Swatting the Swatters: the management of social media ‘threat’ messages

By Andy Blackwell

As Internet Messaging applications continue to proliferate and the use of social media becomes a way of life for many, it’s hardly surprising that terrorists, other criminals and hoaxers are exploiting some of these technologies as a tool to communicate threats.

Many well-known terrorist groups have an internet presence, which is usually focused on propaganda and recruitment. The Yemen-based Islamist group, al-Qaeda in the Arabian Peninsula (AQAP), regularly produces its online ‘Inspire’ magazine, which as the name suggests, is aimed at inspiring individuals to engage in jihad. The group has been linked to a number of terrorist plots targeting civil aviation, including the underwear bomb plot, where a Nigerian man tried to bomb a US-bound flight on Christmas Day 2009 with an IED sewn into his underwear; the cargo planes bomb plot in 2010, which involved sophisticated IEDs being concealed in printer cartridges introduced into the cargo system; and a further foiled plot in 2012 to attack a US-bound plane using an updated ‘underwear bomb’ which was fortunately foiled by an insider who had infiltrated the group.

According to open sources, the online edition of Inspire released by AQAP on Christmas Eve 2014, to coincide with the anniversary of the first underpants bomb plot, was almost entirely devoted to civil aviation. Details of its so-called ‘hidden bomb’, explosive recipes and their views on how to evade security systems were all noted.

In addition to their internet presence, a number of groups make use of social networking sites, such as Twitter and Facebook, as propaganda tools. They highlight their activities and make statements about future strategies, with the spread of such information being a cause for concern. In the UK for example, the downloading and possession of information of a kind likely to be useful to a person committing or preparing an act of terrorism is a criminal offence according to Section 58 of the Terrorism Act 2000, and a number of individuals have been successfully prosecuted for being in possession of AQAP’s Inspire magazine.

Recently, hoaxers have been exploiting the Internet and social media as effective tools to create disruption to civil aviation. One practice, which originated in the United States, is referred to as ‘Swatting’, the act of tricking an emergency service (via such means as hoaxing a 911/999 dispatcher) into dispatching an emergency response based on the false reports of a critical incident. The term that has been used by the FBI as far back as 2008, derives from SWAT (Special Weapons and Tactics), a highly specialised type of police unit.

The practice of making hoax calls is not new, but the method of delivery has certainly evolved. The term ’10p terrorism’ was widely used during the Northern Ireland ‘troubles’ to describe one of the Provisional IRA’s most cost-effective forms of disruption. For the cost of a telephone call, their hoax bomb threats regularly caused widespread interference to transport networks, public places and sporting events. Assessment processes were then introduced and continue to remain highly effective in terms of safely determining the credibility of threat messages and our responses to them.

Whilst conventional hoax telephone calls are still being received by the industry, advances in messaging technology has changed the modus operandi of hoaxers. One example of this is the use of Twitter to disseminate hoax threat messages. Media reports in August 2014 highlighted what appeared to be an escalation of tactics by a gaming hacker group, believed responsible for Distributed Denial of Service (DDOS) attacks on a number of gaming servers. A bomb threat was tweeted which resulted in a commercial aircraft carrying the CEO of a major online entertainment company being diverted, to enable additional security checks to be conducted on the aircraft. The CEO is reported to have tweeted details of his flight plan earlier that day, which may have prompted the hoaxers to target the flight in question. This incident highlights a number of issues, including the personal security awareness of staff, particularly in terms of what they ‘publish’ online about their travel movements. It also underlines the need for a greater understanding that the World Wide Web is a valuable resource for those with sinister intent, who may wish to gather information to authenticate hoaxes and other malicious messages.

In January 2015, media reports suggested that in excess of fifty ‘threat’ messages had been sent to airlines globally, along with at least one airport, all falsely reporting that bombs had been placed. A number of the incidents resulted in fighter aircraft being launched to escort the commercial aircraft into diversion airports where police conducted detailed searches and interviewed passengers on board. All of the swatting threats made against aviation entities were found to be hoaxes and attracted significant publicity. There is little doubt that the level of media reporting subsequently resulted in copycat activities occurring.

Whilst it could be argued that advances in web-based messaging systems make it easier to anonymously deliver hoax messages, such systems do create electronic audit trails, therefore, can provide investigators with useful information to support law enforcement investigations.