The FBI Warns About This New Threat to Home Security Devices

A scary, new attack targets owners of smart devices including home security cameras—and could have deadly consequences.

We may be getting smarter about our digital security, but hackers are getting smarter too. Recently, criminals have targeted smart devices with cameras and voice capabilities in scary attacks called swatting, according to a new report by the FBI. Learn why the FBI warns about this new online shopping scam, too.

As more people purchase smart devices with cameras like home security tech, the risk of these attacks has grown, says Randy Pargman, vice president at Binary Defense, a cybersecurity company, and a former FBI computer scientist. (He notes that his statements represent Binary Defense, not the FBI.) Here’s what you need to know about this new security threat to smart devices—and how to prevent it from happening to you. You’ll also want to know all the mobile security threats you need to be on the alert for.

What is swatting?

A “swatting” attack involves someone calling 911 and falsely reporting a life-and-death emergency at the target’s address, prompting a SWAT team or other first responders to arrive at the location with guns. The attackers use a caller ID “spoofing” technology to hide their identities and make it seem as though the phone call is coming from the victim’s phone number. Unlike most online scams, swatting attacks are carried out for revenge or amusement rather than money. Attackers “just do it because they want to cause chaos,” Pargman says. On the other hand, watch out for these phone call scams that could actually steal your money.

How the scam works

In the past, most victims of swatting attacks were people who streamed live videos of themselves from their homes, according to Pargman. Attackers targeted those individuals because they could watch the attack play out while the camera was rolling. But new information from the FBI shows that anyone who has a live camera connected to the Internet could now be at risk. Since many people reuse their email passwords for their smart devices, attackers can log in to the account using the stolen password and turn on the device’s camera and microphone at any time. Then, after placing the fake 911 call, they can watch the attack live through the compromised device. Find out the 20 tricks cyber scammers use to hack your stuff.

Why it’s so dangerous

Responding to a phony report of violence or weapons in a home can be a tense, frightening situation for both police officers and victims. Not only do the police arrive with their guns aimed at the house, but they also call for the occupants to come outside with their hands up. Sometimes, the confusion and panic that follows can lead to tragedy. In December 2017, a Kansas man was killed after police were mistakenly sent to his home in a botched swatting attack. While deaths from swatting are rare, “every incident results in a dangerous situation that is horrific for everyone unfortunate enough to be in the house,” Pargman says.

Red flags to watch out for

If you own a security camera system or any other video device that can be accessed through the web, you could be vulnerable to swatting attacks, according to the FBI report. “It’s never a good thing when someone else logs into any of your accounts, but being able to view a live camera feed could be especially dangerous,” Pargman says. He recommends paying attention to any unusual or unexpected activity on your smart devices, such as notifications of password changes or attempts to log into your account. Hearing strange sounds coming from the device, like someone talking or making noises, is another red flag that your account might be compromised. Beware of the red flags someone is spying on your computer, too.

How to protect your devices

Only three pieces of information are needed for a swatting attack: your address, phone number, and access to your live camera or microphone. That information is disturbingly easy to find online, according to Pargman. “On the underground criminal forums that Binary Defense monitors, I see troves of such information about millions of people traded and sold constantly,” he says. To protect yourself, Pargman recommends setting up two-factor authentication and using a unique password for each online account, especially your email. He also suggests using a mobile app for two-factor authentication instead of receiving the code through text message, which is less secure. Boost your security even more by checking these iPhone privacy settings right now.

What to do if you’re a target

Though you may never be the target of a swatting attack, it’s important to make a plan just in case. Preparing your response can keep you calm in the moment—and potentially save your life. “Although it is scary, the most important thing is to follow the instructions of the police and don’t make any sudden moves that could be misinterpreted as a threat,” Pargman says. Spread the word to other members of your household, too, especially anyone who streams live video or plays video games online. If you think you could become a victim of swatting, ask your local police department if they have a system to note that your house may be a target, and suggest that they adopt one if they don’t.

Sources:

  • Randy Pargman, Vice President of Threat Hunting & Counterintelligence at Binary Defense
  • IC3.gov. “Recent Swatting Attacks Targeting Residents With Camera and Voice-Capable Smart Devices”
  • Wired.com. “It Started as an Online Gaming Prank. Then It Turned Deadly”