3 min read

Heads-up teenage hoodlums! Don't SWAT Brian Krebs or else...


September 27, 2017

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Heads-up teenage hoodlums! Don't SWAT Brian Krebs or else...

If you’re going to get your kicks SWATting others, my recommendation is not to target investigative cybercrime blogger Brian Krebs.

SWATting is a particularly unpleasant way of making someone else’s day a misery – from the comfort of your home. All you have to do is spoof a phone call to police claiming that someone has been taken hostage, or that a violent crime is taking place, in your intended victim’s house.

The next thing you know an armed response SWAT (Special Weapons and Tactics) team has been despatched to investigate.

You can imagine just how terrifying it could be to find an armed response team in your front garden, ordering you to lie on the ground whilean overstretched police force investigates if there is any truth behind the hoax call.

Over the years there have been plenty of SWATting attacks launched against video game streamers (I guess the immature perpetrators get a kick out of watching their targets SWATted live on air), but they are not the only victims.

Security blogger Brian Krebs, for instance, appears to have often been in the SWATters sights with online criminals sending armed response teams and even heroin to his home.

The bad news for these criminals is that they have historically had a poor record of covering their tracks, particularly when an internationally-renowned cybercrime investigator has a personal interest in identifying them.

As Krebs describes this week, a 19-year-old Canadian has just been found guilty of making dozens of fraudulent emergency calls across North America in 2013 and 2014 – two of which targeted Krebs.

Ottawa teen Curtis Gervais used the handle “ProbablyOnion” as he offered his SWATting services to all and sundry – seemingly indifferent to the fact he was endangering the lives of emergency responders and members of the public.

“Want someone swatted? Tweet me their name, address and I’ll make it happen.

Taunting Krebs that he had told police that the blogger had taken five hostages and was threatening to kill them unless $100,000 was delivered within 25 minutes… was a clear sign that things had gone much too far.

It certainly had for Krebs’s local police department, which was by now so used to the mild-mannered reporter being targeted that they would simply ring up his home to ask if all was ok, rather than send in a SWAT team.

Using his “ProbablyOnion” alias, Gervais attempted to taunt Krebs – but Krebs had uncovered the SWATting teen’s true identity. The teen was eventually arrested by Ottawa police after the FBI traced his computer’s IP address to his parents home.

As The Ottawa Citizen reports, the teenage prankster has been given a nine month sentence for his cowardly actions – six months of which is to be spent at a youth group home, followed by three months at home under strict restrictions.

Gervais will have to forfeit his PC, and will be barred from accessing Skype and Twitter for an eighteen month probation period.

Some will, no doubt, think that Gervais is lucky to get away with a relatively light sentence, and I’m certainly sympathetic with their viewpoint when I read about the disruption he caused, the fear he induced in others, and the potential danger into which he put innocent members of the public.

Ontario Court Justice Mitch Hoffman explained the sentence by noting that 900 hours of volunteer service Gervais had performed in recent years was being taken into account.

Even so, it seems Gervais still feels he has been hard done by, and his sentence is stayed pending an appeal.




Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.

View all posts

You might also like