What’s your emergency?: How online threats can lead to armed police at your door

OPEN IN VIEWER

Victims of swatting attacks are having their homes raided by police Swat teams after online trolls place hoax emergency calls

CREDIT: Jonathan Wiggs / The Boston Globe via Getty Images

What happens when online threats move into the real world, asks Jason DaPonte, as he looks at the rise of potentially dangerous hoaxes

IMAGINE AN ARMED Special Weapons and Tactics team surrounding your home following a hoax call that an emergency crime situation is under way. Hollywood is all too familiar with this trick, known as “swatting”. Entertainers including Tom Cruise, Justin Bieber and the Kardashian family have all been reported victims of an anonymous tip-off to the police. Writers, gamers and members of the public have also been targeted. Some writers have taken it as a warning, a clear indication that they are being watched and should watch their step.

“Don’t just tell [victims] to turn off their computers,” Ari Ezra Waldman, associate professor of law at the New York Law School and expert in cyber-harassment told Index. A common reaction has been to tell people receiving online threats that they should stop using social media. The police, said Waldman, often struggle to know how to handle this growing problem. “There are laws out there, but law enforcement agencies are sometimes just stretched too thin.”

Brian Krebs, the editor of the tech security blog Krebs on Security, was one of the first journalists to be “swatted” in 2013. His home address in the US state of Virginia was obtained, an anonymous call was made, and heavily armed police were sent to his house to bust a hostage situation that didn’t exist. Since then a variation of the trick has arrived in the UK: Justine Roberts, founder of online parenting community Mumsnet, also had armed police turn up at her house in the middle of the night in 2015, after reports that a gunman was on the loose there. Roberts was away at the time, but said her au pair woke with a start when police burst in. She became the victim of hackers, who had brought down the Mumsnet website.

In the wake of the murder of British MP Jo Cox in June 2016, a number of female MPs who have been victims of online threats have been cautioned by police to increase their security. Scottish MP Nicola McGarry worries about how these attacks could silence political participation. A spokesperson for McGarry told Index, “This strikes at the heart of the challenge facing our politics and democracy. We already face a gulf in the equal representation of women, people living with disabilities and LGBT people in our democracy. People will be driven away from participating in politics as long as this savage side of the internet is left unchallenged.”

Swatting attacks, however, are difficult to prevent because once a call to the emergency services is made, authorities have little choice but to respond. The danger is, although most victims immediately co-operate and are thus not harmed, children or others in the targeted home or business who may not know what’s happening could get caught in the middle, or an item being carried by the homeowner could be mistaken for a weapon and police may respond accordingly. YouTube videos of the attacks – which have been captured after hackers take control of users’ webcams – have shown gamers wearing headphones, not hearing the authorities approaching and getting wrestled to the ground at their computers after the police break in.

Doxxing is the main practice that leads to swatting attacks (see Doxxed in Volume 44, 3/2015). This is the disclosure of the personal details (including home address) of individuals so they can be targeted with physical threats and harm. It is a widespread practice carried out by malicious hackers that have often released the documents (aka “docs” or “dox”) that show where their enemies live. Doxxing is not technically illegal, though hacking to get people’s personal information is, as is inciting violence against an individual. In July, Mir Islam, a 22-year-old from New York, was convicted of cybercrime (along with other charges) and sentenced to a two-year prison term. He was part of an anonymous syndicate which was behind the swatting attack on the Krebs’ house, and which also published online the personal details of celebrities and officials, including First Lady Michelle Obama.

“Perpetrators of these hoaxes purposely use our emergency responders to harm their victims,” said US Congresswoman Katherine Clark (D-MA) in November 2015 when she introduced a House bill to tighten US laws on swatting. Currently, US federal law prohibits bomb or terrorist-attack hoax calls but not the false reporting of other emergency situations. The new bill aims to close this loophole. “These false reports are dangerous and costly, and have resulted in serious injury to victims and law enforcement. It is time to update our laws to appropriately address this crime,” said Clark, who, just a few months after speaking out, herself became a victim of a swatting attack.

