How to Prevent Swatting

Swatting is the ultimate evil personal social engineering attack. An attacker, known as a swatter, calls the local police department of a targeted victim and pretends to be a (mass) shooter or the victim of a (mass) shooter in order to get a massive law enforcement response against the victim. SWAT stands for Special Weapons and Tactics. Swatting is done mostly to inconvenience the victim (and those around them) as they have to negotiate and comply with law enforcement. Sometimes situation verification is done via the phone but oftentimes it is done at the muzzle of automatic weapons with the victim down on the ground. Some attackers even hope that their victim is harmed or killed by the situation.

It's happened. I know of at least three deaths that have occurred due to swatting, two of which the killed victims were not related to the intended victim or situation. In one case (https://en.wikipedia.org/wiki/2017_Wichita_swatting), the swatter sent the police to the intended target’s old living address. A person living there opened his door to investigate all the noise outside his house, and an overzealous police member shot and killed him. In the second case (https://en.wikipedia.org/wiki/2020_Tennessee_swatting), police were sent to the wrong address as well, and an innocent grandfather had a heart attack when the police yelled at him to get down on the ground. In both cases, the swatters were identified, arrested, convicted, and put in jail. Unfortunately, most swatters get away with their attacks without any repercussions.

Note: S.W.A.T was also an awesome series I watched in 1975 as a kid. It had cops, weapons, and car chases. If I’m not accidentally conflating two shows from the 1970’s (I was 8), I think it also had mean, fast, Doberman Shepards. Whatever show had the dogs, it did for Doberman Shepards what Jaws did for sharks. There was also a S.W.A.T remake in 2017, but I didn’t watch it and I have no idea if they pushed mean Doberman Shepards as well.

Swatting has been done in one form or another for decades, if not centuries, but the Internet and anonymous calling methods have allowed it to really blossom into a common tactic. Most swatting over the last decade was done by adolescent boys, often in response to a gaming dispute, but the perverted logic for committing them can be a myriad of reasons. These days with all the involved targets, it seems like it’s being committed by men of all ages, but obviously ones with adolescent sensibilities. It can be accomplished by an individual using many methods, including: voice-over-IP services, burner phones, phone-enabled chat services, and even dark web-advertised services (i.e., Swatting-as-a-Service).

When I was working at Microsoft for 11 years, I heard about frequent swatting attacks against different Xbox executives, usually by gamers who were upset at some minor gaming decision Xbox had made. It was so frequent against Xbox executives that local police in the Seattle and Redmond areas checked a list of Xbox executive names before responding to a call for SWAT help. Brian Krebs (https://krebsonsecurity.com/), one of the most amazing cybersecurity journalists of the last two decades, has been swatted multiple times. He moved to a new location and didn’t tell anyone where he was going, at least partially in response to the swatting harassment. Lately, judges, prosecutors, politicians, and pundits of all stripes have been getting swatted with increasing regularity. Celebrities are frequent swatting targets. I’ve seen reports that state that in the US, there are over 100 swatting calls per day. It’s got to be frightening no matter who you are to be woken up at 3 AM with your house surrounded by police, AR-15’s, lights, and noise. A few of the people I’ve known personally who were swatted have some level of PTSD from the experience.

It Should Be Illegal!!

Well, it is illegal at both the state and federal levels. At the federal level, it’s punishable by 5 years to life, if convicted. The problem is that most of the swatters are communication-savvy. They use anonymizing Internet services to do digital calling with spoofed origination numbers or use throw-away “burner” phones. Many swatters do it from the safety of a foreign country knowing that local law enforcement can’t prosecute them even if they could identify them. It can be very difficult to catch and prosecute a swatter.

Some Possible Defenses Against Swatting

I’m not involved in law enforcement in any way, and probably shouldn’t be proposing any swatting defenses at all. I am the opposite of an expert. But I did stay at a Holiday Inn recently, I regularly watch all versions of Law & Order, and I did read the recent swatting defense recommendations from the Committee for Safe and Secure Elections

(https://safeelections.org/statement-from-chairman-neal-kelley-sheriff-justin-smith-ret-and-chris-harvey-on-swatting/). Here’s my first attempt of potential swatting defenses, some of which might actually be useful.

