FBI suspects Racine man of hacking Ring doorbells for ‘swatting’

When a Racine man phoned in fake bomb threats and an active shooter at a Kentucky high school last year, he was already on the radar of federal agents in a broader FBI investigation into “swatting” incidents in several states, court records show.According to a federal search warrant filed in the US District Court for the Eastern District of Wisconsin, which was unsealed Wednesday, Kya Nelson had already been involved in swatting incidents in California, Florida and Alabama in the months before the Kentucky case.In the previous cases, FBI Special Agent Jeremy Durk wrote in the warrant hackers illegally took over control of ring doorbell cameras to help carry out the swatting schemes. Swatting is the harassment tactic where a person reports a fake crime with the sole purpose of provoking a SWAT team and other large police response to unsuspecting homes and businesses.According to the warrant, Ring contacted FBI agents in Los Angeles in November 2020 to report several cases of swatting involving unauthorized access to their devices. That same month, in Hunstville, Alabama, a caller falsely reported a shooting at a “neighbor’s” house. A responding officer, the warrant said, heard a man’s voice coming from the ring device at the home. “The man claimed to engage in swatting for entertainment, and that he was part of a group who used leaked account credentials to gain access to doorbells,” Durk wrote. The voice also claimed to have a website where the group streamed live videos of swatting incidents. The doorbell company, Durk said, provided agents with a list of IP addresses the company identified as having been used in the illegal access, along with a spreadsheet of approximate geographical locations for each IP address. He also said Ring identified three user accounts on the instant messaging platform Discord it believed were connected to the swatting incidents.Durk added a Discord employee contacted him directly to share information about accounts tied to the swatting.Agents analyzed the information from Ring and Discord to draw a connection between accounts on the messaging platform to emails, usernames and IP addresses. One IP address, Druk wrote, was used to log into Ring customer accounts and a user on Discord. He said the IP address was assigned to a Charter Communications account at Nelson’s home in Racine.Durk also noted a Twitter account, using the same IP address, responded to a tweet about a Ring swatting incident in North Port Florida, writing, “haha, me and my friends did this.”Twitter records, Durk said, showed the tweet was generated from an account with the same IP address at Nelson’s home. The following month, Durk wrote, records from TextNow indicated a phone number used to carry out a swatting call in West Covina, California and Hunstville was listed for an email address containing a variation of Nelson’s name as well as the IP address associated with Nelson’s Racine home.A search of federal court records do not show any federal criminal charges against Nelson in the swatting cases.Nelson did, however, plead guilty in March 2022 to making the threats against the Kentucky high school. Kentucky Department of Corrections records indicate a judge sentenced Nelson to 12 years in prison. The records show he is eligible for parole in 2024.

When a Racine man phoned in fake bomb threats and an active shooter at a Kentucky high school last year, he was already on the radar of federal agents in a broader FBI investigation into “swatting” incidents in several states, court records show.

According to a federal search warrant filed in the US District Court for the Eastern District of Wisconsin, which was unsealed Wednesday, Kya Nelson had already been involved in swatting incidents in California, Florida and Alabama in the months before the Kentucky case.

In the previous cases, FBI Special Agent Jeremy Durk wrote in the warrant hackers illegally took over control of ring doorbell cameras to help carry out the swatting schemes.

Swatting is the harassment tactic where a person reports a fake crime with the sole purpose of provoking a SWAT team and other large police response to unsuspecting homes and businesses.

According to the warrant, Ring contacted FBI agents in Los Angeles in November 2020 to report several cases of swatting involving unauthorized access to their devices.

That same month, in Hunstville, Alabama, a caller falsely reported a shooting at a “neighbor’s” house. A responding officer, the warrant said, heard a man’s voice coming from the ring device at the home.

“The man claimed to engage in swatting for entertainment, and that he was part of a group who used leaked account credentials to gain access to doorbells,” Durk wrote. The voice also claimed to have a website where the group streamed live videos of swatting incidents.

The doorbell company, Durk said, provided agents with a list of IP addresses the company identified as having been used in the illegal access, along with a spreadsheet of approximate geographical locations for each IP address. He also said Ring identified three user accounts on the instant messaging platform Discord it believed were connected to the swatting incidents.

Durk added a Discord employee contacted him directly to share information about accounts tied to the swatting.

Agents analyzed the information from Ring and Discord to draw a connection between accounts on the messaging platform to emails, usernames and IP addresses.

One IP address, Druk wrote, was used to log into Ring customer accounts and a user on Discord. He said the IP address was assigned to a Charter Communications account at Nelson’s home in Racine.

Durk also noted a Twitter account, using the same IP address, responded to a tweet about a ring swatting incident in North Port Florida, writing, “haha, me and my friends did this.”

Twitter records, Durk said, showed the tweet was generated from an account with the same IP address at Nelson’s home.

The following month, Durk wrote, records from TextNow indicated a phone number used to carry out a swatting call in West Covina, California and Hunstville was listed for an email address containing a variation of Nelson’s name as well as the IP address associated with Nelson’s Racine home.

A search of federal court records did not show any federal criminal charges against Nelson in the swatting cases.

Nelson did, however, plead guilty in March 2022 to making the threats against the Kentucky high school. Kentucky Department of Corrections records indicate a judge sentenced Nelson to 12 years in prison. The records show he is eligible for parole in 2024.

Comments are closed.