LOS ANGELES
Two men – one from Wisconsin, the other from North Carolina – have been charged with participating in a “swatting” spree, the Justice Department announced Monday
Over one week, gained access to a dozen Ring home security door cameras nationwide, placed bogus emergency phone calls designed to elicit an armed police response, then live streamed the events on social media, sometimes while taunting responding police officers, officials announced Monday.
Kya Christian Nelson, a.k.a. “ChumLul,” 21, of Racine, Wisconsin, is currently incarcerated in Kentucky in an unrelated case.
James Thomas Andrew McCarty, a.k.a. “Aspertaine,” 20, of Charlotte, North Carolina (who,X at the time of the alleged criminal conduct, lived in Kayenta, Arizona), was arrested last week on federal charges filed in Arizona.
The defendants are charged with one count of conspiracy to intentionally access computers without authorization. Nelson also was charged with two counts of intentionally accessing a computer without authorization and two counts of aggravated identity theft.
According to the indictment returned Friday afternoon by a federal grand jury in Los Angeles, from November 7, 2020, to November 13, 2020, Nelson and McCarty gained access to home security door cameras sold by Ring LLC, a home security technology company.
Nelson and McCarty allegedly acquired the username and password information for Yahoo email accounts belonging to victims throughout the United States.
Then, they allegedly determined whether the owner of each compromised Yahoo account also had a Ring account using the same email address and password that could control associated internet-connected Ring doorbell camera devices.
Using that information, they identified and gathered additional information about their victims, according to the indictment.
Nelson and McCarty allegedly placed false emergency reports or telephone calls to local law enforcement in the areas where the victims lived. These reports or calls were intended to elicit an emergency police response to the victim’s residence, the indictment alleges.
The defendants then allegedly accessed, without authorization, the victims’ Ring devices and transmitted the audio and video from those devices on social media during the police response.
They also allegedly verbally taunted responding police officers and victims through the Ring devices during several of the incidents.
For example, on November 8, 2020, Nelson and an accomplice accessed Yahoo and Ring accounts belonging to a victim in West Covina without authorization.
A hoax telephone call was placed to the West Covina Police Department, purporting to originate from the victim’s residence and posing as a minor child reporting her parents drinking and shooting guns inside the residence of the victim’s parents.
Nelson allegedly accessed a Ring doorbell camera without authorization, located at the victim’s parents’ residence and linked to the victim’s Ring account, and used it to verbally threaten and taunt West Covina Police officers who responded to the reported incident.
The indictment alleges other similar Ring-related swatting incidents occurred in Flat Rock, Michigan; Redding, California; Billings, Montana; Decatur, Georgia; Chesapeake, Virginia; Rosenberg, Texas; Oxnard, California; Darien, Illinois; Huntsville, Alabama; North Port, Florida; and Katy, Texas.
This series of swatting incidents prompted the FBI in late 2020 to issue a public service announcement urging users of smart home devices with cameras and voice capabilities to use complex, unique passwords and enable two-factor authentication to help protect against swatting attacks.
If they were to be convicted of the conspiracy charge in the indictment, each defendant would face up to five years in federal prison.
The charge of intentionally accessing without authorization a computer carries a sentence of up to five years, and the charge of aggravated identity theft carries a mandatory two-year consecutive sentence.
The FBI is investigating this matter.
Assistant United States Attorney Khaldoun Shobaki of the Cyber and Intellectual Property Crimes Section is prosecuting this case.