Biz & IT —

Security reporter tells Ars about hacked 911 call that sent SWAT team to his house (Updated)

Brian Krebs may be first journalist to suffer vicious hack known as swatting.

Security reporter tells Ars about hacked 911 call that sent SWAT team to his house (Updated)

Update: Krebs has now written about his experience in some detail. The same people responsible for the DDoS attack carried out yesterday on Krebs' site launched a similar attack on Ars Technica this morning.

Original story:

Brian Krebs has always been a trailblazer among security reporters. His exposés completely shut down a California hosting service that coddled spammers and child pornographers and severely disrupted an organized crime syndicate known as Russian Business Network. More recently, his investigative journalism has followed the money to the people who sell malware exploit kits, illicitly procured credit reports, and denial-of-service services in underground forums.

Now, Krebs has achieved a decidedly more grim distinction. On Thursday, he became one of the first journalists to be on the receiving end of a vicious hoax that prompted a raid on his Northern Virginia home by a swarm of heavily armed police officers. The tactic, known as "swatting," has long been a favorite of depraved hackers. They use computers or special phone equipment to make emergency calls that appear to come from their target's phone number. When a 911 operator answers, they report a life-threatening, sometimes horrific crime in progress. Police, often armed with assault rifles, descend on the target's home, sometimes breaking down doors in the mistaken belief that their lives are on the line by gun-toting criminals carrying out home invasion robberies or drugged-out maniacs committing multiple homicides.

It was around 5pm. Krebs, 40, had just finished preparing his home for a small dinner party he had planned for later that evening. While vacuuming his home, his phone rang a few times, but he decided not to answer since he didn't want to get held up. When he finished, he realized there was still some tape at the entrance of his house where Christmas lights had been. He thought it made sense to remove it before his guests arrived.

"As soon as I open the front door, I hear this guy yelling at me, behind a squad car, pointing a pistol at me saying: 'Don't move. Put your hands up,'" Krebs, who is a long-time friend and colleague, told me. "The first thing I said was: 'You've got to be kidding me.'"

In all, there were at least a dozen officers with pistols, shotguns, and assault rifles pointed at him. They had police dogs circling his house and cruisers had sealed off a nearby street. Krebs, who was dressed in just gym shorts and a T-shirt, complied. Wisely.

"Two different guys were barking orders at me," he continued. "I finally said: 'Which way should I go?'" One officer told Krebs to lie on the ground, but before he could comply the other cop ordered Krebs to walk backwards. Eventually, "they put the cuffs on me and took me up the street. I was freezing the whole time."

Krebs said an officer of the department told him that police received a 911 call that appeared to come from Krebs' phone. The caller posed as Krebs and said he was hiding in a closet after Russian thieves had broken into his home and shot his wife. They were now stealing jewelry, the caller reported. Fairfax County Police officials didn't respond to calls seeking comment for this article.

Some bad people don’t like him

As a savvy reporter who has chronicled hacking crimes for more than a decade, Krebs has long been on the receiving end of attacks. His site, KrebsonSecurity, is regularly knocked offline by DDoS attacks—presumably by people who are unhappy that the articles he publishes threaten their illicit livelihoods or tarnish their reputations. Indeed, the most recent attack happened only a few hours before the swarm of officers raided his house.

About six months ago, after receiving a round of new threats, he grew so concerned about the prospect of being swatted that he filed a report with the Fairfax County Police Department.

"The guy didn't even know what swatting was," Krebs said of the officer who came to his home to take the report. "I was kind of surprised."

During Thursday's confrontation, Krebs recalled making the report. But wisely, he largely kept his disbelief and dismay to himself.

"I knew immediately from the minute I saw the policemen behind the car what had happened," he said. "You don't argue with someone who's pointing a gun. You don't argue when the police show up with overwhelming force. You just do what you're told and explain it later."

After about five minutes in custody, Krebs explained that he was the victim of a monstrous crime known as swatting. One of the officers asked if Krebs was the person who had filed a report a few months earlier. When Krebs replied yes, the officers did a quick search of his home. With preparations for a dinner party clearly on display, it quickly became apparent that Krebs' home was not a crime scene and that the call was part of a fiendish plot. An officer told him later that they had tried calling him before he opened his front door but no one had answered the phone.

Krebs's website has received so many attacks over the past few years that he contracts with anti-DDoS provider Prolexic. Earlier in the day, the company sent him an e-mail purporting to come from an FBI agent. It requested that the company stop hosting his site because an article he published on Wednesday about a website selling illicitly obtained credit reports "contains illegal linking and pictures of Ssndob.ru." The letter turned out to be a fake. Later in the day, KrebsonSecurity came under yet another DDoS attack. While the journalist has no hard proof, he said he suspects all three attacks, and the tie to Ssndob.ru, are all connected.

As someone who has covered law enforcement and the dark side of the Internet for years, Krebs has long known the dangers of swatting. But he said the experience gave him a new appreciation for the tremendous risk it poses to both the target and the police officers who become unwitting accomplices in the potentially violent crime.

"There's a tendency for people to think this is a fun game," he explained. "It's a pretty dangerous thing to do. You're putting a lot of people's lives at risk. If somebody kicks in your door, I could imagine situations where people who are armed and in their home fire back at an intruder who claims to be the police. And what a mess that would be."

Krebs believes that one possible reason the scourge of swatting continues to this day is the patchwork of law enforcement agencies that respond to these crimes. Often local police are left to investigate, even when the perpetrators may be half a world away. He wants that to change. "Your local police department, the ones that are responding to these distress calls, they don't have the bandwidth," he said. "This is an area where federal law enforcement needs to be coordinating investigations. I'd like to see some sort of recognition or statement from federal law enforcement that this is something they're actively investigating."

Channel Ars Technica