1 day Ago By Iain Thomson
The US Department of Justice has issued an indictment that names five people accused of stealing millions in cryptocurrency – and we are told they are suspected members of cyber-gang Scattered Spider. The arachnid-inspired crew is thought to have masterminded the ransomware attack on casino operators MGM Resorts and Caesars Entertainment, and to have cracked identity services vendor Okta – then attacked many of its customers. The crew uses SMS phishing and social engineering.
The five suspects have been named as: Urban was arrested in January on fraud charges and Evans was picked up on Tuesday in North Carolina. Buchanan was cuffed in Spain in June, and local authorities suggested that he leads the gang. According to court documents [PDF], when the Scottish police raided Buchanan's home in 2023 they found "approximately twenty devices" – and copies of the data they contained was sent to the FBI.
The court documents state that one of Buchanan's devices was found to contain a phishing kit that was "designed specifically to transmit the captured information to a Telegram channel." Buchanan's browser history also allegedly showed he had registered websites used in the gang's phishing campaigns and moderated a Telegram channel that the criminals are believed to have used to coordinate their activities. According to the indictments [PDF], the quintet ran a multi-year campaign to steal cryptocurrency – initially using SMS phishing, telling victims that they needed to reset their login details and providing a link to a convincing-looking site.
That attack saw some cough up their credentials, giving the gang access to corporate systems that they used to look for useful databases and personal information. Some of the info was used to find new phishing targets. And some of the harvested creds were used to access crypto wallets and steal their contents.
The DoJ's had a busy week, as it's also shut down the online criminal souk PopeyeTools and unsealed charges against three of its alleged administrators; Abdul Ghaffar, 25, of Pakistan; Abdul Sami, 35, of Pakistan; and Javed Mirza, 37, of Afghanistan. The site – which has been operating since 2016 under the banner "We Believe in Quality Not Quantity" – sold bank and credit card details, access to cracking software, and the personal information of at least 227,000 individuals. Police estimate it made around $1.
7 million in revenue. At least $283,000 worth of cryptocurrencies was found and seized during takedown operations. "Yesterday's operation and dismantling of PopeyeTools is a direct result of the FBI's dedication to weaken cyber crime," said special agent in charge Matthew Miraglia of the FBI Buffalo Field Office.
"This takedown is a significant example of the FBI's technical capabilities, as well as our strong relationships with our international partners to protect people from cyber criminals operating these types of online marketplaces." "We allege that this group of cyber criminals perpetrated a sophisticated scheme to steal intellectual property and proprietary information worth tens of millions of dollars and steal personal information belonging to hundreds of thousands of individuals," wrote US attorney Martin Estrada. "As this case shows, phishing and hacking has become increasingly sophisticated and can result in enormous losses.
If something about the text or email you received or website you're viewing seems off, it probably is." In one case the gang managed to get access to a victim's cryptocurrency wallet and stole 98.5 Bitcoin – worth about $9.
2 million at today's prices. The five are each charged with one count of conspiracy to commit wire fraud, one count of conspiracy, and one count of aggravated identity theft. Each charge carries a maximum prison sentence of 20 years.
Buchanan has picked up an extra charge of wire fraud that could mean an extra 20 years inside. "The defendants allegedly preyed on unsuspecting victims in this phishing scheme and used their personal information as a gateway to steal millions in their cryptocurrency accounts," declared Akil Davis, the assistant director in charge of the FBI's Los Angeles Field Office. "These types of fraudulent solicitations are ubiquitous and rob American victims of their hard-earned money with the click of a mouse.
I'm proud of our stellar cyber agents whose work led to the identification of the alleged schemers who are facing significant prison time if convicted." ®.
