A cyber group known as “Purgatory” is behind a terrifying spree of AI-enhanced swatting calls on college campuses — and experts urge authorities to catch up to “internet speed” to stop it.
Between Aug. 21 and Aug. 25, at least 10 universities across the US were thrown into chaos after fake active shooter calls sent armed federal and local law enforcement agencies to lockdown campuses, launching students into full-blown panic.
The calls have since been linked to Purgatory, a group of cybercriminals who use AI tools to replicate sounds of screaming and gunfire while on the phone with local authorities, according to recent findings by the Center for Internet Security and Institute for Strategic Dialogue.
Purgatory, which primarily organizes on Telegram and Discord platforms, derives from a larger group known as “The Com,” a loose cybercriminal network that engages in swatting, sextortion and the distribution of child sex abuse material.
The FBI issued an alert about The Com as recently as late July.
“Sometimes [the call’s] are for a fee, other times it’s to bring attention to themselves as a group so that they can get new clients or get others to join this affiliation, and help them do swatting,” John Cohen, the executive director for the Countering Hybrid Threats Program at the Center for Internet Security and a former Department of Homeland Security official, told The Post.
“Sometimes, quite frankly, it’s because they enjoy the thrill of watching.”
Hoaxers can pocket $95 for school swattings — an intentional, staged call to bring law enforcement to a nonexistent crime scene — since the spate of recent media coverage. The threats previously paid as little as $20, WIRED reported last month.
A leader of the group claimed Purgatory has made $100,000 since the shooting spree began, the outlet said.
The fake calls began on Aug 21, with reports of an active shooter at the University of Tennessee Chattanooga and Villanova University, triggering armed law enforcement responses and sending panicked students and parents fleeing during an orientation event, school officials had said.
On Aug 24, swatting calls linked to the group also took place at the University of South Carolina and UNC-Chapel Hill.
Then, a whopping six swatting calls were placed on Aug 25 alone, targeting universities such as Iowa State, Kansas State, the University of Maine and the University of Arkansas.
Matt Mills, the assistant police chief at the University of Arkansas Police Department, recalled to The Post how a swatting call about an active shooter at the school’s Mullins Library threw the campus into mayhem that day.
“We had the initial call come in, just before 12:30. The caller stated that he was in our library, which is Mullins Library, and that there was a guy with a gun in the room,” he explained.
“A call went on for a couple of minutes toward the end of the call, our dispatcher could hear gunfire in the background.”
Local, city, state and federal authorities rushed to the scene — as students and staff across campus barricaded themselves in office buildings and classrooms, Mills said.
“Over the next couple of hours, we received over 300 calls on our non-emergency lines and 38 911 calls from varying parties. Those calls ranged anywhere from, they thought they saw the suspect, they thought they heard gunshots,” he said.
After sending officers to clear seven campus buildings, authorities determined the active shooter alert was a swatting call.
“I mean, the first response is thankfully nobody was hurt. And then there’s some frustration with the amount of resources that were deployed from at least 15 different agencies in our area, including federal agencies and state police,” Mills said.
When asked if he could understand why anyone would pay for or call in a swatting call, Mills said he could not “compute” a reason someone would do such a thing.
“It doesn’t make any sense to me why somebody would pay to have this done to a campus, to a hospital, to be anywhere. That just doesn’t compute in my brain,” he said.
Cohen, the cybersecurity expert, said that foreign terrorist organizations, militaries and criminal organizations looking to “sow discord” and undermine US institutions often hire groups like Purgatory to engage in targeted swatting operations.
The calls can sometimes be made from individuals within a group looking to get a rise from the ensuing media coverage — or also solicited by individuals with “malicious intent,” he explained.
“It’s not just some disaffected individual sitting in his basement at home who says, ‘I’m gonna hack this university,’ or ‘I’m going to do a swat and call at this university,’” Cohen said.
“It’s also foreign intelligence services, militaries, criminal organizations, even terrorist groups that are saying part of my objective is to cause a disruption in the US or to sow discord, undermine confidence in government, undermine confidence in institutions.”
While it is not immediately known who exactly placed or paid for the calls at the 10 universities, Cohen said trend analysts have noticed an increasing influence of foreign and organized crime groups in Purgatory’s operations.
The group also uses virtual private network’s known as “VPNs,” and Google Voice numbers to fake that calls are coming from the local area.
Swatting calls are never just “benign” and can be highly dangerous — even injuring officers and other individuals in the target area, Cohen charged.
“They’re not just irritating. The intent may be, in some cases, to harass the recipients or cause a disruption — but they can be highly dangerous because there are instances where, when the swatting call comes in, the law enforcement organization is going to respond like it’s an actual emergency,” he said.
“AI is being used to simulate gunfire in the background. The swatter is monitoring the radio traffic of the responding agencies and tweaking their calls accordingly,” he continued.
“I mean, that’s gonna elicit a forceful response by law enforcement because they believe they’re responding to an emergency, a real emergency. So, their objective is to get on scene as quickly as possible, find the shooter in the case of an active shooter, neutralize that shooter.”
To prevent future swatting attacks, law enforcement officials need to evolve to be able to detect possible hoax incidents in real time, Cohen said.
“Criminals and threat actors are evolving their tactics at internet speed. Unfortunately, law enforcement is still operating in dialogue,” he added.
“We have to become much better at understanding how foreign intelligence services, terrorists and criminals are using the power of the internet — and we need to adapt our investigative processes accordingly,” Cohen urged.
Another tactic to deter members of Purgatory would be to “identify, arrest and prosecute” members, though Cohen noted that would take a certain “technical capability.”
Purgatory members — Evan Strauss, 26, and Owen Jarboe and Brayden Grace, both 18 — were indicted last May over swatting calls targeting residences, a high school, a casino and the Albany International Airport between December 2023 and January 2024, according to a statement from the Department of Justice.
One of the 18-year-olds, who appeared to have taken a leadership role in the group, was briefly listed on the FBI’s Most Wanted List before his arrest. All three subsequently pleaded guilty.
At the University of Arkansas and several other universities targeted by swatters, investigations into the false reports are continuing.
The FBI told The Washington Post that it’s investigating the incidents, and the agency is “seeing an increase in swatting events across the country, and we take potential hoax threats very seriously because it puts innocent people at risk,” in a statement to The New York Times.
When asked if the spree would continue, a leader under the name “Gores” told WIRED, “Yes. 2 months.”
The FBI did not return a request for comment from The Post at the time of publication.