The CEO of Instagram has been targeted in a ‘swatting’ attack, with the dangerous hoax increasingly being used against tech executives.
A New York Times report details how the practice, which involves calls being made to the police making false claims of violent crimes taking place inside someone’s home with the purpose of armed SWAT teams being sent there, has been used to target some of the biggest tech executives in America.
It also showed how numerous forums are collating the personal information of these executives and listing them as potential targets for swatting.
The report revealed that Instagram CEO and senior Facebook executive Adam Mosseri was the victim of a swatting attack in November last year.
Last November, police in San Francisco and New York responded to phone calls that said there were hostages being held in houses belonging to Mosseri.
The calls appeared to be coming from inside the homes, and armed officers arrived and barricaded the streets.
After several hours, police realised the calls were a hoax and there were no hostages inside the homes.
Swatting originated in online gaming communities and has come to be used more widely. With increasing controversy over apparent censorship on social media and the removal of certain accounts and groups, the practice is now being directed at senior executives at tech companies.
“Like any other type of crime, when the cost is zero and the deterrent is very low, you’ve created a perfect opportunity for people to put time and resources into that crime,” swatting victim and cybersecurity expert Brian Krebs told the New York Times.
Swatting was thrust in the spotlight last year after a 26-year-old Californian man was sentenced to 20 years in jail for placing dozens of fake emergency calls, including one that led to the fatal police shooting of a man in Kansas.
Seattle police chief Carmen Best confirmed that an increasing number of swatting attacks had been directed at tech executives.
“Anyone can be at risk of being swatted, but people who work in tech are at a particular risk,” Best told the New York Times.
“We have to get a foothold on this, before more people get hurt.”
Swatting requires detailed information on the target, including their phone number and home address. The report revealed that several forums have sprung up, both in the public and on the dark web, where users list thousands of people as potential swatting targets, along with their personal information.
These people include high-ranking executives at tech companies and their extended families.
The forums also feature discussions about the cheap technologies required to conduct a swatting attack, including a device that can spoof a phone number and make it appear like it’s coming from inside the victim’s house.
The report said that more than 3,000 people have joined one of these forums just in the last eight months.
Another forum has listed more than 25 Facebook employees as potential swatting targets.
The Seattle police department has attempted to get on the front foot, recently launching a new voluntary registry where people who believe they are at risk of swatting can include their information and that of their family.
If police receive an emergency call apparently from the home of someone on the registry, they will first call the home and see if they can reach someone inside, along with contacting the neighbours, to check whether it is a hoax.
“The registry is a voluntary thing we created, and it is a small but effective step for people who know they are at risk of being targeted,” Best said.
“Swatting is not a new thing. It’s been around for a long time, and it weaponises our 911 system.
“It’s a lot more than a hoax or a prank.”