Login
Last week, KrebsOnSecurity broke the news that one of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. In today’s Part II, we’ll examine clues about the real-life identity of “Fearlless,” the nickname chosen by the proprietor of the SWAT USA Drops service.
Based in Russia, SWAT USA recruits people in the United States to reship packages containing pricey electronics that are purchased with stolen credit cards. As detailed in this Nov. 2 story, SWAT currently employs more than 1,200 U.S. residents, all of whom will be cut loose without a promised payday at the end of their first month reshipping stolen goods.
The current co-owner of SWAT, a cybercriminal who uses the nickname “Fearlless,” operates primarily on the cybercrime forum Verified. This Russian-language forum has tens of thousands of members, and it has suffered several hacks that exposed more than a decade’s worth of user data and direct messages.
January 2021 posts on Verified show that Fearlless and his partner Universalo purchased the SWAT reshipping business from a Verified member named SWAT, who’d been operating the service for years. SWAT agreed to transfer the business in exchange for 30 percent of the net profit over the ensuing six months.
Cyber intelligence firm Intel 471 says Fearlless first registered on Verified in February 2013. The email address Fearlless used on Verified leads nowhere, but a review of Fearlless’ direct messages on Verified indicates this user originally registered on Verified a year earlier as a reshipping vendor, under the alias “Apathyp.”
There are two clues supporting the conclusion that Apathyp and Fearlless are the same person. First, the Verified administrators warned Apathyp he had violated the forum’s rules barring the use of multiple accounts by the same person, and that Verified’s automated systems had detected that Apathyp and Fearlless were logging in from the same device. Second, in his earliest private messages on Verified, Fearlless told others to contact him on an instant messenger address that Apathyp had claimed as his.
Intel 471 says Apathyp registered on Verified using the email address triploo@mail.ru. A search on that email address at the breach intelligence service Constella Intelligence found that a password commonly associated with it was “niceone.” But the triploo@mail.ru account isn’t connected to much else that’s interesting except a now-deleted account at Vkontakte, the Russian answer to Facebook.
However, in Sept. 2020, Apathyp sent a private message on Verified to the owner of a stolen credit card shop, saying his credentials no longer worked. Apathyp told the proprietor that his chosen password on the service was “12Apathy.”
A search on that password at Constella reveals it was used by just four different email addresses, two of which are particularly interesting: gezze@yandex.ru and gezze@mail.ru. Constella discovered that both of these addresses were previously associated with the same password as triploo@mail.ru — “niceone,” or some variation thereof.
Constella found that years ago gezze@mail.ru was used to create a Vkontakte account under the name Ivan Sherban (former password: “12niceone“) from Magnitogorsk, an industrial city in the southern region of Russia. That same email address is now tied to a Vkontakte account for an Ivan Sherban who lists his home as Saint Petersburg, Russia. Sherban’s profile photo shows a heavily tattooed, muscular and recently married individual with his beautiful new bride getting ready to drive off in a convertible sports car.
A pivotal clue for validating the research into Apathyp/Fearlless came from the identity intelligence firm myNetWatchman, which found that gezze@mail.ru at one time used the passwords “геззи1991” (gezze1991) and “gezze18081991.”
Care to place a wager on when Vkontakte says is Mr. Sherban’s birthday? Ten points if you answered August 18 (18081991).
Mr. Sherban did not respond to multiple requests for comment.
The login page for the criminal reshipping service SWAT USA Drop.
One of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. Here’s a closer look at the Russia-based SWAT USA Drop Service, which currently employs more than 1,200 people across the United States who are knowingly or unwittingly involved in reshipping expensive consumer goods purchased with stolen credit cards.
Among the most common ways that thieves extract cash from stolen credit card accounts is through purchasing pricey consumer goods online and reselling them on the black market. Most online retailers grew wise to these scams years ago and stopped shipping to regions of the world most frequently associated with credit card fraud, including Eastern Europe, North Africa, and Russia.
But such restrictions have created a burgeoning underground market for reshipping scams, which rely on willing or unwitting residents in the United States and Europe to receive stolen goods and relay them to crooks living in the embargoed areas.
Services like SWAT are known as “Drops for stuff” on cybercrime forums. The “drops” are people who have responded to work-at-home package reshipping jobs advertised on craigslist.com and job search sites. Most reshipping scams promise employees a monthly salary and even cash bonuses. In reality, the crooks in charge almost always stop communicating with drops just before the first payday, usually about a month after the drop ships their first package.
