Feed aggregator
Best Solar Companies of November 2024
FCC's 'Broadband Nutrition Labels' Are Now Mandatory for All Internet Providers
Best Internet Providers in Roanoke, Virginia
Feds Charge Five Men in ‘Scattered Spider’ Roundup
Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp, Okta, T-Mobile and Twilio.
The five men, aged 20 to 25, are allegedly members of a hacking conspiracy dubbed “Scattered Spider” and “Oktapus,” which specialized in SMS-based phishing attacks that tricked employees at tech firms into entering their credentials and one-time passcodes at phishing websites.
The targeted SMS scams asked employees to click a link and log in at a website that mimicked their employer’s Okta authentication page. Some SMS phishing messages told employees their VPN credentials were expiring and needed to be changed; other phishing messages advised employees about changes to their upcoming work schedule.
These attacks leveraged newly-registered domains that often included the name of the targeted company, such as twilio-help[.]com and ouryahoo-okta[.]com. The phishing websites were normally kept online for just one or two hours at a time, meaning they were often yanked offline before they could be flagged by anti-phishing and security services.
The phishing kits used for these campaigns featured a hidden Telegram instant message bot that forwarded any submitted credentials in real-time. The bot allowed the attackers to use the phished username, password and one-time code to log in as that employee at the real employer website.
In August 2022, multiple security firms gained access to the server that was receiving data from that Telegram bot, which on several occasions leaked the Telegram ID and handle of its developer, who used the nickname “Joeleoli.”
That Joeleoli moniker registered on the cybercrime forum OGusers in 2018 with the email address joelebruh@gmail.com, which also was used to register accounts at several websites for a Joel Evans from North Carolina. Indeed, prosecutors say Joeleoli’s real name is Joel Martin Evans, and he is a 25-year-old from Jacksonville, North Carolina.
One of Scattered Spider’s first big victims in its 2022 SMS phishing spree was Twilio, a company that provides services for making and receiving text messages and phone calls. The group then used their access to Twilio to attack at least 163 of its customers. According to prosecutors, the group mainly sought to steal cryptocurrency from victim companies and their employees.
“The defendants allegedly preyed on unsuspecting victims in this phishing scheme and used their personal information as a gateway to steal millions in their cryptocurrency accounts,” said Akil Davis, the assistant director in charge of the FBI’s Los Angeles field office.
Many of the hacking group’s phishing domains were registered through the registrar NameCheap, and FBI investigators said records obtained from NameCheap showed the person who managed those phishing websites did so from an Internet address in Scotland. The feds then obtained records from Virgin Media, which showed the address was leased for several months to Tyler Buchanan, a 22-year-old from Dundee, Scotland.
As first reported here in June, Buchanan was arrested in Spain as he tried to board a flight bound for Italy. The Spanish police told local media that Buchanan, who allegedly went by the alias “Tylerb,” at one time possessed Bitcoins worth $27 million.
The government says much of Tylerb’s cryptocurrency wealth was the result of successful SIM-swapping attacks, wherein crooks transfer the target’s phone number to a device they control and intercept any text messages or phone calls sent to the victim — including one-time passcodes for authentication, or password reset links sent via SMS.
According to several SIM-swapping channels on Telegram where Tylerb was known to frequent, rival SIM-swappers hired thugs to invade his home in February 2023. Those accounts state that the intruders assaulted Tylerb’s mother in the home invasion, and that they threatened to burn him with a blowtorch if he didn’t give up the keys to his cryptocurrency wallets. Tylerb was reputed to have fled the United Kingdom after that assault.
Prosecutors allege Tylerb worked closely on SIM-swapping attacks with Noah Michael Urban, another alleged Scattered Spider member from Palm Coast, Fla. who went by the handles “Sosa,” “Elijah,” and “Kingbob.”
Sosa was known to be a top member of the broader cybercriminal community online known as “The Com,” wherein hackers boast loudly about high-profile exploits and hacks that almost invariably begin with social engineering — tricking people over the phone, email or SMS into giving away credentials that allow remote access to corporate networks.
In January 2024, KrebsOnSecurity broke the news that Urban had been arrested in Florida in connection with multiple SIM-swapping attacks. That story noted that Sosa’s alter ego Kingbob routinely targeted people in the recording industry to steal and share “grails,” a slang term used to describe unreleased music recordings from popular artists.