Education is key. All law enforcement agencies should be taught about swatting attacks, given examples, and taught signs of a potential swatting attack. This education needs to be done to anyone taking and dispatching law enforcement resources and first responders, when they are first hired and several times a year thereafter.

Calls to police non-emergency numbers or even text-to-voice services are a frequent target of swatters because they are less monitored and less likely to end up being able to be traced to the caller. Law enforcement and dispatchers should be told this in their education.

SWAT teams need to be thoroughly educated in swatting. I assume that every SWAT team in the US already knows about swatting and knows it’s a possibility but we need even more education. SWAT teams need to be taught not to overreact to every claimed situation. I know this advice is absolutely pompous coming from someone who isn’t in law enforcement. I’m a huge proponent of law enforcement and have multiple family members who are cops. I have the utmost respect for law enforcement to the point that I have been criticized. But at least 2-3 innocent people have been killed by swatting attacks and hundreds more have been pulled into heightened situations where they could easily be shot. It can’t hurt for SWAT teams to come in with some idea that every SWAT call could possibly be a swatting attack. SWAT team leaders need frequent education in swatting so they can direct their members accordingly.

Note: The last swatting death I know about is from 2020, so perhaps most SWAT teams are already educated and responding accordingly. If so, I apologize.

Verification Questions

If the dispatcher is suspicious at all and they have the caller on the phone, they should be taught to ask quick verification questions in a SWAT situation that a real caller should know that a swatter might not. This gets tricky and dicey because you want law enforcement to respond as soon as possible. Always dispatch law enforcement first toward the claimed address and then ask a verification question or two if the caller is still on the line.

What type of verification questions? Here are some possibilities:

·???????? What color is your house?

·???????? Does your house have shutters, and if so, what color?

·???????? How do we access your backyard?

·???????? If we turn on to your street from XYZ street, what side of the street will your house be on?

·???????? Where is your house address located on your property?

·???????? What is the name of that convenience store at the end of your block?

The idea is to ask the caller something that they likely can’t quickly verify in the heat of the moment if they are a swatter but can be verified by real callers and first responders. If the caller can’t answer the question or answer it quickly, just pass that information down to team leaders so they can use that in their calculations.

[Yes, I know the answers to those questions could be looked up online, but the idea is to ask something the swatter was not expecting and to analyze the response and possible delay.]

Swatting Registry

It can’t hurt for law enforcement to have a list of high-profile people in their district who might be ripe for a swatting attack. People previously swatted should definitely be on the list. Anyone should be able to proactively place themselves on the list. Before a SWAT-type call is dispatched, the list should be checked, and if the person or address is on the list, that information should be passed on to first responders and team leaders. Hopefully, the list or a note can be placed in the EMS dispatch system so any relevant information is readily shown and highlighted to dispatchers.

Better Identification of Anonymous Connections

The real solution is far better identification and verification of callers. The world’s phone systems are notoriously easy to game and spoof. You can’t trust the number that a call is claiming to be from or trust who the person is saying they are. This is because of many things, including we use knowingly weak phone protocols that have long been known to be easy to hack and spoof. It’s also because anyone can buy and use anonymous burner phones or use anonymizing Internet services and products.

The privacy advocate in me wants to allow people to remain anonymous if they want to. I get the need for people to remain anonymous because of any legal reason they want. I think requiring everyone to legally identify themselves on every call (i.e., verified identity) or register a legal ID when buying or using a burner phone is legally problematic. Even if it wasn’t, it would be difficult to enforce. We just don’t have the systems to ensure that every caller is tied to a legally verifiable ID.

What might be a better solution is to somehow communicate to law enforcement when the communication method being used is likely anonymous or comes from a high-risk service. I’m not even sure how this would be done. But it would be great if law enforcement dispatch had a logic flag that essentially said, “Caller’s origination cannot be verified” or something like that. And again, that information could be communicated to first responders as part of the situation.

It can be difficult for law enforcement and dispatchers to tell the difference between a real call for help and a swatting call (and bomb and shooting threats). If it wasn’t, we wouldn’t have the problem we have today. But something needs to change. We are in a new world where it is far too easy for miscreants to significantly impact and risk other people’s lives.