Monday, March 25, 2013

Scary Hackers Get Scarier: SWATing Explained

Boy, people who maliciously get into computer systems, hack, whatever, are getting more and more viscious.

The latest new term to turn up in this weird underworld is SWATing, and that recently happened to a computer security journalist named Brian Krebs. 
Will these guys bust down your door, after being
pranked by jerks?
 That means you hack into his account, or get word to the FBI that the person you're targeting is illegally obtaining social security numbers and credit reports. Then the SWAT team arrives for raid to seize the target's computers, etc.

It's dangerous, of course. The authorities come with guns drawn, and if there's any misunderstanding between the person targeted for arrest and the SWAT team, things could get deadly fast.

In Krebs' case, the SWAT team arrived, he was cuffed, but fully cooperated, let the agents inside and explained. Plus, Krebs said he warned the FBI and other authorities beforehand that he was a target of these types of things. One of the agents in the raid remembered this report and realized Krebs was on the up and up.

Krebs said he'd been targeted in denial of service attacks on his web sites, and this SWATing thing, because he's been reporting on creepy web sites, mostly in Russia, that steal Social Security nunbers and credit reports, the very things the false tip to the FBI accused Krebs of doing.

There is a trend of much less sophisticated SWATing attacks in the country than what Krebs experienced. According to Dispatch magazine on line, a publication for 911 responders, people use computer technology to call 911 in distant cities to report things like a home invasion in progress.

Many of these SWATing incidents target unsuspecting homeowners who don't know the person who launched the dangerous prank. All of a sudden a SWAT team bursts in. Again, somebody is definitely going to get killed in one of these pranks.

Many times, this is caught in time, and there's no big SWAT response from police. Every once in awhile, some unsuspecting person ends up as the target of a major raid by gun wielding cops.

Not good.

As Dispatch magazine notes, it's really hard to catch the false calls as they happen:

".....There are investigative methods for identifying the origin of VoIP calls afterwards, although it takes a considerable amount of expertise, time and multi-agency assistance to accomplish. In fact, this seems to be the biggest hurdle in the investigation of these incidents--the anonymity of the caller, a lack of law enforcement contacts at VoIP providers, no phone numbers or e-mail addresses to report such incidents, and lack of resources within VoIP provider companies for investigating these incidents. The U.S. Attorney in the Texas prosecution praised the 40 agencies which cooperated to arrest their suspects--not an unusual number of agencies in these types of incidents."

Still, Dispatch notes there have been numerous arrests for these types of prank calls, like this guy. 

Many of the people initiating these false SWAT responses think they're being funny, it turns out. Wait until somebody gets killed. If that happens, can authorities bring murder charges against the "merry pranksters?"

Let's hope so.

No comments:

Post a Comment