Swatters Hijack Smart Home Devices To Watch Emergency Responders

Weak credentials and login protections come with the risk of swatting for owners of connected devices with video and voice capabilities, warns the U.S. Federal Bureau of Investigation (FBI).

In a recent spate of swatting attacks, perpetrators have hijacked smart gadgets to watch or live stream the bad joke unfolding and engage the responding officers.

Swatting originates from prank calls to emergency services. It aims to generate a response from law enforcement and the S.W.A.T. (special weapons and tactics) team against a target.

In many cases, swatting is driven by revenge, especially among gamers, but it is also a harassment tactic or to pull a hoax on someone.

Unfortunately, what the offender may deem amusing can have violent, health-threatening, even deadly consequences.

Also Read: How a Smart Contract Audit Works and Why it is Important

Watching emergency responders

The U.S. Federal Bureau of Investigation (FBI) is warning users of smart devices to strengthen the login credentials by using strong, unique passwords and activating two-factor authentication protection.

In a public service announcement today, the FBI says that the offenders took over victims’ smart devices with video and audio capabilities to carry out swatting attacks.

This was possible because owners reused their email passwords. Makers of smart devices have noticed this practice and what it was used for and alerted law enforcement.

Data breaches are an endless source of sensitive information, including postal addresses, emails, and crackable or cleartext passwords. Lists with this type of data are easy to find.

Cybercriminals know that users value convenience over security and set the same and often weak password for multiple online services. So they probe the string on as many services as they can.

The FBI says that once the offender logs into the smart device they call emergency services to report a crime at the victim’s residence.

“As law enforcement responds to the residence, the offender watches the live stream footage and engages with the responding police through the camera and speakers. In some cases, the offender also live streams the incident on shared online community platforms”

– U.S. Federal Bureau of Investigation

Determining a fake emergency call is not always a simple task. Sometimes, offenders spoof the victim’s phone number to increase credibility, so the dispatch officer has no reason to suspect a hoax.

Swatting is a criminal offense punishable by fines and prison time as it is considered a public safety issue. The FBI has first warned of this phenomenon since 2008, although it had started much earlier.

Also Read: Data Centre Regulations Singapore: Does It Help To Progress?

In 2009, one swatter received more than 11 years in federal prison for using the tactic to harass various individuals. Another, involved in the 2017 Wichita swatting incident that ended with one individual being fatally shot, pleaded guilty and agreed to serve a sentence of 20 to 25 years in federal prison.