Hackers have livestreamed police raids on innocent households after hijacking their victims’ smart home devices and making a hoax call to the authorities, the FBI has warned.
It said offenders had even spoken to responding officers via the hacked kit.
It marks the latest escalation of a crime known as “swatting”, in which offenders fool armed police or other emergency responders to go to a target’s residence.
The FBI said there were “deadly” risks.
A fake call about a hostage situation led to police shooting a man in Kansas three years ago, and there have been non-fatal injuries in other cases.
The FBI said it believed the latest twist on the “prank” was able to be carried out because the victims had reused passwords from other services when setting up their smart devices.
Lists of hacked credentials are frequently bought and sold via illegal markets.
And offenders often run the details stolen from one service through others to find where passwords have been reused.
There have also been reports of security flaws in some products, including smart doorbells, which have allowed hackers to steal network passwords and gain access to other smart devices sharing the same wi-fi.
The apps and websites used to set up such products often store the user’s name and address in their account settings in order to offer location-specific services.
“The [perpetrators] call emergency services to report a crime,” the alert issued by the FBI states.
“The offender watches the livestream footage and engages with the responding police through the camera and speakers. In some cases, the offender also livestreams the incident on shared online community platforms.”
The notice does not refer to any specific incident, but there have been related press reports in recent weeks.
In November, NBC News highlighted a case in which police went to a Florida home after receiving a fake 911 call from a man saying he had killed his wife and was hoarding explosives.
When they left the building after discovering it to be a hoax, officers reported hearing someone insult them via the property’s internet-connected Ring doorbell.
In another incident the same month in Virginia, police reported hearing the hacker shout “help me” after arriving at the home of a person they had told might be about to kill himself.
When they questioned the attacker via the device, he claimed to have compromised four different cameras at the location and to be charging others $5 to watch online.
“After this we’ll log out, tell him to change his Yahoo password, his Ring password, and stop using the same passwords for the same [stuff],” the offender was quoted as saying by local news station WHAS11.
A further event was also reported in Georgia in which the attacker shouted racial abuse at his victims after the police stood down, and claimed to have carried out more than a dozen such hacks that day.
Ring has denied its own systems have been compromised. It uses two-step verification, which means device owners can only access their accounts from a new computer if they enter a code emailed or sent to them via text message.
However, if either of those forms of communication are also compromised the user remains vulnerable.
As a consequence, the FBI has advised smart device owners to ensure they provide a different complex passcode to each online service they use.
“Users should also update their passwords on a regular basis,” it adds – although the UK’s National Cyber Security Centre has suggested this additional step itself poses a risk if it encourages people to opt for weaker codes.
- Korle-Bu doctor poisons colleague’s water with HIV blood
- NSMQ 2021: 3-man Sandema SHTS team without supporters, books place in final U/E qualifiers
- Missing ‘okada’ rider found dead in the bush
- EC must review processes leading to 2020 election results collation – Akoto Ampaw
- Keep an eye on househelps to curb sexual abuse – Victim of child defilement advises parents
- #FixTheCountry: Convenors of protest disappointed in Supreme Court over hearing scheduled for June
- 20 arrested in Atewa forest aren’t national security operatives – Oppong Nkrumah
- Prince Misizulu named next Zulu king amid family feud
- Ghana loses $200m to untapped online forex trading market
- Akufo-Addo has not lived up to expectation – Kofi Bentil
Pastor Allen Caiquo releases ‘Finally’ ahead of ‘Priest & King’ EP
#FixTheCountry organisers exhibited ‘bad faith’ during National Security meeting – Godfred Dame
Blaq Jerzee recruits Marioo, Eddy Kenzo on ’Sokoma’ track
13 types of guys who stay single and don’t ever find lasting love
Blunt and Blay: Real reason why the Church won’t allow a Muslim student to fast in a ‘Mission School’
I have no regrets participating in ‘OccupyFlagstaffHouse’ protest – Kofi Bentil
Neymar signs new Paris St-Germain contract
National security cloned #FixTheCountry protester’s mobile phone – Baker-Vormawor alleges
Akufo-Addo has not lived up to expectation – Kofi Bentil
Doubts over venue for Champions League final between Chelsea and Man City as Turkey added to red list
Covid-19: GHS Director of Health Promotion advises against #FixTheCountry demonstration
FanMilk launches NutriDay zinc fortified yoghurt
Software developer volunteers to teach youth programming
Libya: Gunmen storm hotel used as Presidential Council HQ
Covid-19: Roll-out for second doses to begin May 19