Swatting has serious implications and shouldn’t be ignored

A rash of “swatting” incidents occurred across the country in September. Swatting is the practice of falsely reporting an emergency to elicit a law-enforcement response, ideally one involving the SWAT (special weapons and tactics) team.  As an example, Cincinnati-area high school was placed on lockdown when a 911 call was made to report an active-shooter incident; it later was learned that several other Ohio high schools were targeted similarly.

They’re not alone. In Minnesota, a dozen schools had to go on lockdown because of false reports of active-shooter incidents. In Colorado, several schools were targeted in swatting incidents, as was the Denver Public Library. In all, about three dozen incidents across 16 states were reported at the time. In November, several schools in Maine were victimized by a swatting incident that, again, involved false reports of active-shooter incidents.

Swatting is nothing new. It is a harassment tactic that inconveniences public-safety organizations, including emergency communications centers (ECCs), while wasting emergency resources and placing emergency responders and the community at risk unnecessarily. That’s worrisome enough, but more troubling is that today’s swatting incidents are a means of probing the nation’s emergency-response infrastructure to uncover vulnerabilities that could be exploited for far more nefarious purposes.

Deadly consequences

Every once in a while, swatting incidents cost someone their life. A swatting incident occurred in Tennessee in 2021 because the swatter wanted to harass someone into relinquishing a desired Twitter handle. A 911 call was made that falsely reported that a murder had occurred at the swatting victim’s home. When police officers arrived, the stress apparently caused the victim, a 60-year-old grandfather, to suffer a fatal heart attack.

A high-profile incident occurred in December 2017 in Wichita, Kansas. This time, a dispute between online gamers turned ugly. One group, reportedly seeking retribution for some perceived wrongdoing, contacted a known swatter-for-hire in Los Angeles and convinced him to act on their behalf. The swatter placed a call, spoofing his telephone number, to an administrative line at city hall and a security guard transferred the call to 911. The caller told the 911 telecommunicator that he had shot his father in the head, was holding his mother and sister at gunpoint, had doused the house with gasoline, and was contemplating setting the building ablaze.

The telecommunicator dispatched a police response to the address provided by the caller. When police arrived, a 27-year-old man answered the door, and immediately was told to raise his hands and walk toward the officers. Regrettably, he lowered his hands to his waist, and an officer found the action threatening enough to fire a single shot at the man, killing him.

As if this event wasn’t tragic enough, the man had nothing to do with the online gaming dispute. In fact, he reportedly wasn’t a gamer at all—the swatter had provided a wrong address for the actual swatting target.

Given all of this, swatting should be on the radar screen of every public-safety agency—but it’s not. I suppose it’s because officials believe it’s not going to happen to them. And statistically speaking, they’re probably correct.

According to the National Emergency Number Association (NENA), about 240 million emergency calls are received by the 911 system annually. Unfortunately, the Federal Bureau of Investigation (FBI) doesn’t track swatting specifically in its crime statistics. However, Kevin Kolbye, a former FBI swatting expert who is now the assistant chief of the Arlington (Texas) Police Department, estimated that the number of incidents in 2019 was about 1,000—a number so small that it is statistically irrelevant.

A rethinking is needed

This type of thinking is similar to the thought process that fuels the debate concerning the use of seat belts in automobiles. Inconceivably, a small number of people still refuse to wear them, even though it is required in all 50 states, because they think they never will be in a life-threatening crash. And again, statistically speaking, they’re probably correct—it is estimated that only 1.34 traffic fatalities occur for every 100 million miles traveled.

But this thinking is wrong-headed, If you ever are in a moderate-to-severe car crash you’re going to want to be wearing a seat belt/shoulder harness and be driving an airbag-equipped vehicle, because it has been shown that this combination of protective devices reduces fatalities in such crashes by 61 percent.

This type of thinking is just as wrong-headed as it pertains to swatting. One thing that immediately can be done is having the Federal Communications Commission (FCC) ensure that voice-service providers have implemented the FCC’s STIR/SHAKEN caller ID authentication framework. The framework provides a methodology for reducing the effectiveness of illegal spoofing, thus making it easier to identify bad actors. The framework originally was developed to combat illegal robocalls, but it also can be applied to the 911 system to root out swatting calls. While originating service-provider (OSP) participation in STIR/SHAKEN continues to improve, there is still much more to be done. In May 2022, the FCC issued a Report & Order that extended STIR/SHAKEN obligations to gateway providers.

Some communities have engaged with their residents and established anti-swatting registries, allowing individuals who fear being the target of a swatting incident to alert local law enforcement in advance and provide additional information that can be shared with responders if a swatting incident does occur. But other agencies—for example, the Los Angeles Police Department (LAPD)—no longer publicly share information about celebrity-involved swatting incidents to reduce the likelihood of copycat activity.

Given their volume, robocalls are a scourge, but every swatting incident is a potential disaster. Consequently, swatting needs to be given greater attention by the emergency-response community.

The 911 community can do more to prevent future tragedies when it comes to these attacks. Working with legislators to increase penalties for swatting convictions is just one example. In the case of the Wichita incident referenced above, the perpetrator was sentenced to 20 years in prison. Meanwhile, the Ohio legislature is considering a bill that would make swatting a third-degree felony, and a first-degree felony if someone is injured. Under this new law, anyone convicted of swatting not only would face prison time but also the possibility of fines and restitution.

We need more of this to deter future bad actors.

Other actions that can be taken include implementing swatting-specific policies and developing enhanced caller-interrogation training. Regarding the latter, a recent article published by the Association of Public-Safety Communications Officials (APCO) suggested that telecommunicators should be trained to ask questions that could uncover that the call is potentially a swatting incident.

For example, the caller might be able to describe the exterior of a building but is unable to provide any details about the interior (that they are supposedly inside), which would raise suspicion of a swatting incident. Another telltale sign is when an incident that typically generates dozens of 911 calls—such as an active-shooter incident at a school—is the subject of only a single call. Although my experience in an ECC tells me that there are never any guarantees, when that type of situation happens, something likely is amiss.

Other suggestions are that telecommunicators should be trained to listen to background noise when interacting with a suspected swatter, because doing so might yield clues that the call is bogus. Other clues include not getting an immediate response to the 911 call-taker’s question, which sometimes indicates the caller is “thinking on the fly” to determine the believability of the answer that they are providing.

These are great suggestions that are much-needed. When it comes to preventing swatting incidents, vigilance is a critical tool.

John Chiaramonte is consulting division president for Mission Critical Partners, which provides consulting, management, and cybersecurity services and solutions to public-sector organizations. Email him at [email protected].