Two men have been charged with hacking Amazon Ring cameras and using the devices to livestream “swatting attacks” in a nationwide spree.
Kya Christian Nelson, from Racine, Wisconsin, and James Thomas Andrew McCarty from Charlotte, North Carolina, were charged with conspiracy to access computers without authorization on Monday.
According to the U.S. Justice Department, Nelson and McCarty hacked Yahoo email accounts to gain access to more than a dozen Ring home security cameras and used that access to livestream the police response on social media.
Prosecutors allege that in a single week starting on November 7, 2020, the men placed hoax emergency calls to the local police departments of each Ring camera owner that were intended to draw an armed response, a crime known as swatting.
Swatting is an action of making hoax phone calls to report serious crimes to emergency services, which results in SWAT teams responding to an address.
The U.S. Justice Department says that Nelson and McCarty would use details from their victims’ Yahoo mail accounts to “gather information” about them before calling the police on them.
The pair would then allegedly tell dispatchers that someone was being held hostage or there was a bomb threat and then livestream the police response on social media through the homeowner’s Ring camera.
The purported victims lived all over the U.S., in Michigan, California, Montana, Georgia, Texas, Illinois, Alabama, and Florida.
For example, in one incident on November 8, 2020, prosecutors allege that Nelson and another unnamed accomplice were able to gain access to a Ring surveillance camera in West Covina, California.
Local police received an emergency call to come from a child reporting that her parents had been drinking and shooting guns inside the minor’s home.
When police arrived at the residence, Nelson purportedly accessed the residence’s Ring doorbell and used it to verbally threaten and taunt the responding officers.
The FBI issued a public service announcement warning surveillance camera users to ensure their devices were protected with complex passwords along with two-factor authentication to prevent hackers from gaining access.
“Because offenders are using stolen email passwords to access smart devices, users should practice good cyber hygiene by ensuring they have strong, complex passwords or passphrases for their online accounts, and should not duplicate the use of passwords between different online accounts,” the FBI says.
“Users should enable two-factor authentication for their online accounts and on all devices accessible through an internet connection in order to reduce the chance a criminal could access their devices.”
Image credits: Header photo licensed via Depositphotos.