Imagine sitting quietly at your computer reading this article. Suddenly, bright lights and spotlights shine through your window. Police officers armed to the teeth storm into your room out of nowhere. "Hands in the air!" one of the officers yells at you in a firm and harsh tone. Your heart beats in the back of your throat and you wonder what Hollywood movie you have landed in. This must be a mistake, right? What do you do at such a moment?
In this scenario, you are the victim of swatting. Someone calls the police and pretends that you are a sniper, kidnapper or terrorist with evil intent. Emergency services take such a report extremely seriously and take immediate action. What started as a silly prank ends in a brutal confrontation with the police, sometimes even deadly. Swatting is a serious crime not to be taken lightly.
In this article, we take a detailed look at the phenomenon of swatting, who the swatters are and how to avoid becoming a victim.
Swatting is a life-threatening prank in which the perpetrator tries to convince the police that a life-threatening situation exists. The person who makes a false report of an emergency is called a swatter. By making a phone call, he hopes that special units and other emergency services will rush out with large equipment and arrest an innocent man.
The term swatting is derived from the acronym S.W.A.T. That is a branch of the U.S. police force made up of specially trained officers. They are deployed when a life-threatening situation occurs, such as a hostage, kidnapping, bomb threat or shooting incident. The abbreviation stands for Special Weapons and Tactics.
Calling in specially trained agents for a so-called emergency is a well-known example of swatting. However, the phenomenon is much broader. In the past, firefighters, police, ambulances or meal delivery services have also been deliberately sent to an unsuspecting victim. While S.W.A.T. is an American name, anyone anywhere in the world can fall victim to swatting.
Swatting stems largely from the online gaming community. Rival gamers attack each other with swatting attacks. It is not limited to this group: anyone can fall victim to swatting, especially if you reveal too much information about yourself on the Internet.
To carry out a swatting attack, the perpetrator needs to know a few things about their victim, such as their home address. Roughly speaking, they try to find out as much as they can about their victim in three ways.
Doxing: when someone posts another person's private information openly and openly on the Internet, usually to intimidate or frighten that person, it is called doxing. Personal information such as name and home or business address is then accessible to anyone. If this information is online, swatters can abuse it. Not for nothing is the Dutch government working on legislation to criminalize doxing.
Social engineering: social engineering is a form of deliberate psychological manipulation. Hackers and cyber criminals pull out all the stops to capture passwords, login credentials, financial information and other confidential data. Swatters also use this method, often to obtain a home address for their victim. They usually impersonate a customer service representative, bank, government agency or law enforcement agency to learn as much about their target as possible.
Social media: these days, people are sharing more and more about their personal lives on social media. They write update messages, post pictures and check in at a restaurant or store. In the process, they often reveal their location. This is valuable information for a swatter. With this, they can elicit a swatting attack on social media like Facebook, Twitter or Reddit. Therefore, think carefully about what you do and do not share with the outside world.
Swatters carry out attacks for a variety of reasons. Sometimes gamers are trying to turn a heel on their arch rival; others want to bully or extort their victim online. Why the perpetrator carries out a swatting attack varies from case to case. We have listed some potential perpetrators and their motives.
Many swatting attacks originate in the chat rooms or online forums of the gaming community. Games such as Call of Duty, World of Warcraft and Counter Strike have live chat. This allows gamers to talk to other players in real time. Sometimes this leads to rivalry, fierce competition or insults. The conversations are sometimes so heated that a swatter decides to "teach his opponent a lesson.
There are plenty of examples of this. For example, a Pennsylvania gamer was rudely awakened by a group of police officers knocking on his front door. The officers pointed their guns at him and his family. As it turned out, a swatter had mistakenly made a report that shots had been fired in the victim's home. The incident ended peacefully, but it could also have gone wrong. According to the victim, it was an out-of-control prank by someone who didn't like his YouTube videos.
