How do streamers get swatted?

973    Asked by asutos_8102 in Cyber Security , Asked on Mar 17, 2022

Swatting is when a person calls the SWAT team on a victim as a "prank", by falsely reporting some critical incident at the victim's home address. Swatting seems to be an incident that happens quite frequently to streamers in particular (e.g. Twitch.tv). However, in order for swatting to work, the home address of the victim must be known. While I accept that some people may inadvertently give out their home address on stream, with the number of cases that have occurred, I am wondering if perhaps the act of streaming somehow makes it easier to acquire a person's home address?


A few people have pointed out that you can trace the IP address of a streamer, and then do some additional research to find out a person's home. However, that seems unbelievable to me. For one, how does streaming leak a person's IP address? I thought that a streamer would upload their content to the streaming service (e.g. Twitch.tv) directly. Therefore unlike a P2P service such as Skype, the viewers do not need the IP Address of the streamer to watch the stream. Is that not true? Secondly, even if the IP Address is known, I still fail to see how one can determine the exact home address from that, since the IP address only gives a very rough approximation. Sure, some streamers give out their real name, and you can get an estimate of their gender/age/ethnicity based on their webcam footage, but is that really that much information?


Could someone expla in this to me? Is it true that streaming exposes your IP address? How can one determine someone's home address from this information? Finally, what can a streamer do to prevent their home address from being leaked out?

Answered by Andrew Jenkins

This probably has nothing to do with the IP address used for streaming.


The answer to - how do streamers get swatted is that many swatting events are based off of caller-ID spoofed Voice over IP calls using the home phone number of the victim and directed to the local 911 service or its equivalent near where the victim lives. When these calls reach the local 911 dispatchers a database correlating the physical address to the number making the call appears on the screen for the dispatchers to use. So if anything it's probably more likely that people are simply looking for published phone numbers and spoofing the 911 calls from there.

Note: There are MANY ways to do this, they could also do this from any stolen cell phone and simply make up a story about where they are located. Due to the increase in swatting events many law enforcement agencies are getting better at tracking the people calling these in and are now prosecuting them. https://en.wikipedia.org/wiki/Swatting Keep in mind that people have died from swatting and that this is a very dangerous and illegal act. http://bearingarms.com/ex-marine-swatted-black-shopper-death-walmart-changes-story/ Ultimately there are many sources where the person doing the swatting could get the information about the victims they are swatting and for someone who knows how to do this it's relatively trivial to do. In time as law enforcement gets better at quickly identifying the people who do this one would hope the rate at which this happens would go down drastically. To answer your secondary question about hiding the streaming IP address take a look at Tor or potentially any number of VPN services. http://tor.eff.org

  • In regards to the streaming component, it appears that Twitch.tv requires video to be sent in the H.264 codec.
  • http://help.twitch.tv/customer/en/portal/articles/1253460-broadcast-requirements
  • https://en.wikipedia.org/wiki/H.264/MPEG-4_AVC#Controversies
  • The H.264 codec itself doesn't contain any geolocation features like the EXIF typically data stored in photos.
  • https://en.wikipedia.org/wiki/Exchangeable_image_file_format#Geolocation

That said it does appear that several camera vendors are adding geolocation data into their videos and per the twitch.tv website they clearly state "Twitch does not re-encode your video after receiving it; whatever is sent to our servers is sent right back out to your viewers."

http://help.twitch.tv/customer/en/portal/articles/1253460-broadcast-requirements This would imply that if some video camera/mobile device manufacturers were to encode geolocation data into these video streams, or the accompanying audio streams, then yes this information could easily be extracted to provide a physical location directly from the stream.

I will point out that other large image services have explicitly chosen to remove EXIF and geolocation data from photos and videos to protect the privacy of their users. Twitch.tv is not required to do this but it may be something wise for them to start doing to protect their users in the future, especially if it turns out this is the source of the swatting target selection process.

Another issue that may also come up, albeit less likely, is that geolocation data collected via HTML5 browser clients could potentially also be accessible to others using the website. This may not apply to twitch.tv but may be an issue for other websites. My point in mentioning this is simply that geolocation occurs at several levels (IP/Content/Metadata/encodings/out-of-band-data/browser leakage etc.)and it could potentially be extracted from a number of parts of the communications even if the streaming source IP is not the problem. It may be worth spending time to see if you can search for the swatting victims phone numbers based on things you see and hear in their videos to determine if it seems like that's how it's happening. Sometimes these things are easier to find than one would initially think.



Your Answer

Interviews

Parent Categories