US Charges Five in ‘Scattered Spider’ Hacking Scheme
Martin Estrada, the U.S. Attorney in Los Angeles, said the defendants conducted phishing attacks by sending bogus but real-looking mass text messages to employees’ mobile phones warning that their accounts would be deactivated.
The hackers, in their teens or 20s at the time, allegedly directed employees to links for entering log-in information, enabling the hackers to steal from their employers and millions of dollars of cryptocurrency from individuals’ accounts.
Victims allegedly included at least 12 companies in the gaming, outsourcing, telecommunications and cryptocurrency fields, plus hundreds of thousands of individuals.
Estrada’s office confirmed that the case concerned Scattered Spider. No victims were identified by name.
Security experts and officials have said Scattered Spider is composed of small clusters of people, including youngsters, who collaborate on-and-off on specific jobs.
The group has been blamed for unusually aggressive cybercrime sprees, targeting major multinational companies as well as individual cryptocurrency investors.
Some experts previously complained about law enforcement’s apparent inability to crack down even though the identities of some suspects, including several living in Western countries, were known, industry insiders told Reuters last year.
That may now be changing.
“The days of easy money and no consequences are over,” said Allison Nixon, chief research officer at cybersecurity company Unit 221B. “Defenders and law enforcement are meeting this wave of cybercrime aggressively now. Young people that have fallen into online crime culture need to exit before they become the next target.”
The defendants are Tyler Buchanan, 22, of Scotland; Ahmed Elbadawy, 23, of College Station, Texas; Joel Evans, 25, of Jacksonville, North Carolina; Evans Osiebo, 20, of Dallas; and Noah Urban, 20, of Palm Coast, Florida.
Each was charged with two conspiracy counts and aggravated identity theft, and Buchanan was also charged with wire fraud.
Investigators traced Buchanan through domain registration records for phishing websites, registered under an account whose user name included the name of late actor Bob Saget.
Officials said the suspects’ illegal activity spanned from September 2021 and April 2023.
Scattered Spider drew particular notoriety in September 2023 when members of its community broke into and locked up the networks of casino operators Caesars Entertainment and MGM Resorts International, and demanded hefty ransom payments. Caesars paid about $15 million to restore its network.
It was unclear whether these five defendants were connected with Scattered Spider’s casino hackings.
The U.S. Department of Justice declined to comment on specific victims. Caesars did not immediately return requests for comment. MGM said the defendants did not appear to be related to the cyber attack against its network.
Evans was arrested on Tuesday in North Carolina. Urban has pleaded not guilty to 14 fraud and conspiracy charges in a separate case in Florida.
Buchanan was arrested in June at an airport in Palma de Mallorca, Spain as he attempted to board a flight to Naples, Spanish authorities said at the time. He is awaiting extradition from Spain, a Justice Department spokesman said.
A public defender representing Urban did not immediately respond to a request for comment. Lawyers for the other defendants could not immediately be identified.
(Reporting by Stempel in New York and Vicens in Washington. Editing by Bill Berkrot and David Gregorio)
- Report: Millions of Properties May be Underinsured Due to Multiple Undetected Structures
- Coming Soon to Florida: New State-Fed Program to Elevate Homes in Flood Zones
- AccuWeather’s 2024 White Christmas Forecast Calls for Snow in More Areas
- Nearly 1,000 Feared Dead After Cyclone Hits France’s Mayotte