FBI Warns of Swatting Attacks
A spate of swatting attacks waged against users of smart-home devices in America has prompted the Federal Bureau of Investigation to issue a public warning.
The term 'swatting' is used to describe a hoax call made to emergency services, typically reporting an immediate threat to human life, to trigger a response from law enforcement and the deployment of a S.W.A.T. team to a specific residence.
The FBI said on December 29 that law enforcement agencies have received reports from smart-home device manufacturers that offenders have been gaining unauthorized access to devices using stolen passwords. The cyber-attackers have focused their malicious activity on owners of devices that have camera and voice capabilities.
After gaining control of a device, the attackers take over the live-stream camera and device speakers. They then initiate contact with first responders, falsely informing them that a crime or emergency situation is unfolding at the victim's home address.
As law enforcement responds to the residence, the attacker watches the swatting attack they have manufactured unfold via livestream footage, engaging with the responding police through the camera and speakers.
In some cases, attackers have live-streamed the incidents they manufactured online via shared community platforms.
"Swatting may be motivated by revenge, used as a form of harassment, or used as a prank, but it is a serious crime that may have potentially deadly consequences," warned the FBI.
"Confusion on the part of homeowners or responding officers has resulted in health-related or violent consequences and pulls limited resources away from valid emergencies."
The FBI said that it is working with private-sector partners who design and build smart devices to advise customers about the swatting attacks and how to avoid being victimized. The Bureau is also taking steps to alert law enforcement first responders to this dangerous threat.
Users of smart-home devices with cameras and voice capabilities are advised to use complex, unique passwords and enable two-factor authentication to help protect against swatting attacks.
"It is highly recommended that the user's second factor for two-factor or multi-factor authentication be a mobile device number and not a secondary e-mail account," said the FBI.