Since Christmas, more than a dozen swatting attacks have been perpetrated against political figures, celebrities, and even the White House. The individuals or groups that carry out these dangerous attacks use a variety of cyberwarfare techniques, with some ransomware groups even using swatting to intimidate their victims.
These attacks have the potential to be deadly and are considered serious crimes. Law enforcement agencies around the world are actively working to identify and prosecute swatters, as well as prevent others from engaging in this dangerous activity.
What is Swatting?
Prank phone calls have been around for quite some time; however, due to technological advancements and the proliferation of the internet, they have become far more hazardous and have the potential to result in severe harassment, which is now commonly referred to as swatting.
The term “SWAT” refers to the Special Weapons and Tactics (SWAT) unit of the US Special Police Forces. According to the FBI, swatting has been around since the early 2000s but has recently experienced rapid growth.
While they claim that swatting assaults are becoming more commonplace globally, the fact that they started in the US makes them even more alarming. Swatting attacks against gamers and prominent people are frequently carried out by threat actors and groups using a variety of tactics. Recent events are increasingly affecting Fortune 500 firms and schools.
In attacks against businesses, the targets are employees, C-suite executives, and board members, making it essential for companies to prepare for such an event, and for their tech teams remain vigilant.
Techniques and Tactics
News reports heavily speak to the violence and dangerous aspects of swatting attacks. However, the technology in use tells us that current attacks are rooted in cybersecurity.
Those carrying out these attacks will use varied techniques, tactics, and procedures (TTPs) during swatting attacks. They may make a fake report to local authorities to report an ongoing incident or attack.
While swatting itself isn’t a part of cybersecurity, with current technological advances, swatters leverage various sophisticated techniques that involve technology to carry out their attacks while concealing their identity. These are some of the typical cybersecurity tactics used by swatters:
Spoofing
By using Voice over Internet Protocol (VOIP) or spoofing their phone numbers, Swatters can mask their identity and location, which makes it challenging for local police and other law enforcement agencies to trace calls to the perpetrator.
Doxxing
Swatters typically seek out information about their targets using doxxing techniques. To make their swatting calls more convincing, they will collect home addresses, email addresses, phone numbers, and other private data.
Social Engineering Schemes
One tactic swatters use to manipulate and convince emergency dispatchers that their false emergency report is genuine is through social engineering tactics. For example, the swatter will use persuasive language, provide fabricated details, and invoke a sense of urgency, “life or death,” that makes the call seem credible.
Exploiting Vulnerabilities
Exploiting vulnerabilities in emergency response systems or procedures is another strategy that swatters use to ensure a prompt and robust response from law enforcement. These can include manipulating emergency call routing systems, exploiting the trust of emergency responders, or exploiting weaknesses in dispatch protocols.
Hacking Personal Devices
Personal devices are also targets for swatting. Attackers will hack into their targets personal devices to gather more data or to create more realistic scenarios to convince emergency dispatchers during swatting calls.
Smartphones, home automation systems, and computers can all be involved in providing false evidence that there is a threat.
Using Proxy Servers and Anonymizing Tools
There are many technologies swatters use to carry out their attacks. These include virtual private networks (VPNs), proxy servers, or anonymizing tools that conceal online activities and obfuscate IP addresses, which make it much more challenging for law enforcement agencies to track them down.
Swatting and Bomb Threat Service
Threat operators have recently developed a brand-new service seen on the dark web. Anyone can hire a fake bomb or an active shooter reporter for a small fee. Among the places that these reporters target are residences, schools, and businesses.
These services are used for a variety of purposes. For example, at times, it might be for disruption. However, it can also be for sheer terrorism.
Of course, the benefit of hiring someone for this work is to keep the actual buyer’s identity anonymous. Since someone else is doing it, their voice, infrastructure, and interaction make these calls. In addition, individuals outside the US typically carry out these attacks.
The Targets of Swatting Attacks
While swatting attacks typically target a broad range of people, they often focus on individuals with a large online presence or communities featuring content creators, gamers, and streamers. Some of the common targets include:
- Gamers
- Streamers and Content Creators
- Celebrities and Public Figures
- Journalists and Activists
- Online Rivals or Enemies
- Innocent Victims
Recent notable attacks were carried out against Jen Easterly, the Director of the Cybersecurity and Infrastructure Security Agency (CISA), Representative Marjorie Taylor Greene, and the White House.
Swatting Attacks
Experts and law enforcement are working to implement methods of identifying and tracking down swatters. Swatting attacks are illegal and can have serious consequences. Significant resources are often used to investigate and prosecute the individuals responsible.
Last May, the FBI launched a national online database that allows local police departments and other law enforcement agencies to share information about swatting attacks. The database allows authorities to connect the dots between the perpetrator, the caller, and other involved individuals to determine where they are linked.
The authorities hope the database will lead to uncovering the attackers and their prosecution.
Preventing Swatting Attacks
In addition to the waste of local law enforcement resources and the dangers associated with swatting, experts say each incident costs between $15,000 and $25,000.
Preventing swatting attacks requires a multiple-pronged approach that includes a combination of proactive measures that serve to reduce the risk of becoming a victim as well as reactive strategies to mitigate the impact should an attack happen.
There are some steps you can take to help prevent a Swatting attack:
Online Privacy: Limit the personal and business information shared online, such as addresses, daily routines, and phone numbers. Also, sharing details about your location or activities on social media platforms should be done with extreme caution.
Secure Online Accounts: Password security should be a priority. Use unique passwords for all online accounts and two-factor authentication wherever possible. Monitor accounts regularly for suspicious activity.
Education and Awareness: Stay informed about the latest Swatting trends and tactics. Educate employees and yourself on the possible risks and consequences related to Swatting attacks.
Liaise with Law Enforcement: If you’re concerned you may be a target of a Swatting attack, reach out to local law enforcement to inform them of your concerns. Make sure to share any relevant information about online activities or possible connections that could be adversaries. This information will help them keep you safe from a Swatting attack.
Additionally, develop a plan in case you become the target of a swatting attack. If you’re a content creator, streamer, or public figure, work with the platforms you use to share content or broadcast. They can help add more security measures and protocols to prevent a swatting attack.
