Swatters used Ring cameras to livestream attacks, taunt police, prosecutors say

December 28, 2022:

Swatters used Ring cameras to livestream attacks, taunt police, prosecutors say

Federal prosecutors have charged two men with allegedly taking part in a spree of swatting attacks against more than a dozen owners of compromised Ring home security cameras and using that access to livestream the police response on social media.

Kya Christian Nelson, 21, of Racine, Wisconsin, and James Thomas Andrew McCarty, 20, of Charlotte, North Carolina, gained access to 12 Ring cameras after compromising the Yahoo Mail accounts of each owner, prosecutors alleged in an indictment filed Friday in the Central District of California. In a single week starting on November 7, 2020, prosecutors said, the men placed hoax emergency calls to the local police departments of each owner that were intended to draw an armed response, a crime known as swatting.

On November 8, for instance, local police in West Covina, California, received an emergency call purporting to come from a minor child reporting that her parents had been drinking and shooting guns inside the minor’s home. When police arrived at the residence, Nelson allegedly accessed the residence’s Ring doorbell and used it to verbally threaten and taunt the responding officers. The indictment alleges the men helped carry out 11 similar swatting incidents during the same week, occurring in Flat Rock, Michigan; Redding, California; Billings, Montana; Decatur, Georgia; Chesapeake, Virginia; Rosenberg, Texas; Oxnard, California; Darien, Illinois; Huntsville, Alabama; North Port, Florida; and Katy, Texas.

Prosecutors alleged that the two men and a third unnamed accomplice would first obtain the login credentials of Yahoo accounts and then determine if each account owner had a Ring account that could control a doorbell camera. The men would then use their access to gather the names and other information of the account holders. The defendants then placed the hoax emergency calls and waited for armed officers to respond.

“Defendants Nelson and McCarty would access without authorization the victims’ Ring devices and thereafter transmit the audio and video from those devices on social media during the police response,” prosecutors wrote. “Defendants Nelson and McCarty would verbally taunt responding police officers and victims through the Ring devices during the police response.”

It’s not clear how the defendants allegedly obtained the Yahoo account credentials.

A separate indictment filed in November in the District of Arizona alleged that McCarty participated in swatting attacks on at least 18 individuals.

Nelson, who used the moniker ChumLul, was already incarcerated in an unrelated case in Kentucky when the indictment was returned. McCarty, whose online handle was Aspertaine and who lived in Kayenta, Arizona, at the time of the alleged offenses, was arrested last week.

Both men are charged with one count of conspiracy to intentionally access computers without authorization. Nelson was also charged with two counts of intentionally accessing without authorization a computer and two counts of aggravated identity theft. If convicted, both men face a maximum penalty of five years in prison. Nelson faces an additional maximum penalty of at least seven years on the remaining charges.

Neither man has entered a plea yet.

The incident underscores the importance of securing email and home security accounts with long, randomly generated unique passwords. Whenever possible, people should use multi-factor authentication as well.

Source link