FBI investigators identified a fourth alleged member of the conspiracy – Ahmed Hossam Eldin Elbadawy, 23, of College Station, Texas — after he used a portion of cryptocurrency funds stolen from a victim company to pay for an account used to register phishing domains.
The indictment unsealed Wednesday alleges Elbadawy controlled a number of cryptocurrency accounts used to receive stolen funds, along with another Texas man — Evans Onyeaka Osiebo, 20, of Dallas.
Members of Scattered Spider are reputed to have been involved in a September 2023 ransomware attack against the MGM Resorts hotel chain that quickly brought multiple MGM casinos to a standstill. In September 2024, KrebsOnSecurity reported that a 17-year-old from the United Kingdom was arrested last year by U.K. police as part of an FBI investigation into the MGM hack.
Evans, Elbadawy, Osiebo and Urban were all charged with one count of conspiracy to commit wire fraud, one count of conspiracy, and one count of aggravated identity theft. Buchanan, who is named as an indicted co-conspirator, was charged with conspiracy to commit wire fraud, conspiracy, wire fraud, and aggravated identity theft.
A Justice Department press release states that if convicted, each defendant would face a statutory maximum sentence of 20 years in federal prison for conspiracy to commit wire fraud, up to five years in federal prison for the conspiracy count, and a mandatory two-year consecutive prison sentence for aggravated identity theft. Buchanan would face up to 20 years in prison for the wire fraud count as well.
Further reading:
Google Has Canceled the Pixel Tablet 2
US Agency Votes To Launch Review, Update Undersea Telecommunications Cable Rules
Best Internet Providers in San Bernardino, California
Sex-dependent effects of early life overstimulation on behavioral function
Article URL: https://www.nature.com/articles/s41598-024-78928-9
Comments URL: https://news.ycombinator.com/item?id=42207983
Points: 1
# Comments: 0
Task mAIstro: AI-powered task management agent
Article URL: https://github.com/langchain-ai/task_mAIstro
Comments URL: https://news.ycombinator.com/item?id=42207980
Points: 1
# Comments: 0
The future of Dgraph is open, serverless, and AI-ready
Article URL: https://hypermode.com/blog/the-future-of-dgraph-is-open-serverless-and-ai-ready
Comments URL: https://news.ycombinator.com/item?id=42207968
Points: 1
# Comments: 0
The Executive-Coder Experiment: Returning to Code with GenAI After 7 Years
Article URL: https://www.ivankusalic.com/executive-coder-experiment/
Comments URL: https://news.ycombinator.com/item?id=42207961
Points: 1
# Comments: 0
Why Europe Is Unprepared to Defend Itself
Article URL: https://www.bloomberg.com/graphics/2024-nato-armed-forces/
Comments URL: https://news.ycombinator.com/item?id=42207956
Points: 1
# Comments: 0
Use Mint Mobile's Black Friday Coupon Code for a Free Month of a 5GB Plan
Autism prevalence increasing in children, adults
The Challenges of Building a Sigstore Implementation from Scratch [video]
Article URL: https://www.youtube.com/watch?v=h-UXqnzZAMQ
Comments URL: https://news.ycombinator.com/item?id=42207924
Points: 2
# Comments: 0
Linux connection tracking and (Slow) DNS
Article URL: https://kb.isc.org/docs/aa-01183
Comments URL: https://news.ycombinator.com/item?id=42207893
Points: 2
# Comments: 0
The Most Important Economic Concept No One Understands [video]
Article URL: https://www.youtube.com/watch?v=ot6hSJtijSY
Comments URL: https://news.ycombinator.com/item?id=42207886
Points: 1
# Comments: 0
North Korean IT worker scam linked to Chinese front companies
Article URL: https://www.scworld.com/news/north-korean-it-worker-scam-linked-to-chinese-front-companies
Comments URL: https://news.ycombinator.com/item?id=42207861
Points: 2
# Comments: 0
Stay Powered Up With This Anker Power Bank, Now at a New Low Price
Show HN: Made stupid simple private Markdown viewer
Article URL: https://onlinemarkdownviewer.com
Comments URL: https://news.ycombinator.com/item?id=42207846
Points: 1
# Comments: 2