Between Christmas Eve and New Year’s, a wave of swatting incidents targeted nearly a hundred politicians and law enforcement officials in a coordinated operation. High-profile victims included U.S. Homeland Security Secretary Alejandro Mayorkas, Cybersecurity and Infrastructure Security Agency Director Jen Easterly, Republican Representative Marjorie Taylor Greene of Georgia, and Republican Senator Rick Scott of Florida. One of the hoax calls reportedly led to a serious car accident, highlighting the dangerous repercussions of such malicious activities.
This particular campaign was allegedly orchestrated by an individual known as Torswats, who provided the names, addresses, and phone numbers of the targets to accomplices in Serbia and Romania. These individuals executed the swatting scheme, employing scripted threats crafted by Torswats himself. One chilling call involved a man, identifying himself as “James,” claiming he had shot his wife and taken another man hostage, demanding $10,000 in cash and threatening to deploy explosives.
In collaboration with the FBI, a local informant named Dennis was enlisted in a plan to apprehend Torswats. The strategy involved luring Torswats into a conversation about swatting his ex-wife while keeping him occupied online, allowing law enforcement to make an arrest. Unexpectedly, Torswats arrived at a police station with his father to retrieve seized equipment, leading to his immediate arrest.
Despite the successful capture, questions arose about the lengthy investigation process, as the FBI and the Justice Department declined to comment on why it took months to apprehend Torswats after identifying him. The investigation ultimately unveiled the suspect’s identity—Alan Filion, a 17-year-old with a significant online presence. Prior to his arrest, Filion was linked to various online communities, seeming to navigate the digital environment more than the physical world.
Investigations into Filion’s background revealed concerning connections. An anonymous tip suggested he was involved in a neo-Nazi cult and had intentions of inciting racial violence, including plans to fund weapons for a mass shooting. This raises potential implications regarding the motivations behind his actions and the broader context of online radicalization.
The cybercrime tactics observed in this case resonate with several MITRE ATT&CK tactics. Initial access could have been achieved through social engineering or technical exploits, while persistence might have involved maintaining communication channels with collaborators. Privilege escalation may be considered if Filion gained unauthorized access to sensitive information of the targets. The use of such tactics illustrates how adversaries exploit online anonymity and interpersonal manipulation to wreak havoc on unsuspecting victims.
As the digital landscape continues to evolve, incidents like these reflect the persistent risks faced by individuals in both public and private sectors. Business owners must remain vigilant against the potential for swatting and other forms of cyber harassment, understanding that the consequences can extend far beyond the digital realm. The case of Alan Filion serves as a stark reminder of the dangers posed by online perpetrators and the far-reaching implications of their actions.
