2016-02-11 / Front Page

French Hacker Questioned on Hoax Bomb Threats

By Olga Enger

A week after local schools received a string of hoax threats that law enforcement said was traced to Russia, French authorities detained an 18-year-old man who owns a domain used by alleged Russian cybercriminals accused of making similar calls.

Although no group has claimed responsibility for the local threats, Evacuation Squad posted on Twitter they were behind similar hoaxes in Britain and France.  The group presents itself as Russian-based, with a Russian email suffix (zmail.ru) and profile picture of Russian President Vladimir Putin. The Twitter page, which has since been suspended, had a cover photo of the Hezbollah flag, with the words “Victory to God’s Army” written in Arabic.

Police questioned Vincent Lauton last week after Evacuation Squad claimed to use his encrypted Tor network, commonly known to hackers as a “dark web.” The extent of Lauton’s involvement beyond his server is still unclear.

For over a week beginning on Jan. 31, computerized hoax calls flooded into local schools, eliciting significant police responses, evacuations and high absentee rates. The majority of the calls targeted the Newport district, but calls also came into Middletown, Tiverton and Warwick. The Newport Police Department also received a robocall threat.

The Newport School District has not received a threat since Wednesday, Feb. 10, which came as an email, confirmed Superintendent Colleen Burns Jermain on Saturday. 

“Let us be clear: I am not responsible for the bomb threats,” Lauton posted on Twitter on Feb. 12. 

Lauton runs a XMPP chat protocol, darkness.su, which protects IP addresses from other servers and users. Lauton claimed his connection to Evacuation Group is indirect.   

“You really think I asked for this? I never expected this kind of people using my services,” Lauton tweeted on Feb. 12.  Lauton added his server is not capable of emitting robocalls.

On Twitter, Evacuation Squad posted their motive: “Hello, and we are EvacuationSquad. We do what we do for a few reasons: We hate the American government. We hate authority. We love to cause mayhem.”

Their intentions were also financial. The group included a fee structure, payable by Bitcoins, for requests to target a location or individual with a robocall. The payments range between $5 for a school and $50 for a major sporting event.

Although Evacuation Squad claims to be Russian, it is common practice for cybercriminals to disguise their country of origin to send authorities down the wrong path.

Despite his French nationality, Lauton has several public ties to Russia. His website displays a former Soviet flag, which has become known as an international symbol of communism. Lauton recommends Russian based software to work with his chat protocol and the suffix of his domain, darkness.su, may stand for the Soviet Union. In December, he posted a pro-Putin article on Twitter. Last year, he boasted that the Russian money transfer company WebMoney Transfer approved him as a client.

“A little mail from Russia - WebMoney address verified,” Lauton posted last February, along with a photo of the acceptance letter.

The automated hoax calls are sometimes referred to as“swatting calls,” which is a term used by the FBI as far back as 2008. The objective is to trigger a massive police response (S.W.A.T. teams).

Domestically, law enforcement has seen an up-tick in swatting pranks within the gaming community. Gamers often target opponents, who participate in live streams on websites such as Twitch.

In November, U.S. Rep. Katherine Clark, D-Mass., sponsored a bill called the "Interstate Swatting Hoax Act of 2015," which aims to make swatting a federal crime. Last month, she was targeted by an automated call that claimed there was an active shooter in her home.


Return to top