The packages arrive with prepaid shipping labels that are paid for with stolen credit card numbers, or with hijacked online accounts at FedEx and the US Postal Service. Drops are responsible for inspecting and verifying the contents of shipments, attaching the correct shipping label to each package, and sending them off via the appropriate shipping company.
SWAT takes a percentage cut (up to 50 percent) where “stuffers” — thieves armed with stolen credit card numbers — pay a portion of each product’s retail value to SWAT as the reshipping fee. The stuffers use stolen cards to purchase high-value products from merchants and have the merchants ship the items to the drops’ address. Once the drops receive and successfully reship the stolen packages, the stuffers then sell the products on the local black market.
The SWAT drop service has been around in various names and under different ownership for almost a decade. But in early October 2023, SWAT’s current co-owner — a Russian-speaking individual who uses the handle “Fearlless” — took to his favorite cybercrime forum to lodge a formal complaint against the owner of a competing reshipping service, alleging his rival had hacked SWAT and was trying to poach his stuffers and reshippers by emailing them directly.
Milwaukee-based security firm Hold Security shared recent screenshots of a working SWAT stuffer’s user panel, and those images show that SWAT currently lists more than 1,200 drops in the United States that are available for stuffers to rent. The contact information for Kareem, a young man from Maryland, was listed as an active drop. Contacted by KrebsOnSecurity, Kareem agreed to speak on condition that his full name not be used in this story.
A SWAT panel for stuffers/customers. This page lists the rules of the service, which do not reimburse stuffers for “acts of god,” i.e. authorities seizing stolen goods or arresting the drop.
Kareem said he’d been hired via an online job board to reship packages on behalf of a company calling itself CTSI, and that he’s been receiving and reshipping iPads and Apple watches for several weeks now. Kareem was less than thrilled to learn he would probably not be getting his salary on the promised payday, which was coming up in a few days.
Kareem said he was instructed to create an account at a website called portal-ctsi[.]com, where each day he was expected to log in and check for new messages about pending shipments. Anyone can sign up at this website as a potential reshipping mule, although doing so requires applicants to share a great deal of personal and financial information, as well as copies of an ID or passport matching the supplied name.
A SWAT panel for stuffers/customers, listing hundreds of drops in the United States by their status. “Going to die” are those who are about to be let go without promised payment, or who have quit on their own.
On a suspicion that the login page for portal-ctsi[.]com might be a custom coding job, KrebsOnSecurity selected “view source” from the homepage to expose the site’s HTML code. Grabbing a snippet of that code (e.g., “smarty/default/jui/js/jquery-ui-1.9.2.min.js”) and searching on it at publicwww.com reveals more than four dozen other websites running the same login panel. And all of those appear to be geared toward either stuffers or drops.
In fact, more than half of the domains that use this same login panel actually include the word “stuffer” in the login URL, according to publicwww. Each of the domains below that end in “/user/login.php” are sites for active and prospective drops, and each corresponds to a unique fake company that is responsible for managing its own stable of drops:
lvlup-store[.]com/stuffer/login.php
personalsp[.]com/user/login.php
destaf[.]com/stuffer/login.php
jaderaplus[.]com/stuffer/login.php
33cow[.]com/stuffer/login.php
panelka[.]net/stuffer/login.php
aaservice[.]net/stuffer/login.php
re-shipping[.]ru/stuffer/login.php
bashar[.]cc/stuffer/login.php
marketingyoursmall[.]biz/stuffer/login.php
hovard[.]xyz/stuffer/login.php
pullback[.]xyz/stuffer/login.php
telollevoexpress[.]com/stuffer/login.php
postme[.]today/stuffer/login.php
wint-job[.]com/stuffer/login.php
squadup[.]club/stuffer/login.php
mmmpack[.]pro/stuffer/login.php
yoursmartpanel[.]com/user/login.php
opt257[.]org/user/login.php
touchpad[.]online/stuffer/login.php
peresyloff[.]top/stuffer/login.php
ruzke[.]vodka/stuffer/login.php
staf-manager[.]net/stuffer/login.php
data-job[.]club/stuffer/login.php
logistics-services[.]org/user/login.php
swatship[.]club/stuffer/login.php
logistikmanager[.]online/user/login.php
