A 16-year-old male from Ottawa, Canada has been arrested for allegedly making at least 30 fraudulent calls to emergency services across North America over the past few months. The false alarms — two of which targeted this reporter — involved calling in phony bomb threats and multiple attempts at “swatting” — a hoax in which the perpetrator spoofs a call about a hostage situation or other violent crime in progress in the hopes of tricking police into responding at a particular address with deadly force.
On March 9, a user on Twitter named @ProbablyOnion (possibly NSFW) started sending me rude and annoying messages. A month later (and several weeks after blocking him on Twitter), I received a phone call from the local police department. It was early in the morning on Apr. 10, and the cops wanted to know if everything was okay at our address.
Since this was not the first time someone had called in a fake hostage situation at my home, the call I received came from the police department’s non-emergency number, and they were unsurprised when I told them that the Krebs manor and all of its inhabitants were just fine.
Minutes after my local police department received that fake notification, @ProbablyOnion was bragging on Twitter about swatting me, including me on his public messages: “You have 5 hostages? And you will kill 1 hostage every 6 times and the police have 25 minutes to get you $100k in clear plastic.” Another message read: “Good morning! Just dispatched a swat team to your house, they didn’t even call you this time, hahaha.”
I told this user privately that targeting an investigative reporter maybe wasn’t the brightest idea, and that he was likely to wind up in jail soon. But @ProbablyOnion was on a roll: That same day, he hung out his for-hire sign on Twitter, with the following message: “want someone swatted? Tweet me their name, address and I’ll make it happen.”
Several Twitter users apparently took him up on that offer. All told, @ProbablyOnion would claim responsibility for more than two dozen swatting and bomb threat incidents at schools and other public locations across the United States.
On May 7, @ProbablyOnion tried to get the swat team to visit my home again, and once again without success. “How’s your door?” he tweeted. I replied: “Door’s fine, Curtis. But I’m guessing yours won’t be soon. Nice opsec!”
I was referring to a document that had just been leaked on Pastebin, which identified @ProbablyOnion as a 19-year-old Curtis Gervais from Ontario. @ProbablyOnion laughed it off but didn’t deny the accuracy of the information, except to tweet that the document got his age wrong. A day later, @ProbablyOnion would post his final tweet: “Still awaiting for the horsies to bash down my door,” a taunting reference to the Royal Canadian Mounted Police (RCMP).
According to an article in the Ottawa Citizen, the 16-year-old faces 60 charges, including creating fear by making bomb threats. Ottawa police also are investigating whether any alleged hoax calls diverted responders away from real emergencies.
Most of the people involved in swatting and making bomb threats are young males under the age of 18 — the age when kids seem to have little appreciation for or care about the seriousness of their actions. According to the FBI, each swatting incident costs emergency responders approximately $10,000. Each hoax also unnecessarily endangers the lives of the responders and the public.
Take, for example, the kid who swatted my home last year: According to interviews with multiple law enforcement sources familiar with the case, that kid is only 17 now, and was barely 16 at the time of the incident in March 2013. Identified in several Wired articles as “Cosmo the God,” Long Beach, Calif. resident Eric Taylor violated the terms of his 2011 parole, which forbade him from using the Internet until his 21st birthday. Taylor pleaded guilty in 2011 to multiple felonies, including credit card fraud, identity theft, bomb threats and online impersonation.
In nearly every case I’m aware of, these kids who think swatting is fun have serious problems at home, if indeed they have any meaningful parental oversight in their lives. It’s sad because with a bit of guidance and the right environment, some of these kids probably would make very good security professionals. Heck, Eric Taylor was even publicly thanked by Google for finding and reporting security vulnerabilities in the fourth quarter of 2012 (nevermind that this was technically after his no-computer probation kicked in).
Update, 2:42 p.m. ET: The FBI also has issued a press release about this arrest, although it also does not name the 16 year-old.