Advertisement

The growing problem of ‘swatting’ and why experts say it’s a dangerous trend

Click to play video: 'Growing problem of ‘swatting’ and why experts say it’s a dangerous trend' Growing problem of ‘swatting’ and why experts say it’s a dangerous trend
WATCH: Metrotown Mall and SkyTrain station evacuated after reports of a shooting and a pipe bomb – Oct 2, 2021

Cybersecurity experts say Burnaby RCMP could have their work cut out for them as they try to identify who was behind an apparent hoax that prompted a massive police response at Metrotown on Friday.

RCMP and Metro Vancouver Transit Police responded in force Friday afternoon, amid reports of a pipe bomb at the SkyTrain station and active shooter in the mall.

Read more: Burnaby RCMP investigating ‘swatting’ after Metrotown bomb and shooting scare

Panicked shoppers and commuters were forced to evacuate, but after searching the sites investigators found no threat. Police said they’re now investigating the incident as a potential “swatting” attack.

One person was also arrested in relation to a third phony bomb threat at a Port Moody school, and Mounties said they’re working to determine if the three events were related.

Story continues below advertisement

Potentially deadly ‘prank’

“Swatting” refers to an intentional phony report to police intended to provoke the deployment of an Emergency Response Team, explained BCIT digital forensics and cybersecurity instructor Ilia Lvovsky.

“For example, there’s a hostage situation, or there’s a bomb or there is an active shooter and by that getting the SWAT unit to respond,” he said.

Read more: The rich Canadian history of ‘swatting’

Michael Argast, co-founder of cybersecurity firm Kobalt.io, said the attacks are frequently associated with the online gaming community, though motivations have ranged from pure prank to revenge to attack-for-hire.

“Like many other forms of attacks, once the criminals figure out how to conduct it, once it can get monetized — so there are even swatting services available on the dark web,” he said.

Click to play video: 'Manitoba RCMP arrest teen accused of “swatting” incidents in the United States' Manitoba RCMP arrest teen accused of “swatting” incidents in the United States
Manitoba RCMP arrest teen accused of “swatting” incidents in the United States – Sep 8, 2021

Cybersecurity experts say swatting attacks are a growing problem, though it’s difficult to track exactly how many occur as they may be logged in different ways by differing police agencies.

Story continues below advertisement

In 2019, former FBI swatting expert Kevin Kolbye told The Economist the U.S. could be dealing with as many as 1,000 per year. The attacks have been on the bureau’s radar since at least 2008.

While they waste police resources, their consequences can be far more severe.

Read more: Manitoba RCMP arrest teen accused of ‘swatting’ incidents in the United States

“It could be deadly,” Lvovsky said — pointing to a 2017 case where a dispute between online gamers led to a fatal swatting attack when police were deployed to an unrelated third person’s home in Wichita, Kansas.

“So a SWAT unit was dispatched to someone else’s address, and as a result of the dispatch, an individual was killed, because when a SWAT unit is dispatched you never know what is going to happen.”

A 26-year-old California man was eventually convicted and sentenced to 20 years in prison in the incident.

In 2020, a Tennessee man died of a heart attack during a swatting incident, and swatting attacks have resulted in numerous cases of property damage.

Covering their tracks

According to Argast, evolving technology is making it increasingly easy for criminals to hide their identities.

Story continues below advertisement

He points to so-called “spoofing” tools that allow a malicious actor to present a false number when making a call — something any Canadian who’s received a CRA scam call in recent years will be familiar with.

“They spoof a local number and unfortunately it’s difficult for emergency services to distinguish that number,” he said.

Criminals have also been able to make use of voice over internet protocol (VoIP) calling to mask their identities, he said.

Click to play video: 'Calgary police investigating swatting calls' Calgary police investigating swatting calls
Calgary police investigating swatting calls – Feb 11, 2019

“Like many cyberattacks, it’s quite difficult to conduct attribution of the source of attacks,” he said.

“It is possible, depending on the right technology and types of forensics investigation, but that doesn’t necessarily mean the police will be successful in this instance if the attacker has been successful at hiding their footprints.”

Story continues below advertisement

Despite the challenges, police in Canada have successfully tracked several alleged swatters.

In 2014, four Canadian teens were charged with swatting incidents, including one from Coquitlam who had reported fake plans for a mass shooting in Florida.

Read more: Alleged ‘swatting’ activities in Canada and U.S. lead to arrest: Saskatoon police

In March, a Saksatoon teen was arrested for alleged swatting activities in Canada and the U.S., and just last month, a Manitoba teen was arrested over similar threats in North Carolina.

If Friday’s attack was in line with those previous Canadian incidents, Lvovsky said he believes Burnaby RCMP will have an easier time catching the culprit.

“If it’s a teenager trying to prank somebody, I think it would be rather easy,” he said. “That’s what happened in 2014 with the Canadian teenager. He was bragging about it on Twitter.”

Lvovsky had a message for anyone else thinking of a copycat attack.

“It’s a bad thing to do and people can get hurt,” he said.

“If you think you want to prank someone, find another way. Don’t call emergency services, it’s a very bad way to do it and you will probably get caught.”

Advertisement

Sponsored content