In July 2021, popular Twitch streamer Louis Sammartino was raided by a SWAT team after someone made a false report during a Fortnite livestream. He said he did not know who was responsible for the attack, or what his motive was.
Gaming streamers Summit1g and Ben 'DrLupo' Lupo have said aloud that they have been regularly harassed by fanatical followers who carry out swatting attacks.
Whether for money or chaos, hackers often play a key role when it comes to swatting. They do so for a variety of reasons.
To make a joke, hackers are notorious people known for trying to cause as much havoc as possible. In most cases, this is a prank and they want to see for themselves the chaos they have created. In the past, the FBI has warned Americans about such shenanigans. Indeed, hackers are not shy about stealing passwords from e-mail addresses. Those who use the same password for smart security devices risk having these devices used against them, for example, for spying. Hackers can then enjoy a live swatting attack from a distance.
To extort people: there are examples of hackers extorting others by threatening a swatting attack. In this way, they try to obtain digital assets, bitcoin or other crypto currencies from their victim. By paying a ransom, they supposedly have nothing to worry about.
Political wars are constantly raging. Tensions between Ukraine and Russia are a prime example. Not surprisingly, political leaders, senior officials and political groups have been the targets of swatting attacks. In the US, Melinda Abdullah, leader of the Black Lives Matter movement in Los Angeles, was targeted twice in a short period of time by swatters. Conservative bloggers and writers are also favored targets of swatters because of their controversial views.
Although the victims are prominent public figures, it is unclear whether the swatting attacks were politically motivated. Possibly the attackers saw it as a prank. Senator Ted Lieu of California was attacked for leading the fight against crime. Former First Lady Michelle Obama, FBI Director Robert Mueller and former CIA Director John Brennan have also been attacked by swatters in the past.
Swatting attacks that occur out of pure anger and hatred are less common in practice. That's not to say they don't exist. Whether the anger is directed against a population group or revolves around sexual orientation or religion, hate groups deploy swatting attacks to intimidate others.
For example, John Denton, a former neo-Nazi leader, used swatting attacks to target black churches, a university with many African-American students and the news editors of ProPublica. Indeed, they had written several articles about him, which was not to Denton's liking. The court imposed a 41-month prison sentence on him.
Most swatters have a specific reason why they attack someone. There are also swatters who want to be the buffoon, purely to harass celebrities or other public figures. Justin Bieber, Miley Cyrus and Tom Cruise have all been swatted several times. Los Angeles police have stormed the home of R&B singer Rihanna several times. And security expert Brian Krebs has been swat more than once because of his articles on cybersecurity.
Most swatting attacks end well, but that is not always the case. There are examples of incidents where people have been injured, or even killed. Swatters use a variety of digital means to hide their identity and location (spoofing, voice changers and VPNs). Enforcement agencies and emergency services can do nothing but take these reports seriously. Below are some examples of swatting attacks that have resulted in fatalities.
In April 2020, a computer programmer was targeted by hackers because he was in possession of a popular Twitter username (@Tennessee). The attackers wanted him to turn this name over to them, but the programmer refused. When special police units knocked on his door, he died of a heart attack.
In December 2017, Andrew Finch, a man from Wichita, Kansas, was shot dead by police during a swatting attack. Investigators discovered that the man was killed by a swatting error. Gamers playing Call of Duty: WWII got into an argument over a dollar-and-a-half bet, accidentally sent police to Finch's house. The man had nothing at all to do with the altercation between the gamers. The judge sentenced offender Tyler Barriss to 20 years in prison. Two other gamers involved in the incident also received prison sentences.
The U.S. Emergency Management Agency received a call in January 2015 from a man who had allegedly planted a bomb at a kindergarten. When the local police chief and a team of specially trained officers stormed his home, the resident fired several shots at the sheriff. The owner did not know the police were in front of him. Police officers later discovered that the call to the emergency room was not made from the resident's home. It was a swatting attack set up by the resident's neighbor, who had been at odds with each other for some time.
