New Jersey Cybersecurity Bulletin: Swatting Mitigation Strategies and Reporting Procedures

The following document was obtained from the website of the Iowa Department of Education.

Swatting: Mitigation Strategies and Reporting Procedures

Page Count: 4 pages
Date: June 17, 2015
Restriction: TLP: GREEN
Originating Organization: State of New Jersey, Cybersecurity & Communications Integration Cell
File Type: pdf
File Size: 395,586 bytes
File Hash (SHA-256): 137DD9728383B51B13F5E579F288C03E8CDEAAEFBC3E57EB015D7E46B136AD6F

Download File

The NJCCIC provides the following information to aid our public and private sector partners throughout the State in mitigating ‘swatting’, a pervasive threat impacting schools, hospitals, shopping malls, and private residences in New Jersey and throughout the nation. Due to the ease by which malicious actors are able to conceal their location and identity using a variety of openly available online tools, as well as institutional and international obstacles limiting law enforcement’s ability to investigate these crimes, the NJCCIC assesses the swatting threat will persist and the targeting scope may expand to other commercial venues such as sporting events, hotels, or mass transit locations. Therefore, proactive mitigation strategies and coordination between the public and private sector, state and federal law enforcement, and the intelligence community is essential to preventing and limiting the impact of these incidents.

The NJCCIC defines swatting as a false report of an ongoing emergency or threat of violence intended to prompt an immediate tactical law enforcement response. Swatting is not a new threat; rather, it has evolved over the last decade and includes a range of tactics and techniques used to cause false public alarm and divert law enforcement resources to a hoax threat. While certain incident types and tactics have received more media coverage than others, swatting scenarios include bomb threats, active shooter scenarios, threats of an imminent shooting rampage, hostage scenarios, and threats involving chemical, biological, radiological, nuclear, or explosives (CBRNE) agents.

– The motivations for swatting vary and include the attention gained from national media coverage and discussions on social media or online forums, revenge against gamers or those responsible for previous swatting incidents, and financial gain. Malicious actors post advertisements in online forums and black market sites offering to conduct swatting for a fee and to boast of their previous swatting successes.

– Incidents of swatting across the country are commonly linked, and investigations often lead to groups of malicious actors outside the US. These foreign actors are often contacted and paid to conduct the swatting act by a student of the targeted school or a video game player who provides the name and address or workplace of another gamer against whom they are seeking revenge.

– Many of the recent incidents in New Jersey involve the targeted location receiving the swatting call, as opposed to reporting the emergency directly to law enforcement agencies, and an anonymous caller using a computerized text-to-speech voice. Swatting incidents in which the caller does not provide a name, and there are no claims of responsibility following the incident, differ from historical cases and indicate a potential shift away from motivations of revenge and recognition.

Swatting calls can be successfully mitigated using follow-up questioning to identify inconsistencies or weaknesses in the caller’s storyline or to make the caller feel their attempt is failing. Those receiving the call should ask multiple questions in quick succession, and repeat questions later in the call to identify inconsistencies.

– “What is your full name?” (ask again later during call, and specifically ask for a middle name)
– “Where are you calling from?”
– “What is your phone number?”
– “Why didn’t you call 911 directly?” (for VoIP calls to non-emergency dispatch line)
– “I need a call back number in case we get disconnected. What is your mobile or home number?”
– “Why are you reporting yourself?”
– “Why is there no noise in the background?”
– “What is that noise in the background?” (when background noise is inconsistent with the story)
– “Why does it sound like you are typing on a computer keyboard?”
– “Are you targeting anyone in particular?”
Caller claims to be inside, near, or on the roof of a school:
– “How did you get on the roof?”
– “Where exactly are you on the roof?”
– “How are you going to get inside the building?”
– “Do you know a student at the school?”
Caller claims to be inside or near a mall, hospital, or other commercial venue:
– “Where are you in the building?”
– “What are you near?”
– “Which building are you in/on?” (when there

Share this: