According to a UK researcher, eBay's site has remained vulnerable to CSRF attacks.
According to a UK researcher, eBay's site has remained vulnerable to CSRF attacks.

A 21-year-old Connecticut resident was arrested on Wednesday on federal criminal complaints that he participated in multiple “swatting” incidents that targeted U.S. universities and schools.

Swatting involves placing a hoax call to any emergency service in order to get its team to respond to a false report of a critical incident. Matthew Tollis allegedly teamed up with a group of Xbox gamers known as “TCOD,” or TeAM CrucifiX or Die, to arrange and execute the swatting, according to the case's affidavit.

For instance, in one case, Tollis supposedly joined a Skype call on April 3 to the University of Connecticut. The unknown caller connected to a university representative and claimed that plastic explosives were placed in the admissions building. The university's police department was immediately notified and they evacuated the building. They then issued an emergency alert. The Connecticut State Police's Bomb Squad, Emergency Services Unit, and SWAT team arrived on the scene, too. No explosives were found.

Following the incident, a university police officer learned that a Twitter account, @declaws, was claiming credit for the call. A conversation posted on the account regarding the incident contained a screenshot of the Skype call. A user named “Harbor” was listed as a participant. An investigation into Harbor's identity led law enforcement to Tollis.

Tollis was later interviewed by officers, where he admitted to joining the call, along with others.

He is being charged with one count of conspiring to engage in a bomb threat hoax, one count of aiding and abetting a bomb threat hoax, and one count of aiding and abetting the malicious conveying of false information regarding an attempt or alleged attempt to kill, injure or intimidate any individual, or to unlawfully damage or destroy any building or other real or personal property by means of an explosive. Each charge carries a maximum term of imprisonment of five years.

The group Tollis associates with, TCOD, is suspected of swatting at Harvard University in Cambridge, Mass., Hebron High School in Carrollton, Texas, and Boston University in Boston, among others. Authorities believe the group consists of three members in the U.K., and the Federal Bureau of Investigation (FBI) is working with U.K. law enforcement to find them.