The Federal Bureau of Investigation (FBI) has once again had to intervene in an ongoing cybersecurity issue. The recent usage of ‘swatting’ attack vectors is an insight into the evolving creativity of cybercriminals. Swatting is one among a variety of cybercrime types we can expect to be an issue for cybersecurity in 2021 and beyond.
What is Swatting
Swatting is not a new term, having evolved from ‘phone phreaking’ which was a popular ‘hack’ in the 70s. Swatting today pertains to a type of hoax which involves a call made to emergency services about an “immediate threat to human life.” The purpose of the aptly named ‘swatting’ attack is to illegitimately involve law enforcement and S.W.A.T teams. This recent case involves attackers combining ‘swatting’ with spoofing. The end goal for spoofing is essentially gain via impersonation. It involves an attacker pretending to be someone else to trick the victim into getting system access, steal data, money or install viruses and malware.
FBI Releases a Report And Warnings Over Twitter
The FBI has released tweets today warning the general public that there are ongoing swatting attacks taking place. Additionally, they have released a ‘Public Service Announcement‘ (PSA) report detailing recent events where “offenders have been using stolen e-mail passwords to access smart devices with cameras and voice capabilities and carry out swatting attacks.” Based on both the FBI’s PSA and tweets, this novel swatting method involves ‘Smart Home’ IoT device attacks. According to the agency, attackers have been using the smart devices of victims like home surveillance hubs, to carry out switching attacks. By exploiting customers who “re-use” credentials on their smart devices, attackers log in and gain access to the speaker of the device as well as the live-stream camera.
Motivations Behind Swatting
In this ongoing case, attackers engage in a ‘swat’ call to draw law enforcement to the victims’ addresses. As this is going on, attackers observe live-stream footage via a home smart device and engage with law enforcement on the speakers and the camera. Furthermore, sometimes attackers will share the live stream online. Swatting is common in the gaming community and is also aimed at public figures and big names in the tech industry. The motivations for swatting are usually to ‘prank’ the other person, or deliberately cause them anxiety by directing law enforcement to their address. Unfortunately, swatting takes away valuable law enforcement resources. Sometimes these pranks lead to the inability of law enforcement to respond to other cases that need immediate attention. In some cases, the confusion caused by swatting has led to terrible consequences.
Cybersecurity Takeaways
The FBI is currently working with smart device manufacturers to protect and educate customers on these types of attacks. Network security has been an issue with the popularization of IoT, and ‘swatting’ falls into the category of exploiting weak network security. The FBI recommendation for the general public is to use complex passwords and combine them with two-factor authentication or multi-factor authentication. Following this, they recommend that one should not duplicate passwords between online accounts, keep passwords updated and password authentication should be done via a “mobile device number”.