endorphine[.]world/stuffer/login.php
burbon[.]club/stuffer/login.php
bigdropproject[.]com/stuffer/login.php
jobspaket[.]net/user/login.php
yourcontrolboard[.]com/stuffer/login.php
packmania[.]online/stuffer/login.php
shopping-bro[.]com/stuffer/login.php
dash-redtag[.]com/user/login.php
mnger[.]net/stuffer/login.php
begg[.]work/stuffer/login.php
dashboard-lime[.]com/user/login.php
control-logistic[.]xyz/user/login.php
povetru[.]biz/stuffer/login.php
dash-nitrologistics[.]com/user/login.php
cbpanel[.]top/stuffer/login.php
hrparidise[.]pro/stuffer/login.php
d-cctv[.]top/user/login.php
versandproject[.]com/user/login.php
packitdash[.]com/user/login.php
avissanti-dash[.]com/user/login.php
e-host[.]life/user/login.php
pacmania[.]club/stuffer/login.php
Why so many websites? In practice, all drops are cut loose within approximately 30 days of their first shipment — just before the promised paycheck is due. Because of this constant churn, each stuff shop operator must be constantly recruiting new drops. Also, with this distributed setup, even if one reshipping operation gets shut down (or exposed online), the rest can keep on pumping out dozens of packages a day.
A 2015 academic study (PDF) on criminal reshipping services found the average financial hit from a reshipping scheme per cardholder was $1,156.93. That study looked into the financial operations of several reshipping schemes, and estimated that approximately 1.6 million credit and debit cards are used to commit at least $1.8 billion in reshipping fraud each year.
It’s not hard to see how reshipping can be a profitable enterprise for card crooks. For example, a stuffer buys a stolen payment card off the black market for $10, and uses that card to purchase more than $1,100 worth of goods. After the reshipping service takes its cut (~$550), and the stuffer pays for his reshipping label (~$100), the stuffer receives the stolen goods and sells them on the black market in Russia for $1,400. He has just turned a $10 investment into more than $700. Rinse, wash, and repeat.
The breach at SWAT exposed not only the nicknames and contact information for all of its stuffers and drops, but also the group’s monthly earnings and payouts. SWAT apparently kept its books in a publicly accessible Google Sheets document, and that document reveals Fearlless and his business partner each routinely made more than $100,000 every month operating their various reshipping businesses.
The exposed SWAT financial records show this crime group has tens of thousands of dollars worth of expenses each month, including payments for the following recurring costs:
-advertising the service on crime forums and via spam;
-people hired to re-route packages, usually by voice over the phone;
-third-party services that sell hacked/stolen USPS/Fedex labels;
-“drops test” services, contractors who will test the honesty of drops by sending them fake jewelry;
-“documents,” e.g. sending drops to physically pick up legal documents for new phony front companies.
The spreadsheet also included the cryptocurrency account numbers that were to be credited each month with SWAT’s earnings. Unsurprisingly, a review of the blockchain activity tied to the bitcoin addresses listed in that document shows that many of them have a deep association with cybercrime, including ransomware activity and transactions at darknet sites that peddle stolen credit cards and residential proxy services.
The information leaked from SWAT also has exposed the real-life identity and financial dealings of its principal owner — Fearlless, a.k.a. “SwatVerified.” We’ll hear more about Fearlless in Part II of this story. Stay tuned.
Three men in the United Kingdom were arrested this month for attempting to assault a local man and steal his virtual currencies. The incident is the latest example of how certain cybercriminal communities are increasingly turning to physical violence to settle scores and disputes.
Shortly after 11 p.m. on September 6, a resident in the Spalding Common area in the district of Lincolnshire, U.K. phoned police to say three men were acting suspiciously, and had jumped a nearby fence.
“The three men made off in a VW Golf and were shortly stopped nearby,” reads a statement by the Lincolnshire Police. “The car was searched by officers who found an imitation firearm, taser, a baseball bat and police uniform in the boot.”
Thomas Green, 23, Rayhan Miah, 23, and Leonardo Sapiano, 24 were all charged with possession of the weapons, and “with intent to cause loss to another to make an unwarranted demand of Crypto Currency from a person.”
