"Swatting is not a victimless prank – it is a reckless and dangerous crime that can have deadly consequences," said Terence G. Reilly of the FBI Nashville Field Office after a Welsh administrator of an online doxxing forum was jailed for encouraging swatting attacks across three countries.
Callum Dare and the #deadnet channel
Callum Dare, 26, a Talbot Green man, was an administrator on Doxbin, a dark web platform used to expose personally identifiable information. Investigators said Dare "was an active participant" in Doxbin's "#deadnet" channel, where he encouraged and assisted others to target individuals and organisations through swatting attacks. Although he never placed the swatting calls himself, Cardiff Crown Court heard he assembled and shared material intended to incite and guide others.
Dare pleaded guilty on June 15 to encouraging or assisting the commission of malicious communications and to possession of articles for use in frauds. He was sentenced to two years and three months in prison.
Documented swatting incidents in the UK, US and Canada
Prosecutors and police linked Dare to multiple incidents. In the United States, one attack involved a caller to the Los Angeles Police Department who, using a fake Russian accent, claimed bombs had been hidden under chairs in a University of California lecture theatre, forcing an evacuation. Other US-targeted calls included those made to a university during protests involving Milo Yiannopoulos.
Investigations by Welsh police connected Dare to a December 17, 2018, call to a Western Mail journalist in which the caller claimed to be armed with nail bombs and holding hostages at Cardiff's Sandringham Hotel on St Mary Street. The journalist alerted police, who closed and evacuated St Mary Street, causing significant disruption. A Canadian programmer was also targeted: a caller claimed to be at the programmer's address, had shot their girlfriend, taken hostages and was armed with explosives — the call that prompted Canadian authorities' involvement and ultimately fed into the cross-border investigation.
Digital evidence: livestream montages and "The Man in the Onion" phishing kit
Authorities described a body of digital material recovered from Dare's devices. Forensic examiners found montages of footage taken from internet livestreams and other sources that Dare assembled to show emergency services' responses to swatting calls; Tarian Regional Organised Crime Unit (ROCU) said he shared these in #deadnet "in an attempt to encourage others to carry out similar offences."
Officers also discovered a file labelled "The Man in the Onion" — a phishing kit designed to imitate dark web marketplaces and harvest user credentials. Tarian ROCU stated the kit could likely gather details that would allow access to cryptocurrency wallets and other accounts. The court was told there is no suggestion Dare used the phishing kit in real-world attacks, though mere possession of such a kit is a criminal offence.
International law enforcement cooperation and the investigative trail
The investigation began in May 2019, when Dare was 19, after the FBI engaged South Wales Police and Tarian ROCU. Canadian authorities' engagement with the FBI led to the seizure of Doxbin and #deadnet chat logs; investigators discovered the usernames "Chans" and "KT" belonged to a Doxbin admin likely based in Wales. That intelligence was passed to Welsh police in 2019.
South Wales Police linked the information to a PayPal account and then to an email address that identified Dare and his residence. Following his arrest, officers searched his devices and found evidence tying him to the online encouragement of swatting calls and related offences. Special Agent Reilly emphasised the cross-border nature of the work, and Louisa Robertson, specialist prosecutor at the Crown Prosecution Service Cymru‑Wales, highlighted the role of international cooperation in building the case.
What this means for emergency services, journalists, and online moderators
- Emergency services: Robertson noted that false alarms frequently involve multiple emergency services and divert resources away from real emergencies. The documented incidents included full evacuations and armed responses, underscoring operational disruption.
- Journalists and public venues: The Western Mail journalist's report that led to an evacuation of St Mary Street shows how media professionals and city-centre locations can be drawn into hoaxes with wide local impact.
- Platform moderators and investigators: Seizure of Doxbin and #deadnet chat logs, and the identification of administrative accounts via transaction and email trails, illustrate how digital traces — even on dark web platforms — can be traced and linked to real-world identities when international agencies cooperate.
Defence counsel Peter Donnison told the court Dare suffered from mental health difficulties, including ADHD, autism and low borderline IQ, and described a troubled upbringing — factors the court heard before sentencing. Louisa Robertson said she hoped the sentence would deter others, while the FBI's Reilly framed the prosecution as an example of cross-border investigative determination.
The case closes one criminal chapter against a Doxbin administrator, but it leaves practical questions for law enforcement and online communities about how to prevent the encouragement of dangerous online behaviour and how to detect and disrupt those who assemble and distribute material designed to incite real‑world harm.




