The U.S. Federal Bureau of Investigation reports that pranksters are hijacking weakly guarded smart devices for live-stream swatting events.
“Recently, offenders have been using victims’ smart devices, including video and audio capable home surveillance devices, to carry out swatting attacks,” the FBI said in a public service announcement released today.
Officials claim that pranksters take over the computers on which owners have built accounts but have reused certificates that have previously leaked online during data breaches in other businesses.
Pranksters then give a call to the law enforcement authority and announce a false crime at the victim’s home.
The FBI said when the law enforcement officers respond to the house, the perpetrator watches live stream video and addresses the responding police through the microphone and speakers.
“In some cases, the offender also live streams the incident on shared online community platforms.”
These forms of accidents, called swatting, have escalated across the US in recent years, and have also resulted in people dying from an accidental shooting.
The earliest reported cases of a live-streaming event date back to the mid-2010s. The distinction between what the FBI is reporting now and the original events is that the machines were not being compromised.
Pranksters can recognize social gatherings that were streamed live and plan for the event to take place, such as weddings, church functions, and more.
Many of these swatting calls are made by internet platforms that offer encrypted calling capabilities—such as Discord bots and dark network services.
To counteract these emerging hack&swat cases, office officials said they are now partnering with software manufacturers to educate consumers about how to pick safer passwords for their smartphones.
Also, the FBI said it was still trying to alert first-time law enforcement officers to this new swatting variation, so they could react appropriately.
As far as computer owners are concerned, the same advice remains valid: use complicated and special passwords for each of your online accounts. Use two-factor authentication if available.
