May 3, 2023, saw a rash of hoax calls claiming to report active shooters in schools across Tennessee. While the calls initially affected the Middle Tennessee area, the issue quickly moved to additional areas within the state, affecting at least 16 schools on the same day. Local, state, and federal employees, including the Tennessee Bureau of Investigation, continue to work together to locate the source of the coordinated attacks. The impacted Tennessee cities and schools included:
- Knoxville: Central High School
- Dandridge: Jefferson County High School
- Morristown: West High School
- Kingsport: Dobyns-Bennett High School
- Bristol: Tennessee High School
- Johnson City: Science Hill High School
- Clarksville: Rossview Elementary
- Chattanooga: Brainerd High School
- Greeneville: Greeneville High School
- Greeneville: Greeneville Middle School
- Jonesborough: Sulphur Springs Elementary School
- Dyersburg: Dyersburg High School
- Martin: Martin Middle School
- Savannah: Hardin County High School
- Columbia: Columbia Central High School
- Nashville: Martin Luther King, Jr. Magnet School
These calls followed on the heels of the recent Covenant school shooting, which took place in Nashville on March 27, 2023, and made national headlines for the immediate actions of the police response teams. These targeted calls, called swatting, are part of a larger trend occurring across the U.S., with reports identifying swatting incidents in K-12 school districts in Washington, California, and Vermont (among others) to higher education campuses across the country. According to the Federal Bureau of Investigation (FBI), these types of calls increase after school shootings. In October 2022, National Public Radio published an article stating that their research uncovered 182 schools in 28 separate states had received swatting calls about active shooters between September 13 and October 21, 2022.
History and Techniques of Swatting
Swatting is making prank calls to bring law enforcement to a specific location, usually a SWAT team. This behavior is an evolution of phone phreakers, individuals who hack into the phone system to make free long-distance calls and gather information. Calls then escalated from more generic bomb threats against schools in the 1990s (the closest analog to the current issue, but far from a perfect comparison) to the present day, where swatting schemes can be sophisticated. These calls can come through various locations and do not always specifically target emergency lines, such as 911. For example, several of the swatting calls in Tennessee went directly to the schools, prompting them to contact 911 for assistance. Additionally, there are several ways that swatting calls are made, all with the effort of masking the actual caller’s location and identity. Examples of these techniques include:
- Social engineering or doxing,
- Caller ID spoofing,
- Voice over IP (VOIP), and
- Teletypewriters (TTY) and other text telephone devices.
In 2022, two individuals (from Wisconsin and North Carolina) were charged with a dozen swatting incidents in 2020 that also incorporated accessing Ring devices at the targeted homes. The individuals illegally accessed the Ring devices and then placed false emergency calls to the houses. They then live-streamed the law enforcement responses to the calls and used the devices to taunt the responding officers. These incidents occurred across the country and prompted the FBI to issue a public service announcement reminding citizens to use complex passwords and two-factor authentication to help prevent these types of incidents.
Swatting should not be confused with prank calls, as the primary intent behind these actions is to hurt or harass individuals or overtask the emergency response system. There have been several instances over the last decade where swatting has led to injury or death:
- In 2015, a police chief was shot while responding to a hoax bomb threat being planted at a daycare. The caller confessed that he called in the threat and pretended to be the accused because he was angry at him.
- In 2017, a swatting call resulted in the death of the intended target because the caller was arguing with him during a Call of Duty game online.
- In 2020, a senior citizen died of a heart attack when police responded to his home after a swatting call suggesting that he was killing someone in his home. This hoax occurred because someone simply wanted the deceased’s Twitter handle.
- In 2022, a police officer crashed into a civilian vehicle while speeding to the scene of a swatting hoax – both parties were transported to the hospital for treatment.
Historically, swatting was used to target specific individuals, such as politicians, social media influencers, gamers, or individuals that have upset another person. However, recent swatting data suggests that the practice is expanding and can have concerning outcomes. Additionally, FBI communication says there is reason to believe that many active school shooting swattings are coming from overseas.
During the recent round of swatting calls about schools in Iowa, authorities identified some issues with the calls early in the process. First, all the calls appeared to have the same or similar voice and syntax, and the caller mispronounced words, at least from the local perspective. The caller also called the non-emergency line, a potential red flag for an active shooter situation. The caller also provided vague responses to specific questions or could not provide accurate information on the location or operations at the school in question. Dispatchers, in this instance, were able to prepare for the possible calls and delve deeper into the caller’s story as warnings went out early about the hoax calls and characteristics.
Adding to the complexity of attribution and addressing the issue are reports that some swatting calls in the recent surge were computer generated. Like many other cybercrime offerings, swatting is believed to now be offered as a service (i.e., criminal activities are paid for by one individual and carried out by a criminal or group specializing in the activity). One such service, Torswats, is based on Telegram and utilizes artificial intelligence calls and responses in close to real-time. This service has been tied to dozens of swatting calls across the United States, but the exact number is difficult to ascertain.
The true scope of swatting is difficult to understand as there is no specific charge or report for these incidents. They may fall between a false police report and a terror threat and be reported differently depending on the jurisdiction. These calls also have very real costs associated in addition to the potential impacts previously discussed. The significant response generated by these calls pulls resources (police, fire, EMS, and dispatch) that are needed in other locations, impacting response and service throughout the targeted areas.
