Law enforcement raided households and hackers managed to show the action as livestreaming as they showcase their diligence by hacking certain connected devices and by thus challenging the authorities with a phony call. Offenders were able to speak to on-duty officers, as per reports circulated, through hacked kit.
The felony is called “swatting” wherein hackers deceive cops as well as other emergency assistance when they approach target’s (or say victim’s) locations.
The FBI termed such incidences as “deadly” risks.
In somewhat a similar incidence, police received a fake call some 3 years ago that was about some gory hostage situation in Kansas and police shot at an innocent man in error, while in some other such cases light injuries have been suffered too.
Hurled Scorn With A Live Call:
As per FBI, it observes that success to such a “prank” call, can be ascribed to victim’s passwords that fell easy prey to hackers as such passwords might have been used multiple times for other services when they tried to set-up IoT based devices, meant for smart home or smart office.
It is worth noticing that hacked credentials change hands on regular basis in illicit markets. Following this, malefactors use such credentials stolen from one service through others and they get to know about the re-usage of passwords.
No pun intended, but there are scores of technical lapses unearthed in terms of security in a line of products, which also includes chic doorbells and taking advantage of which, hackers are able to lay hands onto the passwords used across networks and thus get easy access to other connected devices, given WiFi remains the same.
The apps and websites that are utilized to set-up products’ functional framework keep users’ name and passwords in their dashboards while opting for services that are typical to locations.
FBI reveals, “The (perpetrators) call emergency services to report a crime.”
“The offender watches the livestream footage and engages with the responding police through the camera and speakers. In some cases, the offender also livestreams the incident on shared online community platforms.”
Although, notice doesn’t indicate to any specific event, but numerous mentions are made in press in recent weeks, regarding this.
In November, a case was brought up where cops received a fake 911 call in Florida where a man had claimed to have killed his wife and was planting explosives then, prompting police to raid the premises on war-footing.
After searching the whole compound, while they were leaving, cops got attracted to a Ring doorbell, which was connected to the internet at that property and someone tried to undermine police-force efficiency through it.
In similar occurrences in November last year, in the US state of Virginia, hacker was desperately calling for help and when police performed their duty by reaching to premises, the hacker appeared boastful of such event and was getting $5 from thrill-seeking online users along the fact that 4 other cameras were corrupted by him.
Local news station WHASII even got the culprit’s words where he appears to show kindness, “After this, we’ll log out, tell him to change his Yahoo password, his ring password and stop using the same passwords for the same (devices).”
Clarification From Ring:
On their part, Ring has refuted all such allegations about the technical shortcoming in its systems, claiming a 2 step verification is must, whereby device owners can only access their accounts from a new computer system, with the condition that code is entered, which is shared via email or text.
Nevertheless, if any of these types of communication is disrupted, users may face trouble.
As a remedial step, both from FBI and me, users of smart devices are urged to opt for complex passcodes and passwords, as distinct as possible, meant for any service availed online.
Going by FBI’s declaration, “users should also update their passwords on a regular basis”, while Cyber Security Centre in UK points out that such a regular updation would again expose user’s accounts to hacking and jacking, as fragile passwords and passcodes may get opted thereby.