Swatting may be a new term for many, but it is a familiar one to those in the gaming and online streaming communities. In simple terms, it is the act of making a false police report dispatcher, in order to send a large number of armed officers (SWAT teams) to a person's home address. Such hoax calls could include a hostage situation, bomb threat or homicide.
This form of emergency service deception is a highly criminal offense, though it has become a common prank in instances where the occupant may be live streaming via Twitch or YouTube, unaware of what's about to happen, so that the viewers and online pranksters can watch it happen in real-time.
Sadly, the act of Swatting is nothing new and has been ongoing for a few years, but in more recent events it appears that Amazon's Ring doorbells and smart security devices are the latest to be targeted by swatters and hackers.
Two men have been charged in Wisconsin and North Carolina for hacking Yahoo! email accounts and gaining unauthorized access to these cameras, taunting police officers, and placing 12 hoax calls through these devices in what reports are calling a weeklong swatting spree that took place in 2020.
The perpetrators have been named as 21-year-old Kya Christian Nelson from Racine, Wisconsin, as well as 20-year-old James Thomas Andrew McCarty from Charlotte, North Carolina. According to Fox News the pair have been charged with one count of conspiracy to intentionally access computers without authorization, as well as two counts of aggravated identity theft charged to Nelson.
An indictment was returned on December 16 2022 from the federal grand jury in Los Angeles, which stated that McCarty and Nelson gained access to home security door cameras sold by Ring LLC between November 07-13 2020, acquiring unauthorized access to the usernames and password information for Yahoo! email accounts belonging to victims throughout the United States.
In an announcement, the US Justice Department has revealed that the pair "determined whether the owner of each compromised Yahoo! account also had a Ring account using the same email address and password that could control associated internet-connected Ring doorbell camera devices. Using that information, they identified and gathered additional information about their victims."
The pair of young hackers during the week-long swatting spree allegedly placed hoax phone calls with the intent to elicit an extreme armed police response, then live-streamed several of these responses from the hacked doorbell cameras onto social media, and verbally taunted law enforcement and police officers that arrived at the scene through the Ring cameras.
The statement from the Department of Justice also revealed that on November 08 2020, Nelson and an accomplice accessed accounts including a Ring doorbell from a victim in West Covina, California, and made a hoax call to the local police department originating from the victim’s residence, posing as a minor child reporting that her parents were drinking and shooting guns inside the home.
Having reportedly gained access to a dozen Ring home security door cameras across the US, can we trust that even the best home security cameras can keep us safe and protected from hackers such as McCarty and Nelson?
The FBI back in 2020 was forced to issue a public service announcement that urged users of smart home devices to enable the security measure of two-factor authentication, and to use more complex and dissimilar passwords to protect against any potential swatting attacks.
The indictment and DOJ statement also revealed that similar swatting incidents have occurred in areas that include Flat Rock, Michigan; Redding, California; Billings, Montana; Decatur, Georgia; Chesapeake, Virginia; Rosenberg, Texas; Oxnard, California; Darien, Illinois; Huntsville, Alabama; North Port, Florida; and Katy, Texas.
Update 21 December 2022: Ring has since released a statement pertaining to the issue, suggesting that: “Swatting is a serious crime, and those responsible for it should be brought to justice. In this case, we learned bad actors used stolen customer email credentials obtained from external (non-Ring) services to access other accounts, and took immediate steps to help those customers secure their Ring accounts. We also supported the FBI in identifying the individuals responsible.
"We take the security of our customers extremely seriously—that’s why we made two-step verification mandatory, conduct regular scans for Ring passwords compromised in non-Ring breaches, and continually invest in new security protections to harden our systems. We are committed to continuing to protect our customers and vigorously going after those who seek to harm them.”
• You may also want to take a look at our guides to the best outdoor security cameras, as well as the best cheap security cameras, plus the best fake security cameras to act as a deterrent, the best body cameras, and not forgetting also the best dash cams to capture the action on the road.