SWATTING is a dangerous prank that’s all too easy to get away with, and it’s quickly becoming an epidemic. A recent case led to the death of an innocent Kansas City man who wasn’t involved but just happened to live near the home of the prank’s intended target. His unfortunate death demonstrates in the strongest possible terms the need to protect ourselves from SWATTING, because it shows how it could happen to anyone.
In this article, we’ll explain how SWATTING works and how to protect yourself.
What is SWATTING?
SWATTING occurs when someone calls in a hoax to police in order to have a SWAT team or a similar armed police force sent to the victim’s location. The “joke” usually ends after police realize there’s no real threat, but the Kansas City incident shows just how dangerous the prank can be. Due to the nature of the false reports called in–a hostage situation gone awry, in this case–these are tense situations and police are often ready to take lethal action.
SWATTING starts online. Let’s say you get into an argument with someone on the internet. The prankster in the aforementioned case got into a dispute over a game of Call of Duty, but it could just as easily be an argument on Twitter or Reddit. It can even be completely random with no catalyst.
The person on the other end of the argument can use any number of techniques to determine where you live. If you have any public profiles that leave hints as to your location, they could correlate this with listed telephone numbers. Some cameras record and send geolocation data, a common concern for Twitch streamers. They could also use your IP address. Every device connected to the internet has an IP address. They are unique strings of numbers and decimals that allow computers to communicate with each other. They also point to the device’s approximate location.
There are various means of determining someone else’s IP address or location. IP addresses are public and sent out every time you connect to an online service or website, including online games.
Now that they have an idea of where you live, the prankster can call the cops and submit their hoax. To hide their own location, SWATTERs can use anonymously-registered VoIP (voice calls over the internet) caller ID spoofing services to make the call, hiding their own IP address behind a proxy to prevent being tracked. In the Kansas City incident, however, the prankster seemed to get the address wrong, which led to the police shooting an uninvolved man. This could be because IP addresses don’t specify exact locations like GPS does, but only an approximate location.
When the police arrive, they believe they are responding to a situation with a high probability of violence, so tensions are high. Meanwhile, the prankster watches the fruits of his nefarious labor play out on the news.
SWATTING is a dangerous prank often carried out by minors with little regard for the consequences of their actions.
How to protect yourself from SWATTING
First off, don’t post any information that could allow someone to determine your location in any public place. Some users who have been SWATTED in the past left their addresses on their Steam profiles. Geo-tagged photos on social media open up another attack vector. Finally, hide your IP address using a proxy.
The easiest, most reliable, and most secure type of proxy is called a Virtual Private Network, or VPN. A VPN encrypts all the internet traffic going to and from your device and routes it through an intermediary server in a location of your choosing. Your real IP address is masked by that of the server, which is typically located in a data center somewhere.
If someone tries to SWAT you using an IP address, the prankster will not be able to determine your real location and can only see the location of the data center.
Good VPNs will only marginally slow down your internet connection and come with a myriad of other benefits to security and privacy. They typically cost a few dollars per month.
On a broader note, police need to be better trained to identify SWATTING hoaxes and perhaps flag calls that come from VoIP services as possible SWATTING attempts.
Laws and penalties for SWATTING
In the United States, SWATTERs could find themselves in violation of several federal laws, not to mention state laws:
- Threatening interstate communications
- Conspiracy to retaliate against a witness, victim, or informant
- Conspiracy to commit access device fraud and unauthorized access of a protected computer
- Conspiring to obstruct justice
California and New Jersey have their own specific laws against SWATTING.
Two bills have been introduced to Congress that explicitly address SWATTING, both of which are still in committee.