The FBI warns of a rise in “swatting attacks,” whereby hackers use compromised email accounts to access smart devices to make hoax calls to emergency services.
The FBI issued the warning after smart home device manufacturers notified law enforcement that offenders have been using stolen e-mail passwords to access smart devices with cameras and voice capabilities and carry out the attacks.
In a public service announcement, the FBI advises users to employ complex, unique passwords and enable two-factor authentication to help protect against the attacks.
What is ‘Swatting’?
Swatting is a term used to describe a hoax call made to emergency services, typically reporting an immediate threat to human life, to draw a response from law enforcement and the SWAT team to a specific location, according to the PSA.
Confusion on the part of homeowners or responding officers has resulted in health-related or violent consequences and pulls limited resources away from valid emergencies, the FBI states.
“Swatting may be motivated by revenge, used as a form of harassment, or used as a prank, but it is a serious crime that may have potentially deadly consequences,” the announcement says.
As of late, hackers have turned to using victims’ smart devices, including video and audio capable home surveillance devices, to carry out swatting attacks. To gain access to the smart devices, hackers are likely taking advantage of people who re-use their email passwords for their smart device, the PSA states.
The stolen email passwords are used to log into the smart device allowing hackers to takeover features, including the live-stream camera and device speakers.
“They then call emergency services to report a crime at the victims’ residence. As law enforcement responds to the residence, the offender watches the live stream footage and engages with the responding police through the camera and speakers.
In some cases, the offender also live streams the incident on shared online community platforms,” the PSA states.
The FBI says it is working with private sector partners that manufacture smart devices to advise customers about the scheme and how to avoid being victimized. The FBI is also working to alert first responders to the scheme.
Users of smart home devices with cameras and/or voice capabilities are advised of the following guidance to maximize security:
- Practice good cyber hygiene by using strong, complex passwords or passphrases for online accounts.
- Do not duplicate the use of passwords between different online accounts.
- Update passwords on a regular basis.
Users should enable two-factor authentication for online accounts and on all devices accessible through an internet connection in order to reduce the chance a criminal could access their devices.
The FBI also highly recommends that the user’s second factor for two-factor or multifactor authentication be a mobile device number and not a secondary e-mail account.
The agency urges anyone who believes their e-mail or other smart device credentials were compromised to report the incident at ic3.gov.
This post premiered on our sister site, Security Sales & Integration.