Now: Efficiently moderate content and ensure DSA compliance Learn how
Manage and orchestrate the entire Trust & Safety operation in one place - no coding required.
Take fast action on abuse. Our AI models contextually detect 14+ abuse areas - with unparalleled accuracy.
Every user deserves to be protected - and every Trust & Safety team deserves the right tools to handle abuse.
The threat landscape is dynamic. Harness an intelligence-based approach to tackle the evolving risks to users on the web.
Don't wait for users to see abuse. Proactively detect it.
Prevent high-risk actors from striking again.
For a deep understanding of abuse
To catch the risks as they emerge
Disrupt the economy of abuse.
Mimic the bad actors - to stop them.
Online abuse has countless forms. Understand the types of risks Trust & Safety teams must keep users safe from on-platform.
Stop online toxic & malicious activity in real time to keep your video streams and users safe from harm.
The world expects responsible use of AI. Implement adequate safeguards to your foundation model or AI application.
Our out-of-the-box solutions support platform transparency and compliance.
Keep up with T&S laws, from the Online Safety Bill to the Online Safety Act.
Protect your brand integrity before the damage is done.
From privacy risks, to credential theft and malware, the cyber threats to users are
In recent years, the once obscure abuse tactic of swatting has gained popularity. But while the FBI estimates over 1000 attacks each year, little is known about where these attacks originate and what the online ecosystem can teach us about them. ActiveFence research uncovers how swat attacks have become a core abuse tactic for white supremacist groups, and the role of various online platforms in their planning and execution.
Swatting, an act which has already caused the death of innocent people, is concerning many, from law enforcement agencies, to religious institutions, hospitals, journalists, protected minorities, educational institutions, and more.
But in order to assess the risk, it is first important to understand what swatting is. The US Department of Justice defines swatting as “a harassment tactic that involves deceiving emergency dispatchers into believing that a person… [is] in imminent danger… causing dispatchers to send police and emergency services to an unwitting third party’s address.” Targets of swatting attacks generally include schools and universities, journalists, politicians, and minority cultural and religious centers (like Black churches, Islamic centers, and Synagogues).
This phenomenon is not new – it’s been documented as far back as 2008, but it’s on the rise. According to the FBI, between 2011 and 2019, the number of swatting attacks has more than doubled – from 400 to over 1000 annual attacks. That number is only growing, illustrated by the fact that in just one day, on March 28, 2023, over 24 schools in Massachusetts were targets of hoax calls.
While this topic has been thoroughly researched in the past, research has mostly been on the concern of swatting as a new domestic terrorism threat, and less has been written on the online-offline nature of these actions and the role of online threat detection in stopping it. This blog aims to shed some light on that.
While the targets of swatting attacks vary, law enforcement officials believe that many swatting attacks actually originate from a single person or group. This belief is supported by ActiveFence’s own research, which traces much swatting activities to online forums and messaging channels affiliated with white supremacist groups. Additionally, while swatting attacks have traditionally been conducted by lone individuals, our research is pointing to the increased involvement of ‘groups’ rather than ‘individuals’ as a new phenomenon.
The below case study highlights some of the tactics of a swatting group:
In late July 2023, a group called the “European Culture and Heritage Protection Group” (ECHPG) launched a new X (then Twitter) account. The group used the account to share a PDF document in which they describe themselves as a “bunch of dudes tired of k*kes f***ing up their countries and culture which is why we have decided to band together and swat Jewish institutions, synagogues, black churches, Lutheran churches and public buildings.” The group made two specific demands: that the Anti-Defamation League (ADL) delete its Twitter and YouTube accounts, and that the Ohr Ha’Torah Synagogue in Los Angeles close as well.
ActiveFence’s research has identified at least one person who appears to be involved in this group. “Buck Breaming2000” (@Braol2233 on Telegram) has claimed to be French in several instances and Brazilian in others, is a member of several neo-Nazi chat groups. This individual shares photos of identical objects and pets featured in many of the ECHPG posts – establishing their connection to the ECHPG. Three days after the launch of ECHPG’s X account, @Braol2233 posted about Jewish religious institutions streaming their “satanist sermons,” stating that he would “…swat them all. The jews will face my wrath. The adl will also face my wrath. Bc they ignored my demands,” while referencing the ECHPGs tweet.
On that same day, Congregation Bnai Israel in Millburn, New Jersey, was swatted and consequently evacuated. The ECHPG claimed responsibility for this and another attempted attack on a synagogue, promising that “synagogues will continue to be swatted until the demands in the pdf posted are met.”
According to The New York Post, 26 synagogues and two ADL offices were targeted by this group. This is again supported in @Braol2233’s tweets, claiming he had “swatted over 20 synagogues, black churches, news offices and attempted swatting the holohoax museum” over the last two weeks, while sharing videos of his calls to police and livestreamed evacuations on Telegram.
Since these attacks have taken place, the associated X account[s] have been suspended, and a Telegram channel by the same handle was created. While the channel is currently quiet, a few messages have been posted, one containing an operational security (OPSEC) guide authored by a neo-Nazi group, and another suggesting that the next wave of attacks will target museums: “After the incredibly successful attack in Atlanta. I think museums are definitely the way to go. it might take 1-2 trys to get a successful swat. but shit when it works it f*cking works.” This message references a recent attack on the Atlanta’s Breman museum. Another message provided more details on the swatting process and necessary tools, claiming all that is needed are “a vpn, bluestacks and textme.”
A core component of this dangerous online-to-offline abuse is the importance of multiple platforms in executing a successful attack. The cross-platform nature of these attacks often means that without access to multiple sources of information, it is hard for trust & safety teams to uncover the activities taking place using their platforms, especially in cases where swatters try to hide their involvement:
While ActiveFence’s intelligence-fueled process of identifying swatters and other harmful content online relies on deep threat intelligence and subject-matter expertise, it is possible for platforms to identify swatting using more traditional methods and indicators:
ActiveFence researchers use deep threat intelligence and research to identify novel online and offline abuses. By monitoring threat actor chatter, we can alert our customers of novel abuses taking place on their platform, and assist them as they work to keep users safe – both online and off.
Take a look at our deep threat intelligence resources to learn more about how ActiveFence research supports a safer online world.