Right-wing free speech activist, author and lawyer Mike Cernovitch from Los Angeles, claims to have suffered swatting threats and attacks that have forced him to stay in hotels to avoid being home when attacks might come. He told Index: “I’m generally against more federal laws but … the feds have far more resources than local resources do to prosecute swatting.”

Cernovitch claimed he was swatted because he was embroiled in the “GamerGate” controversy in 2014 where people on both sides of a debate on sexism in the gaming industry suffered cyber harassment because of their opinions. He told Index his feelings about general online threats are different to his feelings about swatting and that there is a need for stronger laws against swatting. “Online threats simply aren’t credible and police have learned that nothing happens when they investigate. I have never heard of anyone having a death threat they get on the internet carried out on them. The recipients shouldn’t take them seriously,” he said.

Staff at HeartMob, a platform against online harassment that launched in January in New York, disagree. Their team takes threats very seriously – those that users report on their site and those that their staff will receive as a result. Before launching, they put a multi-point safety plan in place. This included: obscuring all personal information about their five members of staff and their families to avoid them being doxxed, as well as a number of physical measures including added security at their office, a plan for a swatting attack, and carrying pepper spray with them.

“We received death threats because we were launching a project to protect people harassed online. They tried to silence us and tried to make the project too risky to do,” Emily May, the chief executive of the company behind the project, told Index.

Law enforcement is often seen to be slow to respond to the online threats like those made to Hollaback, the company behind HeartMob, because the threats aren’t seen to be “actual and specific” or “real” because they occur online. “Police need to get with the times,” May said.

Swatting and doxxing are normally carried out using online anonymity tools that are designed to protect people online; which unfortunately means that it can be incredibly difficult to trace and prosecute them especially because the investigations often have to cross national borders. A Canadian teenager, known online under the screen-name Obnoxious, was prosecuted in July 2015 for serial swatting, including a reported eight-hour video “marathon” of him swatting victims’ homes; the investigation by Canadian and US police had taken over a year.

“The national/international nature of some of these crimes means that we need a national or international approach. It’s not uncommon for the FBI to work to identify criminals who try to hide [between jurisdictions],” Waldman told Index. “It wouldn’t be hard, we have the technology to do it – we can’t just rely on a local police department that deals with all the local issues.”

Yakety yak (Don’t hate back)

SEAN VANNATA looks at how an anonymous social network was banned on some US university campuses

A social media app that allowed users to trade thoughts while remaining unidentified has narrowed its idea of complete anonymity after complaints of cyberbullying. Yik Yak, which launched in the USA in 2013 and became popular across college campuses, introduced mandatory profiles for users in July this year.

The social network offers students in the same area the ability to talk among themselves, contributing comments, known as “Yaks”, to a single thread. Yet, unlike on Twitter or Facebook, posts could not be traced to a single user.

Many argued that this complete anonymity encouraged cyber bullying and hate speech. In November 2014, during the peak of Yik Yak’s popularity, Utica College in New York blocked the app on university servers after multiple complaints from students. A number of other schools have also banned it.

A group of African American students at the University of Pittsburgh released a video of themselves reading racist Yaks aloud. “Hate black people more and more everyday […] get a job, get off the street, and stop acting like a bunch of zoo creatures,” read one. A student from Western Washington University is currently awaiting trial for malicious harassment, relating to alleged posts on the network.

Yik Yak has slowly moved away from total anonymity by introducing direct messaging, the ability to post pictures, and usernames. The new profiles do not require a real name or picture, but users can now view a profile behind a Yak. From July 2015 it has required users to verify their accounts with a phone number. It has also employed geofencing to control who can use it. Yik Yak’s website says, “We disable Yik Yak near middle and high schools to combat bullying.”