According to journalistic findings, the perpetrator behind the false alarms — including the one targeting the home of the mother of the President of Poland — either had access to communications between Polish emergency services or remained nearby the entire time, carefully monitoring their actions.
The ongoing wave of false alarms, which led emergency services to enter the apartments and homes of journalists from Telewizja Republika — including senior management led by Tomasz Sakiewicz — as well as attempts to gain access to the station itself, the attempted forced entry into the apartment of former National Security Bureau chief Prof. Sławomir Cenckiewicz, and the entry into the family home of Polish President Karol Nawrocki, all appear to have been precisely planned and coordinated operations.
Over recent weeks, the series of false reports involving fires, suicide attempts, or threats to the lives of residents intensified. They were accompanied by acts of harassment in the form of large fake food orders placed under other people’s names at various locations.
For a long time, the reports were publicly downplayed and even ridiculed, which likely emboldened the perpetrators. Matters escalated when emergency services received a report of a possible fire, followed by information about a child suffering cardiac arrest, at the address of the president’s family home. Emergency responders forced open the door and entered the property while the residents were absent.
“The provocateurs had excellent reconnaissance — they struck when no one was present in either apartment,” journalists from Rzeczpospolita noted after uncovering details of Saturday’s operation in Gdańsk.
The perpetrators reportedly used the emergency 112 application intended for deaf and mute individuals. Additional SMS messages were sent, prompting further responses from emergency services. Authorities have already identified the phone number and the individual under whose name it was registered. According to the journalists’ findings, the perpetrators most likely used what is known as an “onion router” to conceal their identity — a technology employing multiple layers of security to facilitate anonymous online communication.
“Investigators’ findings indicate that during the initial false reports about fires or alleged threats to life, the perpetrators used servers located in Scandinavian countries, while later incidents appear to have involved servers in Russia,” the journalists wrote on the rp.pl website.
Emergency services under surveillance?
The authors also pointed out that the perpetrators must have known that although the address of Karol Nawrocki’s apartment appears in his financial disclosure statement, the publicly available version is anonymized and the property itself is not under direct protection by the State Protection Service (SOP).
“Secondly — and this is particularly disturbing — their actions looked as though they were monitoring the emergency response in real time and reacting accordingly. When the first SMS failed to produce the desired effect, they sent a second message 15 minutes later to the Provincial Emergency Notification Center. This time, instead of reporting a fire, they claimed that a child was showing no signs of life,” the journalists added.
It was this second report that ultimately caused emergency services, rather than withdrawing from the scene, to proceed with a forced entry into the apartment by breaking down the door.
“It appears as though the initiators of these actions had access to communications between the services. Alternatively, one of them may have been present in the area where everything unfolded and was observing the actions of firefighters and police officers from outside,” the journalists noted, adding that police have secured surveillance footage from nearby streets and buildings.
A similar modus operandi was observed in reports concerning alleged threats at the headquarters of Telewizja Republikaand at the homes of the station’s journalists. In the overwhelming majority of cases, the reports came in pairs. This may stem from the fact that emergency service communications are relatively easy to intercept, as in most cases they are conducted over open, unencrypted channels.