Prosecutors have charged two men with conducting “swatting” attacks that used Ring cameras to livestream the response and taunt police.
Swatters make a false report to law enforcement that prompts an armed response to an address. While often intended to be a sick form of entertainment, they pull resources from where they could actually be needed and — in several cases — have proven to be fatal.
Kya Christian Nelson and James Thomas Andrew McCarty compromised 12 Ring cameras after gaining access to the Yahoo Mail accounts of their owners.
Prosecutors say Nelson and McCarty called in false reports to local law enforcement of the Ring owners to draw an armed response. The calls were placed in a single week starting on 7 November 2020 and the responses streamed online.
“Defendants Nelson and McCarty would access without authorization the victims’ Ring devices and thereafter transmit the audio and video from those devices on social media during the police response,” the prosecutors wrote.
On 8 November, a false report was placed to police in West Covina, California from a purported minor that claimed their parents had been drinking and shooting guns inside the home. When officers arrived, Nelson accessed the Ring to verbally threaten and taunt the police.
“Defendants Nelson and McCarty would verbally taunt responding police officers and victims through the Ring devices during the police response,” added the prosecutors.
The other 11 swatting attacks took place in Flat Rock, Michigan; Redding, California; Billings, Montana; Decatur, Georgia; Chesapeake, Virginia; Rosenberg, Texas; Oxnard, California; Darien, Illinois; Huntsville, Alabama; North Port, Florida; and Katy, Texas.
In 2020, Ring implemented mandatory two-factor authorisation (2FA) to make it more difficult for its popular devices to be compromised.
If email was used for 2FA then it wouldn’t have helped in this scenario since the victims’ email accounts were compromised. A hardware key or authenticator app is recommended for 2FA over email or SMS.
Want to learn about the IoT from industry leaders? Check out IoT Tech Expo taking place in Amsterdam, California, and London. The event is co-located with Cyber Security & Cloud Expo.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.