FBI To Charge Teenager Hackers From Scattered Spider Who Hacked Hundreds Of Organizations

JAKARTA - An aggressive cyber crime group named Scattered Spider, which is mostly based in the United States and Western countries, will be brought to justice by the FBI for hacking dozens of American organizations. This was said by a senior FBI official, recently.

These young hackers stole the show last year when they managed to hack the MGM Resorts International (MGM) and Caesars Entertainment casino operator systems, locking the company's systems and demanding large ransom payments. From health and telecommunications companies to financial services, they have also hacked multiple organizations over the past two years. This has put great pressure on law enforcement agencies to stop them.

"Based on the criminal act, we are trying to indict individuals where we can do so, in this case, especially around the Law on Theft and Computer Abuse," said Brett Leotherman, deputy director of the FBI's cyber assistant, quoted by VOI from Reuters.

"This Group is a rare alliance of hackers in Western countries with veteran cybercriminals from eastern Europe," Leotherman said on the sidelines of the RSA Conference in San Francisco on Wednesday 7 May.

"Often we don't see a mix of geographic hackers working together beyond boundaries such as hacktivism, for example," he said.

Security researchers have been tracking Scattered Spider since at least 2022 and say that the group is much more aggressive than other cyber crime groups - skilled especially at taking over the identity of IT helpdesk staff to penetrate the company's network. Caesars paid about 15 million US dollars (IDR 240 billion) to free his systems from hackers.

In conversations with its victims, the group sometimes threatens with physical violence, which worries some researchers.

There appeared to be a decline in the group's activity in January, but they are currently "very active," said Charles Carmakal, chief technology officer at Mandiant, Google's security division, who has worked with several victims.

The group has targeted more than 100 organizations in the last two years, gained access to all its targets, and managed to carry out regular phishing, Carmakal said.

Given the intensity of their attacks, some experts have criticized the lack of arrests, especially as they are based in Western countries. Leotherman said private security companies were helping the FBI gather evidence.

"This group is very important for us to continue to pursue opportunities for disruption," he said. "We have a certain burden of evidence that we have to fulfill to carry out law enforcement operations. And we are heading in that direction as soon as possible."

One arrest is known. In January, the FBI charged 19-year-old Noah Urban of Florida for wire fraud, which Leotherman said was part of Scattered Spider.

Leotherman said that there might be further arrests. Some members of this group are still teenagers, but the FBI can use state and local laws to bring them to justice. "It's historically very, very effective," he said.