A federal grand jury in California has indicted two men who may have been responsible for a nationwide “Ring swatting spree” that targeted Ring security cameras, including those in the Chicago area.
According to the indictment, Kya Christian Nelson, a.k.a. “ChumLul,” of Racine, Wisconsin, and James Thomas Andrew McCarty, a.k.a. “Aspertaine,” of Charlotte, North Carolina hacked into dozens of Ring cameras and placed bogus emergency calls to law enforcement so that they could watch the often-armed response. They are also accused of livestreaming the events on social media.
The case, revealed this week by the Justice Department, alleges a particular attack on a home in West Covina, California, where Nelson allegedly accessed a Ring doorbell camera and used it to verbally threaten and taunt West Covina Police officers who responded to the reported incident.
The indictment alleges other similar Ring-related swatting incidents occurred in Flat Rock, Michigan; Redding, California; Billings, Montana; Decatur, Georgia; Chesapeake, Virginia; Rosenberg, Texas; Oxnard, California; Darien, Illinois; Huntsville, Alabama; North Port, Florida; and Katy, Texas.
Cyrus Walker of Chicago-based Data Defenders LLC said protecting your home from this kind of hack isn’t hard, but does require addressing not only the cameras, but the internet network that allows them to connect to each other and the outside world.
“The one thing I recommend is that users make sure their wireless networks are as secure as they can be,” Walker said.
He recommends using strong passwords and setting up wireless routers so that they are not broadcasting their SSID or Service Set Identifier. The SSID acts as a beacon to let others find your network. He also recommends that users have encryption enabled to the highest degree and that they separate the networks into private and guest networks.
Walker also recommends that you change the default security logins and passwords as soon as you bring a new device home.
“The device that you bought, someone else bought also and they have those same default settings. It is extremely important that when you crack the tape on that box, and you plug it up, the very first thing you do is that you change the username and the password on that device so that only you have access to that device at that point,” Walker said.
Recent swatting incidents have prompted the FBI in late 2020 to issue a public service announcement urging users of smart home devices with cameras and voice capabilities to use complex, unique passwords and enable two-factor authentication to help protect against swatting attacks.