The FBI notes that each of these calls can cost thousands of dollars for law enforcement. This same figure was also provided by head of Austin’s SWAT teams, noting it costs upwards of $1,000 per hour each time a SWAT team is deployed there. This can be compared with reports from Arizona and California that place the cost per swatting call at over $10,000 for the taxpayers for the overall response. Those costs also do not take into consideration the physical and emotional toll on not only the students or other individuals targeted by the call but on the responders and dispatchers as well.
Dispatch Intake and Emergency Response
Educating emergency dispatchers and responders on calls that can potentially be swatting hoaxes is an important step but should never replace normal emergency response to a call. Emergency dispatchers should not be put in the position to determine whether a call is real.
The National Emergency Number Association identified some challenges and guidance regarding potential swatting calls. First and foremost, all calls should be processed and forwarded according to standard operating procedures, as it is difficult, if not impossible, to differentiate hoaxes from real calls in the moment. The call taker should document all available details about the caller and ask specific, targeted questions. These can be compared for inconsistencies or used to better inform responders on the scene.
Calls may come into the center from two main sources: direct to the communications office from an individual involved in the incident or relayed from a third party. The call taker has more opportunities to identify inconsistencies and develop information when the call is direct. Still, some recent swatting incidents were called into schools, and employees relayed the information to dispatch.
Potential red flags that should be taken under consideration during these events include:
- Receiving only one call for a life-threatening emergency, such as an active shooter in a public place. These events normally create a large influx of calls to 911.
- Receiving what appear to be life-threatening calls on non-emergency lines. Callers rarely take time to look up a non-emergency number in these situations.
- Receiving calls where the caller cannot be identified (blocked calls).
- Receiving calls from TTY devices. These devices can be used by out-of-area individuals who could not connect to the correct local 911 center otherwise.
- Receiving Skype calls from the 661 area code (according to PSC.org, swatters frequently use this tactic).
- When arriving on scene, basic details do not match what was communicated to the dispatcher (color of house, color of door, other characteristics of the home or yard).
With the rise of call-spoofing technology, Virtual Private Networks (VPNs), Voice Over Internet Protocol (VOIP) calls, and other tools, the location received with a call is not always accurate. Identifying the true location of a caller can require coordination between local, state, and federal law enforcement along with internet service providers and others if it can even be done.
It is important not to get complacent when plagued with multiple swatting events. Each call should be treated consistently, and the response should be the same every time. During a response, consideration should be made for locations that are not personal residences and watch for suspicious activity because the caller could be standing by to evaluate response procedures.
Legislation and Mitigation Measures
The Anti-Swatting Act of 2019 was created to increase penalties for swatting calls and was rolled out as an amendment to the original Communication Act of 1934. The amendment enhanced penalties for the “transmission of misleading or inaccurate caller identification information with the intent to trigger an emergency response.” The increased penalties include fines and jail time: up to 5 years if no one was injured and up to 20 years if someone has been injured as a result of the swatting call.
In May 2023, the Virginia governor passed legislation to increase penalties for swatting calls. Following their own spate of swatting calls, New York is also considering legislation to make swatting a Class E felony. Similar legislation was signed by the governor of Ohio in January 2023, making swatting a felony in that state. Other states also created legislation to address swatting or increased penalties over the past several years. Additional national legislature appears to be in process after the last attempt, in 2021, stalled after being introduced by Senator Kustoff. The Preserving Safe Communities by Ending Swatting Act of 2021 sought to make swatting a crime nationally.
Previous legislation led to several revenge swatting calls against the politicians involved, including:
- 2013: Congressman Lieu, California State Senate Bill 333;
- 2015: Assemblyman Moriarty, New Jersey Bill A-4375; and
- 2016: Congresswoman Katherine Clark, Interstate Swatting Hoax Act.
There are some options to help manage an individual’s risk of becoming a victim of swatting. Still, it is difficult to eliminate the practice as it preys on law enforcement response to serious incidents and the need to take all calls seriously. Several state and local communities, including Paradise Valley, AZ, and Seattle, WA, are implementing anti-swatting programs and voluntary registries for those at risk of becoming victims.
Education, awareness, and consistency are critical for responding to emergencies. Even when valid, each call has a wide variance between the incoming call and what officers find on the ground. A report of shouting and arguments in a house may be a violent incident or a television playing too loud. Still, officers must respond in a manner that prioritizes the safety of all involved. The recent spike in swatting calls represents a unique challenge for law enforcement in approaching suspected hoaxes and determining the appropriate response level. As noted earlier, when calls came into Iowa, dispatch centers were notified and additional scrutiny went into calls, but they still needed to be addressed and cleared. Legislation or anti-swatting directories may forestall some of the issues, but responders need to be aware of this challenge and develop policies and procedures locally to address these calls.
Daniel Scherr holds a Ph.D. in Public Policy Administration with a terrorism, mediation, and peace focus. He is an assistant professor in Criminal Justice at the University of Tennessee Southern and program coordinator for the Cybersecurity Program. In addition, he is a Certified Fraud Examiner and Army veteran with two decades of experience in homeland security and operation.
Tanya M. Scherr
Tanya Scherr holds a Ph.D. in Public Policy and Administration with a Healthcare and Emergency Preparedness focus. She is an associate professor in Healthcare Administration for the University of Arizona – Global Campus and has over 28 years’ healthcare experience. Along with being a Certified Fraud Examiner since 2011, she is also a former firefighter-EMT, previously licensed in several states, as well as holding national certification. Dr. Scherr has held several executive and board of director positions for community non-profits that focus on women’s equality, domestic violence, and sexual assault.