The US Federal Bureau of Investigation says pranksters are hijacking weakly-secured smart devices in order to live-stream swatting incidents.
“Recently, offenders have been using victims’ smart devices, including video and audio capable home surveillance devices, to carry out swatting attacks,” the FBI said in a public service announcement published today.
Officials say pranksters are taking over devices on which owners created accounts but reused credentials that previously leaked online during data breaches at other companies.
Pranksters then place calls to law enforcement and report a fake crime at the victims’ residence.
“As law enforcement responds to the residence, the offender watches the live stream footage and engages with the responding police through the camera and speakers,” the FBI said.
“In some cases, the offender also live streams the incident on shared online community platforms.”
These types of incidents, called swatting, have increased across the US in recent years and have even resulted in people’s deaths through accidental shootings.
The first known cases of a swatting incident being live-streamed online date back to the mid-2010s. The difference between what the FBI is reporting now and those initial incidents is that devices weren’t being hacked.
Pranksters would identify social events that were being streamed online and would arrange the event to be swatted, such as weddings, church meetings, and more.
Many of these swatting calls are being placed through online services that provide anonymous calling capabilities — such as Discord bots and dark web services.
To counteract with this new rising hack&swat cases, bureau officials said they are now working with device vendors to advise customers on how they could select better passwords for their devices.
Furthermore, the FBI said it’s also working to alert law enforcement first responders about this new swatting variation, so they may respond accordingly.
As for device owners, the same advice remains valid: Use complex and unique passwords for each of your online accounts. Use two-factor authentication where available.