US Accuses Five Youths In 'Scattered Spider' Hacking Case

JAKARTA US federal prosecutors this week uncovered criminal charges against five individuals suspected of being involved in the hacker group "Scattered Spider." They are accused of breaking into dozens of companies in the US to steal classified information and cryptocurrencies.

Martin Estrada, US Prosecutor in Los Angeles, stated that the defendants carried out phishing attacks by sending fake text messages that resemble official notifications to company employees. The message contains links requesting login information, allowing hackers to steal millions of dollars worth of company data and cryptocurrencies from individual accounts.

At least 12 companies from various sectors, including gaming, outsourcing, telecommunications, and cryptocurrencies, as well as hundreds of thousands of individuals, were victims. However, the names of companies that were victims were not disclosed by the authorities.

Scattered Spider is known as a hacker community consisting of small groups, including young individuals, who work together sporadically. The group became famous for its aggressive cybercrime action targeting large multinational companies and cryptocurrency investors.

The five defendants announced were:

They were charged with two counts of conspiracy and worsened identity theft. Buchanan also faces additional charges related to fraud. Their illegal activities took place between September 2021 and April 2023.

Buchanan was arrested last June at Palma de Mallorca Airport, Spain, while trying to board a plane to Naples. Currently, he is waiting for the extradition process to the US. Meanwhile, Evans was arrested in North Carolina, and Urban pleaded not guilty to 14 counts related to fraud in a separate case in Florida.

Nixon's head of research at the Unit 221B cybersecurity firm, confirmed that the era of cybercrime without consequences had ended. "Law enforcement is now more aggressive in dealing with this wave of cybercrimes," he said. Nixon also appealed to young people involved in cybercrime culture to immediately stop before becoming the next target.

The group previously drew great attention in September 2023 when it managed to hack the network of casino operators Caesars Entertainment and MGM Resorts International, with Caesars paying a ransom of US$15 million (Rp238.5 billion) to restore their network. However, it is not clear whether these five defendants were linked to the incident.

The US Department of Justice and other victim companies have not provided further comment on the case.