Swatters used Ring cams to stream victims and taunt police

ring doorbell cyber security cybersecurity iot internet of things infosec
Swatters used Ring cams to stream victims and taunt police
Ryan is a senior editor at TechForge Media with over a decade of experience covering the latest technology and interviewing leading industry figures. He can often be sighted at tech conferences with a strong coffee in one hand and a laptop in the other. If it's geeky, he’s probably into it. Find him on Twitter (@Gadget_Ry) or Mastodon (@gadgetry@techhub.social)

Prosecutors have charged two men with conducting “swatting” attacks that used Ring cameras to livestream the response and taunt police.

Swatters make a false report to law enforcement that prompts an armed response to an address. While often intended to be a sick form of entertainment, they pull resources from where they could actually be needed and — in several cases — have proven to be fatal.

Kya Christian Nelson and James Thomas Andrew McCarty compromised 12 Ring cameras after gaining access to the Yahoo Mail accounts of their owners.

Prosecutors say Nelson and McCarty called in false reports to local law enforcement of the Ring owners to draw an armed response. The calls were placed in a single week starting on 7 November 2020 and the responses streamed online.

“Defendants Nelson and McCarty would access without authorization the victims’ Ring devices and thereafter transmit the audio and video from those devices on social media during the police response,” the prosecutors wrote.

On 8 November, a false report was placed to police in West Covina, California from a purported minor that claimed their parents had been drinking and shooting guns inside the home. When officers arrived, Nelson accessed the Ring to verbally threaten and taunt the police.

“Defendants Nelson and McCarty would verbally taunt responding police officers and victims through the Ring devices during the police response,” added the prosecutors.

The other 11 swatting attacks took place in Flat Rock, Michigan; Redding, California; Billings, Montana; Decatur, Georgia; Chesapeake, Virginia; Rosenberg, Texas; Oxnard, California; Darien, Illinois; Huntsville, Alabama; North Port, Florida; and Katy, Texas.

In 2020, Ring implemented mandatory two-factor authorisation (2FA) to make it more difficult for its popular devices to be compromised. 

If email was used for 2FA then it wouldn’t have helped in this scenario since the victims’ email accounts were compromised. A hardware key or authenticator app is recommended for 2FA over email or SMS.

Want to learn about the IoT from industry leaders? Check out IoT Tech Expo taking place in Amsterdam, California, and London. The event is co-located with Cyber Security & Cloud Expo.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: , , , , , ,

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *