DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Grand Jury Indicts 2 in ‘Swatting’ Scheme that Took Over Ring Doorbells Across U.S. to Livestream Police Response to Fake Calls

Posted on December 19, 2022 by Dissent

LOS ANGELES – Two men – one from Wisconsin, the other from North Carolina – have been charged with participating in a “swatting” spree that, over a one-week span, gained access to a dozen Ring home security door cameras nationwide, placed bogus emergency phone calls designed to elicit an armed police response, then livestreamed the events on social media, sometimes while taunting responding police officers, the Justice Department announced today.

Kya Christian Nelson, a.k.a. “ChumLul,” 21, of Racine, Wisconsin, who is currently incarcerated in Kentucky in an unrelated case; and James Thomas Andrew McCarty, a.k.a. “Aspertaine,” 20, of Charlotte, North Carolina (who at the time of the alleged criminal conduct lived in Kayenta, Arizona), who was arrested last week on federal charges filed in the District of Arizona, are charged with one count of conspiracy to intentionally access computers without authorization. Nelson also was charged with two counts of intentionally accessing without authorization a computer and two counts of aggravated identity theft.

According to the indictment returned Friday afternoon by a federal grand jury in Los Angeles, from November 7, 2020, to November 13, 2020, Nelson and McCarty gained access to home security door cameras sold by Ring LLC, a home security technology company. Nelson and McCarty allegedly acquired without authorization the username and password information for Yahoo email accounts belonging to victims throughout the United States.

Then, they allegedly determined whether the owner of each compromised Yahoo account also had a Ring account using the same email address and password that could control associated internet-connected Ring doorbell camera devices. Using that information, they identified and gathered additional information about their victims, according to the indictment.

Nelson and McCarty allegedly placed false emergency reports or telephone calls to local law enforcement in the areas where the victims lived. These reports or calls were intended to elicit an emergency police response to the victim’s residence, the indictment alleges.

The defendants then allegedly accessed without authorization the victims’ Ring devices and transmitted the audio and video from those devices on social media during the police response. They also allegedly verbally taunted responding police officers and victims through the Ring devices during several of the incidents.

For example, on November 8, 2020, Nelson and an accomplice accessed without authorization Yahoo and Ring accounts belonging to a victim in West Covina. A hoax telephone call was placed to the West Covina Police Department purporting to originate from the victim’s residence and posing as a minor child reporting her parents drinking and shooting guns inside the residence of the victim’s parents.

Nelson allegedly accessed without authorization a Ring doorbell camera, located at the residence of the victim’s parents and linked to the victim’s Ring account, and used it to verbally threaten and taunt West Covina Police officers who responded to the reported incident.

The indictment alleges other similar Ring-related swatting incidents occurred in Flat Rock, Michigan; Redding, California; Billings, Montana; Decatur, Georgia; Chesapeake, Virginia; Rosenberg, Texas; Oxnard, California; Darien, Illinois; Huntsville, Alabama; North Port, Florida; and Katy, Texas.

This series of swatting incidents prompted the FBI in late 2020 to issue a public service announcement urging users of smart home devices with cameras and voice capabilities to use complex, unique passwords and enable two-factor authentication to help protect against swatting attacks.

An indictment contains allegations that a defendant has committed a crime. Every defendant is presumed innocent until and unless proven guilty beyond a reasonable doubt.

If they were to be convicted of the conspiracy charge in the indictment, each defendant would face a statutory maximum penalty of five years in federal prison. The charge of intentionally accessing without authorization a computer carries a maximum possible sentence of five years, and the charge of aggravated identity theft carries a mandatory two-year consecutive sentence.

The FBI is investigating this matter.

Assistant United States Attorney Khaldoun Shobaki of the Cyber and Intellectual Property Crimes Section is prosecuting this case.

Source: U.S. Attorney’s Office, Central District of California

Category: Uncategorized

Post navigation

← Hacker steals 14 BAYC worth over 852 ETH ($1.07 million)
ECB Fines Spain’s Abanca for Delay in Reporting Cyber Hack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
  • CISA Alert: Updated Guidance on Play Ransomware

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.