What is swatting? Unleashing armed police against your enemies

These "prank calls" trick SWAT teams into surrounding unsuspecting homes — and the resulting confrontations can go very badly.

swatting swat team raid police by onfokus getty images
Onfokus / Getty Images

Swatting definition

Swatting is a form of harassment in which attackers try to trick police forces into sending a heavily armed strike force — often a SWAT team, which gives the technique its name — to a victim's home or business. The Los Angeles Police Department, in a press release about a specific swatting attack that occurred in August of 2020, provided this definition of swatting: "The term 'swatting' refers to someone who places a false emergency call for service, generally of a nature which causes a large police response."

The LAPD goes on to add that "the 'swatting' practice is dangerous and places the community and first responders in harm's way." For some attackers, this is the thrill and the purpose of swatting: to cause the victims to fear for their lives as armed police charge into their homes, often with little warning. The police often believe that they themselves are facing an armed and dangerous adversary, producing a volatile scenario that can result in property destruction, injury, and death.

How swatting works

Swatting follows a basic and fairly simple pattern. The attackers place a call to a law enforcement agency local to their victim. They report that a particularly gruesome crime or imminent threat is taking place or about to take place at the victim's home; often, they'll claim a hostage situation is in progress, and, to make sure the responding law enforcement team is particularly primed for conflict, they may imply that one of the hostages has already been killed, or is about to be.

There are a variety of techniques swatters use to pull off their attacks. Obviously in order to successfully swat someone, you need to know where they live; that's why swatting goes hand-in-hand with doxing, the practice of discovering and revealing personal information (like home addresses) of individuals without their consent. Swatters will often begin their quest by seeking to dox their victims, and sometimes doxers will publicly post or sell people's personal information in the hopes that others will take up the baton and swat them.

Swatters also need to disguise their own identity, both to make their initial call more believable and to ensure that they don't end up getting in trouble once the deception has been revealed. Swatters will generally use caller ID spoofing, a relatively simple technique that makes it appear that their call is coming from somewhere else; if they've managed to dox the victim's phone number, it's common to try to trick 911 operators into believing the call is coming from the victims themselves, which heightens the realism. Swatters also make use of teletypewriter (TTY) relay services, which are intended to relay text messages from deaf or hard-of-hearing users as voice calls to a third party. Because TTY services are required to keep calls and callers confidential, this exploitation adds an extra layer of anonymity to the process.

None of these techniques require much by way of resources or technical skills, but they can go a long way towards shielding the perpetrators from consequences. Brian Krebs, author of the Krebs on Security blog and himself an attempted swatting victim (more on that in a moment) told the New York Times that "like any other type of crime, when the cost is zero and the deterrent is very low, you’ve created a perfect opportunity for people to pour time and resources into that crime."

Swatting examples 

We'll discuss some specific high-profile instances of swatting in a moment, but it's worth discussing the history of the practice a bit in order to understand the types of people who are frequent swatting targets. As we discussed, swatting doesn't really take much technical acumen to pull off; nevertheless, it first become popular in online, tech-focused spaces, like among hackers and in the hypercompetitive world of videogaming streams. Because streamers will provide an audio or video of themselves along with their gaming stream, if their rivals swatted them, both the attackers and other viewers at home would be able to watch the chaos when police arrived, adding a voyeuristic aspect to the attack. High-profile female streamers in particular found themselves targets.

Once established in those communities, the practice spread. For instance, a number of social media executives were swatted by people bitter that they had been banned from various platforms. Some swatters have political agendas as well; one attack, perhaps predictably, targeted a Congresswoman who introduced a bill to make swatting a felony.

Here are five noteworthy examples of swatting.

Matthew Wegman. Known in the phone phreaking scene as "Li'l Hacker," this legally blind teenager was an early pioneer in swatting. He first came onto the FBI's radar in 2005 when he swatted the home of a man whose daughter refused to have phone sex with him, but was responsible for numerous other incidents by the time he was convicted and sentenced to prison in 2009.

