Photo-Illustration: Intelligencer; Photo: Getty Images
Nikki Haley and Boston mayor Michelle Wu don’t have much in common, but they’re both prominent people in politics who have recently been “swatted” — a hoax in which a caller falsely reports a shooting or other fake emergency at someone’s house with the goal of drawing a heavily armed police response. Such calls have been a mainstay of gamer culture for years, and they can be extremely dangerous; in 2017, police shot and killed a Kansas man while responding to a swatting call. But more recently, swattings have become something of an epidemic among political figures with people from Marjorie Taylor Greene to special counsel Jack Smith targeted. Police captured one notorious suspect last month, but according to Keven Hendricks, a cybercrime expert who has researched and written about swatting, conditions are ripe for other offenders to continue their reign of terror. I spoke with him about how a mixture of lax tech-platform oversight and slow-moving law enforcement gives swatters almost free rein.
Last month, police arrested a 17-year-old in Southern California, known as “torswats,” who is allegedly a sort of swatting kingpin. This is being treated like a major breakthrough for law enforcement. Is it possible that one guy could be the central force behind most of the recent swattings of political figures and celebrities?
Yeah, it’s very possible it’s one person. I don’t think people, or the law-enforcement community, understand the nature of serial swatters, that this is their life. They wake up and they start swatting people. There’s no other way to explain it. To say that there’s just one single actor behind it all — no, I can’t say that with certainty. I’m not privy to that information. But yes, I do know of cases similar to torswats where a single actor wreaks this kind of havoc.
And according to reports, he was getting paid to do it. People would contract with him, probably not knowing who he was, and he was making a living out of it, is that right?
I think that’s speculative. I don’t know how much money somebody who’s offering a swatting-for-hire service would make. I honestly think that this is what they enjoy doing. Yes, they do offer those services, but people wouldn’t be paying to swat somebody high profile.
So this is really the love of the game we’re talking about here.
I would say so. I think swatting is very much a culture. It’s viewed as almost a way for you to get ahead. It gives you street cred, for lack of a better term.
It seems like one of the reasons it’s so difficult to catch these people is that they don’t need to be that sophisticated to cover their tracks fairly well.
I have very strong opinions about the voice-over IP services that are out there, like TextNow, or TextFree.
What do those do exactly?
You can sign up for these services for a free seven days, or however long a period of time, in which you can make as many calls and send as many texts as you want. People who would need to use these services for legitimate reasons wouldn’t use them the way these swatters do. You wouldn’t see somebody that’s making calls to police departments all over the country. You wouldn’t see that with an organic user of somebody that needs this service, where their cellular phone got shut off and they have to connect to Wi-Fi to make calls or send texts to people that are their friends or their loved ones.
So they’re calling the police departments directly.
The belief that these are false 911 calls or the narratives that these are 911 calls needs to change, because they’re not calling the 911 system. They’re not able to call 911. They’re calling the main line or the visible nonemergency number listed on the internet for a lot of these police departments and these dispatches.
This is why I tell people, when I teach law enforcement about investigating these cases — there’s a reason why if I’m in San Jose, California, and I call 911, I don’t get connected to the New Jersey Police Department. There’s geolocation, based on the towers I’m heading off of. It’s actually a sophisticated process to be able to connect into the 911 system, versus something like using VOIP services, where you can’t call 911 because it doesn’t work that way.
So is there any workable way of tracing these phony calls on a larger scale?
The way that we perceive swatting in general is kind of the way we perceive somebody using someone else’s credit card — as a nuisance. It’s not viewed as the crime that it should be viewed as and something that warrants a full investigation. That in and of itself creates breeding ground for these actors to continue to do what they do.
Using a VPN is not sophisticated. Anybody can use a VPN. Anybody can create a Gmail account very easily. And I feel especially with law enforcement, when you have this view of this area of criminality being a nuisance, and then there is some sort of quasi-investigation where they just send subpoenas or there’s an emergency disclosure order — which happens nine out of ten times — all they see is that an IP address comes back to a VPN service or comes back to a internet service provider overseas or not something in the United States. And immediately the case dies right there. And that’s where I feel the status quo needs to change because there’s a lot more that you can do with these investigations. And you, as an investigator, don’t have to have a high level of computer expertise to be able to follow the investigative leads that can come out of it.
It does feel to me that this issue has become increasingly prominent over the last few months with so many prominent political figures getting hit. And I know the FBI has some kind of database they started a few months ago. What you said about it being viewed as a nuisance — do you think that’s changing at all now?
