A recent swatting incident, where a malicious actor fooled emergency services into responding to a fake shooting,...
reportedly led to the death of an innocent man in Kansas. What technical means do these actors use to trick police, and what can be done to improve emergency response infrastructure/telecommunications to prevent swatting attacks?
Swatting involves a malicious actor using a spoofed voice over IP (VoIP) address to call a nonemergency line and ask the operator or system for transfer to the 911 line. The malicious actors can use VoIP numbers that appear to be in the targeted locations of their intended victims. Anonymity through VoIP doesn't allow direct connection with the 911 line. Calling 911 on a personal phone connects to local emergency services and reveals the caller's identity and location.
Shortly after a swatting attack resulted in the death of an innocent victim, several people associated with a Twitter account called SWAuTistic came forward publicly and privately with the swatter's true identity and location. Twitter shut down the account due to swatting statements from the account holder. The swatter was later arrested and charged with involuntary manslaughter.
Currently, there are no technical workarounds that can help emergency services verify that a 911 call is authentic. To improve emergency response infrastructure/telecommunications, local and state police should be trained on swatting mitigating strategies as outlined in the document from The New Jersey Cybersecurity and Communications Integration Cell.
The mitigation strategies include indicators that the police could use to identify potential swatting incidents. An important indicator is that, in a swatting attack, the spoofed call is the only incoming call. During an actual shooting scenario, witnesses or victims make multiple 911 calls.
New regulations and standards could be a good way to prevent swatting attacks in the future. Local and state police should seek federal grants for assistance with swatting attack training.
Unfortunately, the Cybercrime Enforcement Training Assistance Act that was introduced by U.S. Congresswoman Katherine Clark (D-Mass) in 2016 was not enacted. The bill would have directed "the Attorney General to make grants to States and units of local government." This bill or a similar version should be reintroduced and enacted to prevent incidents like the Kansas swatting case.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Emerging cyberattacks and threats
Related Q&A from Judith Myerson
The Constrained Application Protocol underpins IoT networks. But the protocol could allow a threat actor to launch an attack. Continue Reading
Dutch researchers discovered flaws in ATA security and TCG Opal affecting self-encrypting drives. What steps can you take to guard data stored on ... Continue Reading
The Signal Desktop application was found to be making decryption keys available in plaintext. Learn how the SQLite database and plaintext passwords ... Continue Reading