League of Legends terror. A Canadian teen (who was underage and therefore his identity was not released) pled guilty in 2015 to 23 charges related to his swatting attacks, many of which were focused on female League of Legends players who refused to accept his online friend requests. He also shut down Disneyland's Space Mountain with a bomb threat. He chalked his actions up to "boredom," while his mother said he had been led astray by older members of gaming groups. 

Sergey Vovnenko vs. Krebs. As we mentioned above, security researcher Brian Krebs was the victim of an attempted swatting attack in 2013. After Krebs infiltrated a Russian-language hacking forum where Vovnenko was active, Vovnenko arranged to have heroin sent to Krebs's home address, with the plan to sic the cops on him immediately afterwards. (The scheme flopped because Krebs got wind of it and called the police himself.)

Tyler Barriss. A small beef within an online game gave rise to one of the highest-profile cases of swatting in recent memory. Casey Viner and Shane Gaskill got into an argument while playing online; Viner enlisted Tyler Barriss to swat Gaskill; and Gaskill dared them to do it and provided an address that wasn't actually his. When police arrived at this incorrect address, they shot and killed a resident, Andrew Finch, when he stepped out onto his porch. Barriss had apparently swatted multiple people before this without consequences. Barriss and Viner were both sentenced to prison and Gaskill reached an agreement with prosecutors to avoid prosecution. The officer who killed Finch was not charged.

Black Lives Matter Los Angeles. In August 2020, an unknown 911 caller claimed to be holding hostages at the home of Melina Abdullah, a leader in the Black Lives Matter movement in Los Angeles. Police surrounded her home in an incident that was streamed live on Instagram, though the confrontation ended without violence. The caller said he wanted to "send a message" about his dislike of Black Lives Matter.

Swatting statistics 

It's actually difficult to know how common swatting is, because, despite it being on law enforcement's radar for more than a decade, it still isn't a specific category that's used in the FBI's database of nationwide crime statistics.

Kevin Kolbye, a former FBI special agent who worked on numerous swatting cases and later became assistant police chief for Arlington, Texas, told NBC News that "most of that swatting is called a 'false police report' or could be a 'terroristic threat.' A lot of those aren't data that's grouped together where we have a real national focus."

He also told the Economist that the number of swatting cases is on the rise, from about 400 instances in 2011 to more than 1,000 in 2019. 

How to prevent swatting

Swatting is a difficult technique to prevent so long as heavily armed police strike teams exist with a mission to respond to urgent request for help. There have, however, been a number of attempts to address the problem, coming at it from a few different angles.

One method to reduce swatting attacks is to make potential victims aware of the practice and explain good online identity hygiene techniques. In essence, these are some of the same techniques that would be used to prevent doxing: if you can't be doxed, you can't be swatted. Anyone should at a minimum make sure that their home address or phone number isn't easily discoverable by a simple Google search. Cloudflare emphasizes that online gamers in particular — who are often young and can be somewhat naive about privacy issues — need to be careful about not revealing any potentially identifying information on in-game chat or gaming forums, since swatting is still common in gaming communities. For further privacy, gamers can connect to the internet via a VPN to hide their IP address, which a determined doxer could use to track them down.

On the law enforcement end of the equation, there have been attempts to educate 911 operators about the existence of swatting so that they're on guard against the practice. A guide put out by the National Emergency Number Association offers some guidance, but notes that "Initially these calls cannot be differentiated from real incidents. The [call center] must process these calls as a normal call, following existing standard operating procedures." It urges operators to keep the caller on the line as long as possible; "asking specific questions and comparing the response to previously-supplied information may be useful."

One police department is taking further steps to be proactive. The city of Seattle allows those worried about being swatted to register their concerns. While this won't prevent a swat team from being dispatched to a registered address, it will make the law enforcement officers more aware going into the situation that they may be dealing with a potential hoax.

Copyright © 2020 IDG Communications, Inc.

The 10 most powerful cybersecurity companies