FBI Working Towards Nabbing Scattered Spider Hackers, Official Says

The U.S. FBI is working towards charging hackers from the aggressive Scattered Spider criminal gang who are largely based in the U.S. and western countries and have breached dozens of American organisations, a senior official said. From a report: The young hackers grabbed headlines last year when they broke into the systems of casino-operators MGM Resorts International and Caesars Entertainment locking up the companies' systems and demanding hefty ransom payments. From health and telecom companies to financial services, they have hacked a range of organisations over two years, piling pressure on law enforcement agencies to thwart them.

"We are working towards charging individuals where we can with criminal conduct, in this case, largely around the Computer Fraud and Abuse Act," Brett Leatherman, the FBI's cyber deputy assistant director, told Reuters in an interview. The group was a rare alliance of hackers in Western countries with veteran cybercriminals from eastern Europe, he said on the sidelines of the RSA Conference in San Francisco Wednesday. "Often we don't see that mingling of geographical hackers working together outside the confines of like hacktivism, for example," he said. Security researchers have tracked Scattered Spider since at least 2022 and say the group is far more aggressive than other cybercrime gangs - skilled especially at hijacking the identities of IT helpdesk staff to penetrate into company networks. Caesars paid around $15 million to free its systems from the hackers.

Payments

[JBMcB]

Caesars paid around $15 million to free its systems from the hackers.

It's illegal to pay these ransom demands. I wonder how Caesar's got a pass.

Re:

[HBI]

That's not even true. It's generally legal to pay a ransom. It's just ill-advised in most cases.

Legality

[JBMcB]

You're right, it's not specifically written in to law as being illegal, though the treasury will possibly sue you if you do so.

https://www.darkreading.com/cy... [darkreading.com]

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[HBI]

I suspect most prosecutions would be avoided and be stillborn anyway even if they hit a court. Convincing a judge you had no idea where the bitcoin was going would be pretty simple, and it probably would never get close to a jury who would be very unwilling to convict.

Re:

[account_deleted]

Comment removed based on user account deletion

I'm sure they'll charge people

[HBI]

I'm even sure they'll get convictions. I'm not very sanguine about actually doing anything about the activity. Lots of 19 year old ne'er-do-wells in basements, who working under the guidance of experienced people from places that don't extradite are going to continue to do a lucrative business hamstringing parts of the economy.

I have an idea how to fix the problem but it's a Chinese-style solution. We'll be getting there eventually. It's just that I can see the destination now, probably 20 years in adva

Re:

[Local ID10T]

True.

These people are just useful idiots: assets recruited and given direction and a set of tools by foreign intelligence agents. They think they are cool and special but they are just brainwashed terrorists using code instead of bombs.

Scattered Spider ?

[Black Parrot]

Sounds like an Ubuntu release.

FBI's very poor OPSEC

[ve3oat]

I am sure that the Scattered Spiders all read Slashdot. Now, having been informed that the FBI is closing in on at least some of them, they will all scatter even more.

Re:

[HBI]

Anyone with any talent is already insulated against US LE activity. They have simps to sacrifice to the gods of inevitable consequences.