Victims of a swatting attack not only risk injury or death. It is also an expensive joke for taxpayers. Experts estimate that, on average, a swatting attack costs between $3,000 and $15,000. That depends in part on the location where the attack takes place, the overtime agents must work and the resources needed to respond to a report. On an annual basis, swatting costs taxpayers about $240,000.
Before a hacker can launch a swatting attack, they must have their victim's home address and exact location. They can obtain this information in many ways, including through your IP address or social engineering. To prevent hackers from finding out private information about their targets, there are a variety of measures to protect yourself.
1. Never reveal your personal information on the Internet
It is wise to pay close attention to the privacy settings on platforms such as Facebook, Snapchat and Instagram. If you set everything up properly, your private data and messages will be protected. Don't check into places that could give away your location and don't post photos of your home on the Internet. If an attacker knows which area to focus his search on, he can use Google Maps to find out your home address. Therefore, never leave private information on the Web for others unless you know the visitors personally and trust them one hundred percent.
2. Never use your real name as a username
Are you active in chat rooms or online forums and enjoy discussing political, social or controversial topics? Then choose a username that cannot be traced to your real name. If you offend a swatter or incur his wrath, a simple search may yield more information about you than you care to know.
3. Use a VPN
The abbreviation VPN stands for Virtual Private Network. When you surf the Internet, you get an IP address from your Internet service provider. This IP address corresponds to the physical address where your network router is located, in most cases your home or office. A VPN masks your real IP address so that hackers and swatters cannot figure out your actual location.
With a VPN, you are assigned an anonymous IP address. It then appears as if you are visiting a site from the United States, Switzerland, Australia or other country where a VPN server is located.
In the United States, swatting has good legal standing. Swatters can be prosecuted at the federal level if they carry out a swatting attack. However, it is usually done at the state level. Depending on the state and the severity of the attack, courts can impose stiff prison sentences or fines on them. If police officers or victims suffer serious injuries, or worse, die, the court can impose a life sentence. Fines can be as high as $250,000.
The highest prison sentence for setting up a swatting attack in the U.S., so far, is 20 years. However, that is an exceptional case. In most states, courts view a swatting attack as a misdemeanor. Offenders often get off with a light sentence. In California, swatters must cover the cost of deploying S.W.A.T. agents. These can amount to well over $10,000.
The Netherlands has no legislation specifically addressing swatting. The Criminal Code, on the other hand, does contain an article for making a false report. This involves "false alarms or signals that disturb the peace," according to Article 142. Anyone guilty of this can be sentenced to imprisonment for up to one year. The judge can also impose a fine in the fourth category (up to 22,500 euros) on the offender.
Anyone who calls the emergency number without cause risks imprisonment for up to three months. The judge can also impose a fine in the third category. Penalties in this category can reach a maximum of 9,000 euros.
Our country also has laws and regulations for people who make a false report or defamatory charge. Anyone who knowingly makes a report or complaint knowing that nothing has happened may be punished by imprisonment for one year, or a fine in the third category. A person who attempts to tarnish the honor or good name of a person by making a false complaint is guilty of a defamatory charge. For this, the court may impose a prison term of two years or a fine in the fourth category.
Swatting is often intended as a joke. The consequences, on the other hand, can be very serious, especially if someone suffers serious injuries or death. The examples we cite in this article show that this is not at all far-fetched. Then suddenly an out of control prank is a crime, (attempted) manslaughter or murder.
To avoid ever falling victim to swatting, it is important to share as few details about your private life on the Internet as possible. If you play online games or leave your unvarnished opinions on forums, make sure your username cannot be traced back to your real identity. To hide your IP address and thus physical location, use a VPN.
Things sometimes get heated on online forums and other digital discussion channels. Always try to keep your cool and avoid making enemies. Be wary of social engineering tactics and don't throw your entire personal life on social media.
