When calling 911, one is typically facing a dilemma that requires the assistance of the police. However, there have been several cases in which hackers use a harassment tactic called swatting to deceive an emergency service. The police are hoaxed into arriving at someone’s residence with the belief that there is a serious threat, only to find out that someone was playing a sick and twisted prank. This was the case for a Facebook cybersecurity executive who was detained by the Palo Alto Police for hours after they received a call claiming that he killed his wife, tied up his kids, and placed pipe bombs all around his home.

Swatting

Swatting is common in Hollywood, and also among the gaming and cryptocurrency communities. A lot of celebrities have had the police break into their homes in the middle of the night with guns drawn. It is usually the SWAT (special weapon and assault team) responding to the 911 call. Hence, the name swatting. The practice is so dangerous that some responses by the police have ended fatally. A Kansas man was killed in 2017 after someone reported him holding hostages in his home.

In some cases, the police are unable to trace the calls back to their origins, allowing a sick thrill seeker to remain loose. As of now, this is true for the unidentified hacker who set up the Facebook executive. The prankster really only needed access to some of the victim’s basic information. This includes his address, family member’s names, and phone number. Though, the last one requires more skill. The call had to be staged and look like it was coming from the victim, when in reality it was being dialed from a different location.

There are numerous applications on both Android and iOS devices that can generate a fake phone number, so the user cannot be identified by the caller. But here, the hacker deliberately gained access to the Facebook employee’s phone number, so that his call was believable to the authorities.

Responsibility of Service Providers

This should be a red flag for internet service providers and the effectiveness of their user identification programs. It is hard to understand who is on the internet and what they are doing behind many different aliases. Swatting is becoming too frequent and the consequences are too extreme for us to turn a blind eye to the matter.

Swatting is a great use case of when cyber meets physical.  Hackers are penetrating firewalls and other software programs set in place by phone carriers, which signals the need for improvement, or at the very least an ability to trace the calls from their originating point. These vulnerabilities can turn any innocent person’s life into a living nightmare. Not only are these pranks detrimental to the victim’s existence, but the incidents can also have a negative impact on businesses associated with victim. A reputation is hard to repair, and a family’s psychological health may never be repaired.

The Cost of Swatting Worth Some Attention

If the suspect is identified, s/he could face multiple criminal charges, including potential civil liability as a cost recovery measure for the law enforcement response. The Palo Alto police Department made it clear in the media that this type of prank is unacceptable as it took away officers from their real job, which is to protect the city’s citizens.

Swatting is not as innocent as playing ding-dong ditch, and it requires serious attention from both law enforcement, telecommunication companies, internet service providers and individuals in the community. The person performing the criminal act hides behind net connections. Some have expressed that the thrill is in the hiding.

In an effort to minimize these pranks, it would be wise to have all four community partners working together to ensure practices are in place to better access the threat. Police and other first responders need awareness training just as they do basic cyber awareness training. A lethal response can’t be reassessed after the incident. Death is final.