's dead, now.... I'm looking at her.... I'm going to shoot someone else, soon.— 911 caller[47]
The incident prompted Florida's 24th congressional district Representative Sandy Adams to push for a Justice Department investigation.[48]
In 2013, a number of U.S. celebrities became the victims of swatting, including Sean Combs.[49] In the past, there have been swatting incidents at the homes of Ashton Kutcher, Tom Cruise, Chris Brown, Miley Cyrus, Iggy Azalea, Jason Derulo, Snoop Dogg, Justin Bieber, and Clint Eastwood.[9]
In 2013, a network of fraudsters involved in carding and doxing of public officials using stolen credit reports targeted computer security expert Brian Krebs with malicious police reports.[50][51] Mir Islam, the leader of the group, had also used swatting hoaxes against prosecutor Stephen P. Heymann, congressman Mike Rogers, and against a girl he was cyberstalking who turned down his romantic proposals. Islam was convicted for doxing and swatting over 50 public figures, including Michelle Obama, Robert Mueller, John Brennan as well as Krebs, and was sentenced to two years in prison.[52] The Ukrainian computer hacker Sergey Vovnenko was convicted of trafficking in stolen credit cards, as well as planning to purchase heroin and ship it to Brian Krebs then swatting him.[53] He was sentenced to 15 months in prison in Italy, and 41 months in prison in New Jersey.
In May 2014, Curtis Gervais of Ottawa, Ontario, was arrested for having made thirty fraudulent emergency calls across North America,[54][55] leading to sixty charges "including uttering death threats, conveying false information with intent to alarm, public mischief and mischief to property".[56] Gervais was sentenced to nine months of home detention. Ontario Court Justice Mitch Hoffman noted that the hoax calls, which resulted in the evacuations of schools, homes and a shopping center, caused thousands of people's lives to be, "put in turmoil and terrorized." He also called it, "a massive waste of public resources with significant cost to emergency services, and therefore to the taxpayer."[57]
On August 27, 2014, YouTube user Jordan Mathewson, known online as Kootra, live streamed a game of Counter-Strike: Global Offensive on Twitch. A viewer called 911 claiming that there was a shooting in the building with hostages. A SWAT team raided the office out of which Mathewson's gaming company, The Creatures LLC, was operating. Mathewson was thrown to the ground and searched as officers searched the room. The events were broadcast live on the internet, until law enforcement blocked the camera lens on Mathewson's desk.[58] Videos of the swatting went viral, gaining over four million views on YouTube and being reported on news programs all over the world.
On September 11, 2014, Bukkit programmer Wesley "Wolvereness" Wolfe was the victim of a swatting incident. An unidentified Skype caller told police that Wolfe had shot his parents and was on a killing spree. Wolfe believed he was targeted in retaliation to his issuing of a DMCA takedown of CraftBukkit from the Bukkit repository.[59][60]
On November 6, 2014, the home of an unnamed executive with Bungie, a developer of the Halo and Destiny franchises, was raided by local police after a call, purported to be from someone inside the house, said that there was a hostage situation at the residence.[61] The caller had demanded a ransom of $20,000 and claimed they had planted explosives in the yard.[61] After 45 minutes, police determined the call originated from a computer and not from the residence; they further stated that the perpetrator of the hoax could face a fine and one year in jail if apprehended.[61]
On December 5, 2014, police in Coquitlam, British Columbia, arrested a teenager using the pseudonym 'Obnoxious' who had committed at least 40 attempted and successful acts of swatting in several countries. The teenager historically targeted "mostly young, female gamers" that ignored friend requests in League of Legends and on Twitter.[62] He used social engineering techniques and Skype tracking tools to obtain address details of victims from companies including Cox Communications and VoIP calling to mask his real location. He went so far as to live stream his swatting calls. The youth pleaded guilty to 23 crimes. A New York Times article on the case criticized Twitch for failing to block the user and his associates from the site.[63][64][65][66]