KrebsOnSecurity has learned that the defendants were in Spalding Common to pay a surprise visit to a 19-year-old hacker known by the handles “Discoli,” “Disco Dog,” and “Chinese.” In December 2020, Discoli took credit for hacking and leaking the user database for OGUsers, a forum overrun with people looking to buy, sell and trade access to compromised social media accounts.
Reached via Telegram, Discoli confirmed that police believe the trio was trying to force their way into his home in Spalding Common, and that one of them was wearing a police uniform when they approached his residence.
“They were obvious about being fake police, so much so that one of our neighbours called,” Discoli said in an instant message chat. “That call led to the arrests. Their intent was for robbery/blackmail of crypto, I just happened to not be home at the time.”
The Lincolnshire Police declined to comment for this story, citing an ongoing investigation.
Discoli said he didn’t know any of the men charged, but believes they were hired by one of his enemies. And he said his would-be assailants didn’t just target him specifically.
“They had a list of people they wanted to hit consecutively as far as I know,” he said.
The foiled robbery is the latest drama tied to members of certain criminal hacking communities who are targeting one another with physical violence, by making a standing offer to pay thousands of dollars to anyone in the target’s region who agrees to carry out the assaults.
Last month, a 21-year-old New Jersey man was arrested and charged with stalking in connection with a federal investigation into groups of cybercriminals who are settling scores by hiring people to carry out physical attacks on their rivals.
Prosecutors say Patrick McGovern-Allen recently participated in several of these schemes — including firing a handgun into a Pennsylvania home and torching a residence in another part of the state with a Molotov Cocktail.
McGovern-Allen and the three U.K. defendants are part of an online community that is at the forefront of a dangerous escalation in coercion and intimidation tactics increasingly used by competing cybercriminal groups to steal cryptocurrency from one another and to keep their rivals in check.
The Telegram chat channels where these young men transact have hundreds to thousands of members each, and some of the more interesting solicitations on these communities are job offers for in-person assignments and tasks that can be found if one searches for posts titled, “If you live near,” or “IRL job” — short for “in real life” job.
A number of these classified ads are in service of performing “brickings,” where someone is hired to visit a specific address and toss a brick through the target’s window. Indeed, prior to McGovern-Allen’s arrest, his alleged Telegram persona bragged that he’d carried out several brickings for hire.
Many of the individuals involved in paying others to commit these physical attacks are also frequent participants in Telegram chat channels focused singularly on SIM swapping, a crime in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s various online accounts and identities.
Unsurprisingly, the vast majority of people currently being targeted for brickings and other real-life physical assaults via Telegram tend to be other cybercriminals involved in SIM swapping crimes (or individuals on the periphery of that scene).
The United Kingdom is home to a number of young men accused of stealing millions of dollars worth of cryptocurrencies via SIM swapping. Joseph James O’Connor, a.k.a. “Plugwalk Joe”, was arrested in Spain in July 2021 under an FBI warrant on 10 counts of offenses related to unauthorized computer access and cyber bullying. U.S. investigators say O’Connor also played a central role in the 2020 intrusion at Twitter, wherein Twitter accounts for top celebrities and public figures were forced to tweet out links to cryptocurrency scams. O’Connor is currently fighting extradition to the United States.
Robert Lewis Barr, a 25-year-old Scottish man who allegedly stole more than $8 million worth of crypto, was arrested on an FBI warrant last year and is also fighting his extradition. U.S. investigators say Barr SIM swapped a U.S. bitcoin broker in 2017, and that he spent much of the stolen funds throwing lavish parties at rented luxury apartments in central Glasgow.
In many ways, these violence-as-a-service incidents are a natural extension of “swatting,” wherein fake bomb threats, hostage situations and other violent scenarios are phoned in to police as part of a scheme to trick them into visiting potentially deadly force on a target’s address. According to prosecutors, both Barr and O’Connor have a history of swatting their enemies and their SIM swapping victims.
A 21-year-old New Jersey man has been arrested and charged with stalking in connection with a federal investigation into groups of cybercriminals who are settling scores by hiring people to carry out physical attacks on their rivals. Prosecutors say the defendant recently participated in several of these schemes — including firing a handgun into a Pennsylvania home and torching a residence in another part of the state with a Molotov Cocktail.