I would hope so. I mean, I would say that the arrest of somebody like torswats, as well as the two juveniles that were charged out of Florida last month — I think that Florida has done a phenomenal job of basically putting it out there: “We’re going to go after you” — even though other states might view this as a nuisance, and even though there’s a kind of precedent that’s been set, that these swatters will get away with it for so long. The game changer will be to help put these actors behind bars and also discourage and warn others that want to get involved with this type of stuff.
You’d think the case of the SWAT call in Kansas that ended with a totally uninvolved person being killed by police would be a galvanizing moment.
I believe it shouldn’t take a travesty like that to occur to view these crimes with the seriousness they deserve. Unfortunately, I think that law enforcement on a state and local level sometimes feel that these cases are out of their purview or they don’t have the ability to investigate them. Or they think that just because this actor was using a VPN, or because this actor signed up with an [encrypted email] service like ProtonMail, that there’s no way that these cases can be investigated. And I don’t feel that that should be the status quo.
I also think it is not only law enforcement but that these VOIP service providers need to take action. I can’t fathom how they would allow actors to do the activities they do with their service and not recognize that it’s related to fraud.
So it’s not hard for companies to track the activities of these suspicious users.
They’re signing up for accounts with the same IP address, and they’re making multiple calls within a very short period of time. This is not somebody that really needs a VOIP service.
To go back to the credit-card analogy, it’s like somebody using your card to make purchases in a foreign country — something that should raise red flags.
Exactly. It’s something that’s actually called “impossible travel.” So it’s like all of a sudden they see my card activity being used in Uzbekistan and my last purchase was in New Jersey. Clearly, there’s something wrong there.
A lot of the swatters recycle their scripts. They literally call in the same script to multiple police departments across the country. If it were somebody who was a victim or a witness, they would call 911. For the calls not to be coming into the 911 line, that in and of itself is like —
Another red flag.
Yeah. But sometimes when a police department’s nonemergency number gets called, it goes to a regional call center or some sort of regional dispatch center. And when they dispatch that call out, there’s no way for these departments to know it wasn’t a 911 call. So I think in terms of training and awareness for dispatchers and people that are not the “first responders,” it’s important for them to ask the right questions. Like: “What’s your callback number?” You would be surprised in the thousands and thousands of SWAT calls I’ve listened to, how many of them don’t know what number they’re calling from because they just created that number minutes before they made the call. Them not knowing the number off the top of their head is a telltale sign that this is not a legitimate emergency call.
So some basic best practices would probably help quite a bit here.
Yes. And again, I think it’s also changing the perception of who’s behind the call. When the mask gets removed or the hacker hood gets pulled down, it’s sad because it’s these teenagers, these kids who, for some odd reason, are finding this stuff funny. I don’t know if there’s is a deeper conversation about social disconnection or something in that regard, but when you think about it from a purely law-enforcement standpoint — just because somebody’s using a VPN or just because somebody used a service like ProtonMail, it doesn’t make them a hacker or a computer whiz.
I’m just picturing the movie Hackers here.
Well, that’s the movie that got me into computers.
Is that right?
That was a great movie.
It seems like we’re talking about the kind of behavior that has always been popular among teenagers, but now the internet makes it so much easier to do a lot of damage with a little effort, because of internet tools, that it gets out of control very quickly.
Again, TextNow, the biggest provider of these services, has to do a better job of flagging anomalous and concerning activity with people that are using their accounts, and they’re the ones that are really the front line and can shut it down before it happens.
If somebody signs up for your service with a VPN, some services out there won’t allow you to do that. They’ll flag you as a bot, and they’ll put you down an endless CAPTCHA hole to try to keep solving it and solving it — they really won’t let you stop. Not to say that there aren’t legitimate reasons for using a VPN, but again, why is somebody using a VPN to sign up for this service? That’s something that warrants a little bit more scrutiny. Maybe don’t allow them just to have an email authentication; maybe require them to use a text authentication. And these service providers can see, Okay, well, this person’s using a VOIP number to have a two-factor text confirmation. What’s going on here? They have the ability to see this stuff before it even happens, before these accounts are even created. So until they step their game up, until they really stop this from happening before it happens, it’s going to continue.
And law enforcement should approach this from the standpoint of, This is something that warrants a full investigation. And on the prosecutorial side, let’s change some of the statutes regarding swatting. Let’s view this more as a serious crime. I don’t think it needs to take a tragedy to beset our country in order to galvanize change.
This interview has been edited for length and clarity.