On January 3, 2015, twenty Portland, Oregon, police officers were sent to the former home of Grace Lynn, a transgender woman. She stated that this was the culmination of months of online harassment from Gamergate supporters after she withdrew her support for the movement.[67][68] The swatter, coming from Serbia, claimed to be not affiliated with Gamergate.[69] Lynn said that she was alerted to the incident because she had proactively checked for online harassment daily, and she had defused the situation by contacting police.[70]
In May 2015, Zachary Lee Morgenstern, 19, of Cypress, Texas, was arrested after he made a number of hoax bomb threats and "swatting" calls in Minnesota, Ohio, and Massachusetts, including for two schools in Marshall, Minnesota. The police obtained his IP address from Twitter and Google.[71] Morgenstern pleaded guilty to several federal crimes, and, in December 2015, was sentenced to 41 months in prison.[72]
In August 2015, the founder of the website Mumsnet was the target of a swatting, which resulted in the deployment of a London Metropolitan Police Service armed response unit attending her home address. The hoax was concurrent with a denial-of-service attack on the Mumsnet website and threats of a swatting attack.[73]
On January 31, 2016, at around 10pm, U.S. Representative Katherine Clark was swatted by an anonymous caller who claimed there was an active shooter in the home. Melrose Police responded to the home, and left after determining the call was a hoax. Rep. Clark had sponsored a bill called the 'Interstate Swatting Hoax Act of 2015', aimed at increasing the penalties for swatting, as well as making swatting a federal crime. After the incident, she said she had been very sympathetic to people who have been the victims of swatting before Sunday night but now fully understands what it's like. She further stated that the swatting "will really cause me to double down."[34]
On April 28, 2017, Twitch user Paul Denino (pseudonym "Ice Poseidon") was live streaming before boarding an American Airlines flight. After the plane had landed, law enforcement showed up on the airport apron and removed Denino and one other person from the plane. An anonymous caller claimed that Denino had a bomb when he did not.[74]
On October 16, 2017, Bitcoin engineer Jameson Lopp's neighborhood was locked down by law enforcement responding to a reported hostage situation. An anonymous caller claimed to have shot and killed one person while holding others hostage for ransom in a house rigged with C4.[75] Lopp later wrote a first person account of the ordeal and offered a bounty for information leading to the arrest and conviction of the perpetrator.[76]
On May 16, 2018, popular streamer and former professional Overwatch player Felix "xQc" Lengyel had his home raided by police and was handcuffed mid-stream at his California apartment. Lengyel later revealed that three guns were pointed at him. While Overwatch League analyst Brennon Hook stated that the raid was due to a noise complaint from a neighbor, Lengyel asserted that it was an act of swatting.[77]
On June 5, 2018, police were called to the Parkland, Florida home of Stoneman Douglas High School shooting survivor and gun-control activist David Hogg.[78] The caller claimed that there was a "hostage situation," prompting an emergency response that included a SWAT team.[79] Hogg was not at home at the time, as he was in Washington, D.C., with his family to receive the Robert F. Kennedy Human Rights Award as one of the organizers of the March for Our Lives.[79]
After winning the $3 million top prize in the Fortnite World Cup in July 2019, 16-year-old Kyle "Bugha" Giersdorf was swatted during an August 2019 stream, with the local SWAT team armed on arrival. However, the situation was diffused as one of the officers recognized Giersdorf from his championship and recognized the call as a prank.[80]
Measures against swatting
In October 2018, the Seattle Police Department (SPD) launched an opt-in registry aimed at people who fear that they might become victims of swatting, such as celebrities or live streamers. Using the registry, these people can provide cautionary information to the SPD, which will inform officers responding to potential swatting attempts targeted at the victim's address.[81]
Security reporter Brian Krebs recommends that police departments take extra care when responding to calls received at their non-emergency numbers, or through text-to-speech services (TTY), since these methods are often employed by out-of-area swatters who cannot connect to the regional 911 center. [82] []
See also
Mobbing