Patrick McGovern-Allen of Egg Harbor Township, N.J. was arrested on Aug. 12 on a warrant from the U.S. Federal Bureau of Investigation. An FBI complaint alleges McGovern-Allen was part of a group of co-conspirators who are at the forefront of a dangerous escalation in coercion and intimidation tactics increasingly used by competing cybercriminal groups.
Prosecutors say that around 2 a.m. on Jan 2, 2022, McGovern-Allen and an unidentified co-conspirator fired multiple handgun rounds into a residence in West Chester, Pa. Fortunately, none of the residents inside the home at the time were injured. But prosecutors say the assailants actually recorded video of the attack as “proof” that the shooting had been carried out.
A copy of that video was obtained by KrebsOnSecurity. According to investigators, McGovern-Allen was one of the shooters, who yelled “Justin Active was here” as they haphazardly fired at least eight rounds into the lower story of the West Chester residence.
On Dec. 18, 2021, police in Abington Township, Pa., responded to reports of a house fire from homeowners who said it sounded like something was thrown at their residence just prior to the fire.
Weeks later, on the day of the shooting in West Chester, a detective with the Westtown East Goshen Police Department contacted the Abington police and shared another video that was circulating on several online message boards that appeared to show two individuals setting fire to the Abington Township residence. The criminal complaint said the two police officers agreed the same suspect was present in both videos.
A copy of that video also was obtained by KrebsOnSecurity, and it shows at least two individuals smashing a window, then lighting a rag-soaked Mad Dog 20/20 grape wine bottle and hurling it at the side of the home [Update: My apologies for the file download link, but YouTube just deleted both of the videos included in this story — for allegedly violating their community standards].
“The Molotov cocktail caused the immediate surrounding area to ignite, including the siding of the house, grass, and the wooden chair,” the government’s complaint against McGovern-Allen states. “The two suspects then fled on foot toward the street and begin yelling something when the video stops.”
The government mentions the victims only by their initials — “K.M.” in the shooting and “A.R.” in the firebombing — but said both had been the target of previous harassment by rival cybercriminal groups that included swatting attacks, wherein the perpetrators spoof a distress call to the police about a hostage situation, suicide or bomb threat with the goal of sending a heavily-armed police response to a targeted address.
A number of previous swatting incidents have turned deadly. But these more “hands-on” and first person attacks are becoming increasingly common within certain cybercriminal communities, particularly those engaged in SIM swapping, a crime in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s various online accounts and identities.
The complaint mentions a handle and user ID allegedly used by McGovern-Allen’s online persona “Tongue” on the Discord chat service, (user: “Tongue#0001”).
“In the chats, [Tongue] tells other Discord users that he was the person who shot K.M.’s house and that he was willing to commit firebombings using Molotov Cocktails,” the complaint alleges. “For example, in one Discord chat from March 2022, [the defendant] states ‘if you need anything done for $ lmk [“let me know”]/I did a shooting/Molotov/but I can also do things for ur entertainment.”
KrebsOnsecurity reviewed hundreds of chat records tied to this Tongue alias, and it appears both attacks were motivated by a desire to get back at a rival cybercriminal by attacking the female friends of that rival.
Recall that the shooters in the West Chester, Pa. incident shouted “Justin Active was here.” Justin Active is the nickname of an individual who is just as active in the same cybercriminal channels, but who has vehemently denied knowledge of or participation in the shooting. Justin Active said on Telegram that the person targeted in the shooting was his ex-girlfriend, and that the firebombing targeted another friend of his.
Justin Active has claimed for months that McGovern-Allen was responsible for both attacks, saying they were intended as an intimidation tactic against him. “DO THE PATRICK MCGOVERN ALLEN RAID DANCE!,” Justin Active’s alias “Nutcase68” shouted on Telegram on Aug. 12, the same day McGovern-Allen was arrested by authorities.
Justin Active’s version of events seems to be supported by a reference in the criminal complaint to an April 2, 2022 chat in which Tongue explained the reason for the shooting.
“The video/is [K]’s house/getting shit/shot/justin active/ was her current bf/ the reason it happened,” Tongue explained. “So that’s why Justin active was there.”
The Telegram chat channels that Justin Active and Tongue both frequented have hundreds to thousands of members each, and some of the more interesting solicitations on these communities are job offers for in-person assignments and tasks that can be found if one searches for posts titled, “If you live near,” or “IRL job” — short for “in real life” job.
A number of these classified ads are in service of performing “brickings,” where someone is hired to visit a specific address and toss a brick through the target’s window.
