Reflections on a Swatting: Inside One Bitcoin Engineer's Security Battle

"The police stopped me as I was leaving and asked me if I was OK. Apparently they were called to our house! They want you to come speak with them at the mobile command unit around the corner."

The news stations managed to get a copy of the phone call that was made by the attacker; you can listen to it here.

Note a common theme between the 911 call and the voicemail - both times he demands $50,000.

Within 48 hours the Durham Police Department told me that they had traced the call to a throwaway server in Texas but hit a dead end and were turning the case over to the FBI. I never heard from the FBI. I lost any confidence in the ability of law enforcement to protect me a long time ago, so this was disappointing but not surprising.

A single anonymous phone call costs only a few dollars to make and yet can consume tens if not hundreds of thousands of dollars in public resources just to determine whether or not a threat is real.

My recommendation to law enforcement agencies: Realize that swatters are almost always going to place a call from outside of their target's locale.

They can't actually call 911 - they have to find a non-emergency number they can call that will escalate them to 911.

Trace the source of the phone call; if it traces back to a completely different state than the caller's claimed location, red flag!

If the source phone number of the caller isn't registered in their name then ask for proof of identification.

If the caller refuses to identify themselves then it's a red flag!