But it quickly became apparent that “0ktapus” was no monolithic group.Authorities and security researchers discovered that the group was involved in nearly every type of hacking activity, mastering a wide range of scamming techniques.They appeared more as an aggregation of specialized subgroups, sometimes overlapping, with strong ties to other criminal organizations, particularly ransomware gangs. The widespread scope of their activities and their diverse membership led cybersecurity firm CrowdStrike to rebrand them with a fitting name in early 2023: “Scattered Spider.”Their most high-profile criminal acts were the September 2023 attacks on Caesars Entertainment and MGM casinos. The MGM breach, which cost the company over $100 million, led to days of disruption after Scattered Spider, in collaboration with the Russian ransomware group ALPHV, extorted MGM in exchange for their files.In their November 2023 cybersecurity advisory, the U.S. Cybersecurity and Infrastructure Security Agency categorized Scattered Spider as “a cybercriminal group that targets large companies and their contracted IT help desks,” which “typically engages in data theft for extortion.”The modus operandi used is similar to the one in the crypto cases and 0ktapus.“In most instances, Scattered Spider threat actors conduct SIM swapping attacks against users that respond to the phishing/smishing attempt.The threat actors then work to identify the personally identifiable information (PII) of the most valuable users that succumbed to the phishing/smishing, obtaining answers for those users’ security questions.After identifying usernames, passwords, PII, and conducting SIM swaps, the threat actors then use social engineering techniques to convince IT help desk personnel to reset passwords and/or MFA tokens to perform account takeovers against the users in single sign-on (SSO) environments.” — Source: CISAIn addition to their unconventional typology, Scattered Spider stands out for the unusually young age of its members, and this is no coincidence.In a September 2023 interview with TechCrunch, Allison Nixon, Chief Research Officer at Unit 221B, revealed that Scattered Spider deliberately recruits minors, also known as “advanced persistent teenagers,” due to “the lenient legal environment these minors operate in and the fact that nothing will happen to them if the police catch a kid.”Minor or not, it appears that U.S. authorities have finally caught up with them after a long and arduous chase.In January 2024, 19-year-old U.S.-based Noah Michael Urban was charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency.Noah Michael Urban — Source: KrebonsecurityOne week after the five were indicted, 19-year-old Remington Ogletree from California was arrested and charged with criminal activities related to Scattered Spider, activities that netted him over $4 million. Notably, he used a money laundering service that was part of an undercover FBI operation to launder more than $125,000.On November 6th, Dean Skurka, CEO of the Toronto-based crypto firm WonderFi Technologies, endured a terrifying ordeal when he was kidnapped.WonderFi CEO Dean Skurka. Source: LinkedInForced into a car in downton Toronto during rushhour by multiple individuals, Skurka was told to pay up $1 million for his releaseLeft with little choice, he wired electronically and was later released in Centennial Park in Etobicoke, thankfully uninjured.WonderFi CEO Dean Skurka reportedly said in an email that he is “safe” now and that no company funds and data were impacted.After CBC broke the news, Skurka confirmed the kidnapping, assuring the public that he was safe and that no company funds or data had been stolen.For anyone who has been following crypto news in 2024, this latest kidnapping comes as no surprise. Since the second half of the year, it seems that crimes against individuals related to crypto have been breaking news nearly every week.In fact, it’s the 16th reported case of physical attacks against crypto holders, executives, or influencers in 2024.One of the most tragic cases occurred on July 28th, when a 29-year-old Moroccan Bitcoiner was kidnapped from his apartment, forced to transfer 3 BTC, and then strangled to death before being buried in a forest.A closer look at a GitHub repository that attempts to record “known attacks against Bitcoin/crypto asset-owning entities” that are publicly reported quickly reveals that the occurrence of these crimes is intrinsically linked to the state of the crypto market.If the market is up, physical attacks are up.A trend confirmed by the GitHub creator, Jameson Lopp, co-founder and Chief Security Officer of Casa, a self-custody solution, in an interview with the CBC.Based on his data, the Skurka case is the 171st instance of physical attacks in crypto theft he has recorded since December 2014.According to him:“The rates of these kinds of incidents tend to correlate with the exchange rate of bitcoin. […]As the price goes up, more awareness of the space permeates throughout society, and as a result, more criminally minded people decide they want to try to figure out what the ROI of executing a physical attack against a known crypto holder is.”For Lopp, violent attacks in crypto theft are also motivated by how convenient they can be for criminals compared to robbing a bank or an armored truck.When you think about it, “crypto kidnapping” can be considered, from a criminal perspective, as one of the most efficient forms of extortion. In this method, criminals can demand extremely large sums of money in the form of cryptocurrency, which can be transferred in a matter of minutes with just a few clicks. This makes the process faster, more discreet, and less physically demanding than traditional kidnapping.In contrast, traditional kidnappings often involve more logistical challenges. Victims are unlikely to have millions of dollars lying around their homes, meaning family members must be mobilized to acquire the ransom from banks or other sources, adding complexity to the process. Moreover, the physical delivery of money in a traditional kidnapping creates more opportunities for law enforcement to track the ransom exchange, increasing the risk for the perpetrators.On the other hand, with crypto kidnapping, the use of digital currencies allows criminals to bypass these obstacles.With Bitcoin making headlines worldwide after breaking $100,000 in value, it’s highly likely that large crypto holders will face an increased threat of such crimes.One of its latest absurd victims isn’t even human. A crypto ATM was stolen after a truck-ramming raid at a shopping center in Melbourne. Apparently, the digital nature of Bitcoin has eluded the thieves.Source: The Bitcoin Express
