In April 2020, Mark Herring's heart stopped beating when armed police surrounded his house, responding to a bogus call of an alleged murder. The swatting incident—where people call in fake threats to the police so officers respond to someone's address, potentially harming them—was all for the purpose of a scammer trying to gain control of Herring's Twitter account, @Tennessee, local outlet WKRN reported earlier this month.
Wednesday, a judge sentenced 18-year-old Shane Sonderman to five years in prison in connection with Herring's death. Soderman pleaded guilty to harassing and threatening Herring and others over the course of five months from December 2019 through April 2020 while trying to steal social media handles.
During that time, Sonderman repeatedly called several victims, sent repeated messages to them from various phone numbers, ordered food to his house, and swatted their houses. In April, Sondermann swatted a person in Ohio by calling in a false house fire, according to a federal indictment, then sent the victim a message that said “gonna need the instagram account …or i will continue to swat and harass you and your family.” Sonderman and “did you’re parent’s (sic) enjoy the firetrucks?” and “i plan on killing your parents next if you do not hand the username on instagram (sic) over to me.”
Later that month, Sonderman’s harassment turned deadly. The night Herring died, Sonderman posted the names and addresses of Herring and his family members on Discord, then he “or a coconspirator placed a call to Sumner County, Tennessee, emergency services, claiming that there had been a shooting at [Herring's] residence when there had been no shooting.” Sonderman pleaded guilty to all charges.
“I understand that the United States [is] taking the position that a death resulted or was a foreseeable consequence of the event to which I am pleading guilty,” he said in the plea statement.
Reporter Brian Krebs first reported Sonderman’s sentencing.
Swatting itself isn't new, but using the technique specifically to convince someone to hand over their social media account is more novel. And the tactic extends beyond just Herring's case, a hacker in the same sort of communities that take over high value handles told Motherboard.
"Happens a lot," the hacker told Motherboard. Motherboard granted them anonymity to speak more candidly about criminal acts; the person has previously been charged for their own alleged crimes of breaking into certain social media accounts.
One particular, nebulous community is one that circulates around the popular forum OG Users. Here, users sell social media accounts for thousands of dollars or more. Typically handles that are single words or very short are sold for more money. Hackers can obtain these accounts by performing SIM swaps, where the hacker gains control of a target's phone number, sometimes by social engineering a teleco or by bribing a teleco employee, and then redirecting login tokens to themselves.
But SIM swapping has gotten somewhat harder recently, with some telecos putting more protections in place to mitigate such attacks. Those breaking into accounts have other methods: extortion.
The scammers resort to these escalated tactics like swatting when targets "refuse to give the handles," the hacker added. "People in this community do crazy shit like even going to the person's house and bricking their windows, etc," and pay people near the victim's address a fee in bitcoin to bully the target, they said.
Apparently, the approach can be effective.
"It makes people fold and actually give their usernames," the hacker said.