Full Report
A Romanian national who led an online swatting ring that targeted more than 75 public officials, multiple journalists, and four religious institutions was sentenced to 4 years in federal prison. [...]
Analysis Summary
# Incident Report: Multi-Year Swatting and Bomb Threat Campaign (Szabo Case)
## Executive Summary
Thomasz Szabo, a Romanian national, founded and led an online community dedicated to "swatting" and making false bomb threats against high-profile U.S. targets. Between late 2020 and early 2024, the group targeted over 75 public officials, journalists, and religious institutions, causing significant operational disruption and endangering lives. The incident concluded with Szabo’s extradition from Romania and a subsequent 4-year federal prison sentence.
## Incident Details
- **Discovery Date:** Late 2020 (Initial reporting began)
- **Incident Date:** December 2020 – January 2024
- **Affected Organization:** U.S. Government (Executive, Legislative, and Judicial branches), various religious institutions, and media outlets.
- **Sector:** Public Sector / Government / Religion / Media
- **Geography:** Romania (Attacker); United States (Victims)
## Timeline of Events
### Initial Access
- **Date/Time:** December 2020
- **Vector:** Exploitation of emergency reporting systems (VoIP/Social Engineering).
- **Details:** Szabo began making false reports to law enforcement, including a threat of a mass shooting at NYC synagogues.
### Progression (Lateral Movement/Escalation)
- **January 2021:** Threatened to detonate explosives at the U.S. Capitol targeting President-elect Joe Biden.
- **2021–2023:** Szabo recruited and led a community of followers, encouraging them to carry out coordinated attacks.
- **December 2023 – January 2024:** A "concentrated spree" occurred where followers targeted 25 members of Congress, cabinet-level officials, and 27 state officials.
### Data Exfiltration/Impact
- **Personal Data:** Acquisition of home addresses and private contact information for high-ranking officials and journalists.
- **Human Impact:** Armed law enforcement dispatched to homes of innocent civilians under false pretenses.
### Detection & Response
- **Detection:** FBI and federal law enforcement tracked the source of the VoIP calls and online aliases.
- **Response:** International law enforcement cooperation led to Szabo's identification in Romania. Radovanovic (Serbian accomplice) was also identified and charged.
## Attack Methodology
- **Initial Access:** Information gathering on targets (Doxing) to obtain physical addresses.
- **Persistence:** Utilization of multiple online aliases (e.g., "Jonah," "Cypher," "War Lord") to maintain community leadership.
- **Defense Evasion:** Use of foreign jurisdictions (Romania/Serbia) and likely VPNs/VoIP spoofing to mask points of origin.
- **Discovery:** Reconnaissance on public officials and religious institutions via public and semi-private databases.
- **Impact:** Denial of Service (DoS) of emergency resources; psychological trauma; physical risk to victims through police intervention.
## Impact Assessment
- **Financial:** Estimated over $500,000 in taxpayer funds wasted in a single 48-hour period by one accomplice.
- **Data Breach:** Compromise of PII (Personally Identifiable Information) regarding residential addresses of federal and state officials.
- **Operational:** Massive drain on law enforcement resources; disruption of Congressional and Executive branch activities.
- **Reputational:** Harassment of journalists and religious institutions intended to silence or intimidate.
## Indicators of Compromise
- **Behavioral Indicators:** Surge in emergency calls reporting "imminent violent threats" (active shooters/bombs) targeting specific high-profile clusters (e.g., multiple members of Congress in 24 hours).
- **Network/VoIP:** Usage of non-traditional telephony services to contact emergency dispatchers.
## Response Actions
- **Containment:** Coordination with international police (Interpol/Romanian authorities) to locate the ringleader.
- **Eradication:** Extradition of Thomasz Szabo to the United States in November 2024.
- **Recovery:** Prosecution and sentencing to 4 years in federal prison plus 3 years of supervised release.
## Lessons Learned
- **Cross-Border Complexity:** Cyber-harassment campaigns originating outside the U.S. require deep diplomatic and legal cooperation for resolution.
- **Resource Drain:** Swatting is not a "prank" but a high-cost attack on public safety infrastructure.
- **Vulnerability of PII:** The ease with which attackers obtained home addresses of high-level officials highlights a significant gap in PII protection for public figures.
## Recommendations
- **Verification Protocols:** Implement advanced caller authentication for emergency services to flag suspicious VoIP/spoofed numbers.
- **Enhanced Privacy:** Strengthen laws and technical controls to scrub the residential addresses of judicial and executive officials from public records.
- **Public-Private Cooperation:** Continued collaboration between the FBI and international tech platforms to identify "Swatting-as-a-Service" communities.