Defending public safety: Mitigating swatting attacks linked to data breaches and deepfakes

By Sylvie Truong, The Readable
Feb. 5, 2024 5:47PM GMT+9 Updated Feb. 6, 2024 10:08AM GMT+9

Over a dozen public leaders in the United States have been targeted in recent swatting attacks, and a ransomware gang threatened to swat cancer patients using compromised data if ransom demands were not met.

Swatting is a harassment tactic in which a false report of a serious crime is lodged against an individual or organization in order that an armed SWAT team be deployed to the victim’s location, thereby placing the victim in danger of being shot or killed. Deceptive information, often about a hostage crisis or a mass shooting, misleads law enforcement. Although swatting is not a new phenomenon, malicious actors threatening to leverage data from breaches and the use of artificial intelligence (AI) deepfakes for creating threats raises concerns that they will become more common. Swatting has led to the deaths of innocent people, and the surge in swatting attacks calls for swift and strong countermeasures.

Recent Incidents Targeting Public Officials and Cancer Patients

In late December, Jen Easterly, the director of the U.S. Cybersecurity and Infrastructure Security Agency, was targeted in a swatting attack, as initially reported by the Record. On December 30th, Nikki Haley, current U.S. Presidential candidate and former U.S. ambassador to the United Nations, was also targeted in a swatting attack. An unknown man called the police and claimed he shot a woman then threatened to harm himself while inside Haley’s home. Haley’s elderly parents were present at the time, and when the police arrived, they drew their guns on the couple, ages 87 and 90. Luckily, the situation was deescalated and no one was hurt. Such occurrences, however, far from being isolated incidents, are becoming commonplace, with more than a dozen government officials, judges, lawmakers, and prosecutors having been targeted with similar attacks in recent weeks.

Cancer patients, in addition to public officials, were also targeted with swatting attacks, originating from ransomware gangs. A notable case occurred in November 2023, when the Fred Hutch Cancer Center in Seattle fell victim to a ransomware attack. Hunters International ransomware gang claimed responsibility for the attack and then escalated the situation by threatening to send swat teams to the homes of cancer patients.

Mitigation Strategies

Ransomware gangs are driven by ruthless financial motives, and those targeting public officials aim to instill fear and provoke chaos. Addressing the surge in swatting demands a collective effort from all stakeholders, and in pursuit of this goal, four mitigation strategies are listed below. The opinions stated herein are my own and do not represent the official stance of the Readable.

1. Legislative Action: Penalties for swatting vary based on the seriousness of the case and where the crime occurred. Laws must be improved to ensure that punishments are consistent and consistently applied. For example, while federal statutes make recommendations on fines and jail time, there is no set minimum punishment. Establishing a minimum penalty and stiffening punishments overall would do much to deter future swatting attacks.

2. Information Sharing: Fostering increased collaboration between law enforcement agencies at local, state, and federal levels is crucial. U.S. law enforcement agencies are decentralized and many swatting incidents are handled at a local level. This means there may not always be communication between agencies and departments regarding these attacks. In May 2023, the FBI launched a swatting database to identify patterns, trends, and commonalities across various swatting incidents in order to enhance law enforcement's understanding of swatters and their methods of operation. Collaborative efforts are needed for developing profiles of malicious swatters and to gain a comprehensive understanding of their modus operandi. Encouraging international cooperation could also help track and apprehend perpetrators operating overseas.

3. Deepfake Detection: AI technology capable of verifying the authenticity of emergency calls must play a crucial role in combating swatting threats, especially those that involve the use of deepfakes and caller ID spoofing by malicious actors. This will involve creating technology that can differentiate between real human voices and AI-generated audio while also rapidly identifying spoofed telephone numbers. Hany Farid, a UC Berkeley professor and expert in digital forensics and deepfakes, notes the importance and challenges of developing effective audio deepfake detection. In an interview with Scientific American last month, Farid emphasizes the scarcity of labs capable of reliably identifying AI-generated audio and is skeptical about the reliability of current deep fake detection tools. He suggests an imbalance between the resources used to create fake content, and those allocated to detection efforts. Securing funding and enhancing collaboration between the public and private sector is essential for the development and deployment of effective AI solutions.

4. Emergency Dispatchers: Ensuring that emergency dispatchers receive regular briefings on swatting trends, evolving technological manipulation techniques, and other relevant insights is crucial for staying ahead of potential threats. Providing dispatchers with strategic tactics to manage swatting incidents during phone calls could improve their effectiveness in responding.

Recent incidents targeting public officials and cancer patients emphasize the need for more comprehensive mitigation strategies. Furthermore, victims experiencing armed SWAT teams entering their homes endure emotional distress and anxiety, with potential long-lasting psychological impacts. Instances where innocent lives were lost—such as an innocent man being shot and killed by police, or a grandfather dying from a heart attack after a SWAT team suddenly entered his home—further bring home the fact that swatting attacks are more than merely traumatizing—they are also deadly. For it is only through collaborative efforts that we can build up a resilient defense against the ever-worsening and increasingly dangerous tactics employed by malicious actors.

sylvie@thereadable.co

The cover image of this article was designed by Areum Hwang. This article was reviewed by Dain Oh and copyedited by Arthur Gregory Willers.


Sylvie Truong is a regular contributor to The Readable. Her interest in cybersecurity began in 2015, while working as a biomedical researcher at Columbia University’s Irving Medical Center. She worked in the Molecular Imaging and Neuropathology Division, analyzing data using various software programs. Due to her experience there, she developed an interest in cybersecurity and implementing better practices to protect personal data, valuable research information, and more. Sylvie holds a master’s degree in neuroscience and education from Columbia University.