“If you live near Edmonton Canada dm me need someone bricked,” reads on Telegram message on May 31, 2022.
“If you live near [address redacted] Lakewood, CA, dm [redacted] Paying 3k to slash the tires,” reads another help wanted ad in the same channel on Feb. 24, 2022. “If you live near here and can brick them, dm [address omitted] Richland, WA,” reads another from that same day.
McGovern-Allen was in the news not long ago. According to a Sept. 2020 story from The Press of Atlantic City, a then 19-year-old Patrick McGovern Allen was injured after driving into a building and forcing residents from their home.
“Police found a 2007 Lexus, driven by Patrick McGovern-Allen, 19, that had lost control and left the road, crashing into the eastern end of the 1600 building,” the story recounted. “The car was driven through the steps that provide access to the second-floor apartments, destroying them, and also caused damage to the outer wall.”
A search on the Inmate Locator of the U.S. Bureau of Prisons website shows that McGovern-Allen remains in federal custody at a detention facility in Philadelphia. He’s currently represented by a public defender who has not responded to requests for comment.
A copy of the criminal complaint against McGovern-Allen is available here (PDF).
Many of the individuals involved in paying others to commit these physical attacks are also frequent participants in several Telegram channels focused singularly on SIM swapping activity. As a result, the vast majority of the people being targeted for brickings and other real-life physical assaults tend to be other cybercriminals involved in SIM swapping crimes (or individuals on the periphery of that scene).
There are dozens of SIM swappers who are now teenage or 20-something millionaires, by virtue of having stolen vast sums of cryptocurrencies from SIM swapping victims. And now many of these same individuals are finding that communities like Telegram can be leveraged to hire physical harassment and intimidation of their rivals and competitors.
The primary barrier to hiring someone to brick a home or slash some tires seems to be the costs involved: A number of solicitations for these services advertised payment of $3,000 or more upon proof of successful completion, which usually involves recording the attack and hiring a getaway driver in the town where the crime is to take place (calling a cab or hailing an Uber from the scene of a bricking isn’t the brightest idea).
My fear is these violence-as-a-service offerings will at some point migrate outside of the SIM swapping communities. This is precisely what happened with swatting, which for years was a crime perpetrated almost exclusively against online gamers and people streaming their games online. These days, swatting attacks are commonly used by SIM swapping groups as a way to harass and extort regular Internet users into giving up prized social media account names that can be resold for thousands of dollars.
Netflix has a new documentary series airing next week — “Web of Make Believe: Death, Lies & the Internet” — in which Yours Truly apparently has a decent amount of screen time. The debut episode explores the far-too-common harassment tactic of “swatting” — wherein fake bomb threats or hostage situations are phoned in to police as part of a scheme to trick them into visiting potentially deadly force on a target’s address.
Image: Netflix.com
The producers of the Netflix show said footage from an interview I sat for in early 2020 on swatting and other threats should appear in the first episode. They didn’t specify what additional topics the series would scrutinize, but Netflix’s teaser for the show suggests it concerns cybercrimes that result in deadly, real-world kinetic attacks.
“Conspiracy. Fraud. Violence. Murder,” reads the Netflix short description for the series. “What starts out virtual can get real all too quickly — and when the web is worldwide, so are the consequences.”
Our family has been victimized by multiple swatting attacks over the past decade. Our first swatting, in March 2013, resulted in Fairfax County, Va. police surrounding our home and forcing me into handcuffs at gunpoint. For an excruciating two minutes, I had multiple police officers pointing rifles, shotguns and pistols directly at me.
More recently, our family was subjected to swatting attacks by a neo-Nazi group that targeted journalists, judges and corporate executives. We’ve been fortunate that none of our swatting events ended in physical harm, and that our assailants have all faced justice.
But these dangerous hoaxes can quickly turn deadly: In March 2019, 26-year-old serial swatter Tyler Barriss was sentenced to 20 years in prison for making a phony emergency call to police in late 2017 that resulted in the shooting death of an innocent Kansas resident.
In 2021, an 18-year-old Tennessee man who helped set in motion a fraudulent distress call to police that led to the death of a 60-year-old grandfather in was sentenced to five years in prison.
The first season of the new documentary series will be available on Netflix starting June 15. See you on TV!
FreshRSS 