What is swatting?

Alyce KominetskyCybersecurity, IT FAQ

SWAT team stands ready to engage in a volatile incident

SWAT team stands ready to respond to an incident
Derived from Special Weapons and Tactical (SWAT for short), swatting refers to deceiving an emergency services dispatcher into sending police and emergency responders to someone else’s address. Typically, it involves the false reporting of a serious emergency—a hostage taking, bomb threat or murder.

Linked to doxing, swatting is a form of online harassment meant to discredit an individual or seek revenge. It can range from small events arising from a single fabricated police report to the deployment of bomb squads and heavily armed SWAT teams.

How did swatting start, what techniques are used, and why is it to difficult to successfully prosecute swatters?

The origins of swatting can be traced to prank calls to emergency services. Over time, callers have developed increasingly sophisticated techniques that allow them to operate anonymously over the Internet. These techniques may include one or any combination of the following:

  • caller ID spoofing
  • social engineering
  • teletypewriter (or TTY)
  • prank calls
  • phone phreaking

Swatters use these techniques to direct response units of particular types.

Although it sounds exciting and action packed, swatting

Consider the swatting incident in which a 21-year-old British man called a terrorism hotline in Maryland. The caller, Robert McDaid, claimed to be armed with a gun and several bags of explosives. He said he would kill three hostages unless USD $15,000 was delivered to his address. Only it was not his address but, rather, that of 20-year-old Tryan Dobbs.

Taking this threat seriously, armed police then raided Dobbs’ house and shot him with rubber bullets, breaking bones in his face and bruising his lungs.

Realizing their error, investigators traced the call to McDaid, whom they learned was acting on the request of an American gamer named Zachary Lee. Lee contacted McDaid in February 2015 to ask for his help in swatting Dobbs.

Making false reports to emergency services is punishable by prison sentence in the United States, Canada and many other countries. In April 2017, McDaid was charged with conspiracy to produce false information and hoax. If convicted, he faces a maximum 20-year prison sentence. Lee has been charged with the same offences.

Here in Canada, a 14-year-old who, in November 2013, started making fake bomb threats and phony hostage calls, was issued a nine-month sentence.

Although the FBI estimates that about 400 cases of swatting occur each year in the United States, successful prosecution of swatters remains rare. In most jurisdictions, swatting itself is not a crime, even though it may violate other local laws such as abuse of emergency response services. If that’s not enough, law enforcement agencies usually lack the expertise or the resources to investigate such crimes. Then there’s the relative ease with which individuals can operate relatively anonymously on the Internet.

This may, however, change. Rep. Katherine Clark (D-MA) has proposed an Internet safety bill to specifically outlaw online harassment-based crimes. The Online Safety Modernization Act of 2017 imposes penalties on several relatively new forms of abuse, including falsely reporting an emergency to provoke a SWAT team response.