Latest news with #JoeTidy
The Herald Scotland
4 days ago
- Business
- The Herald Scotland
Why are they making celebrities out of cyber criminals?
The past few weeks have painted a bleak picture of Britain's digital defences. Empty shelves at M&S, supply chain disruptions at Co-op, and systems offline at Harrods. It's like a dystopian episode of The Great British Bake Off, except instead of soggy bottoms, we're dealing with compromised servers. Enter Scattered Spider, a loose collective of predominantly English-speaking hackers, many reportedly teenagers, who may have brought Britain's biggest retailers to their knees. The National Crime Agency has confirmed it's investigating this group's potential involvement, marking the first time authorities have publicly named them as suspects. Here's where things get awkward. CrowdStrike, the cybersecurity giant, has been producing impressive figurines of various hacking groups, complete with dramatic packaging and "Know them, find them, stop them" taglines. But as BBC Technology Correspondent Joe Tidy astutely points out, are we inadvertently glamorising these groups? There's something deeply uncomfortable about turning cybercriminals into collectible merchandise. It's like creating action figures of bank robbers - technically educational, but potentially sending mixed messages. The irony isn't lost on anyone. We're making celebrities out of criminals while simultaneously trying to catch them. While figurines make conversation starters, the real excitement lies in the cutting-edge technologies being developed to combat these threats. Take Heriot-Watt University's ground breaking Integrated Quantum Networks (IQN) Hub. Professor Gerald Buller's team is developing quantum encryption that's near unbreakable, using quantum mechanics to create security keys that change every time someone tries to crack them. Cybercrime costs UK businesses £27bn annually. What's particularly fascinating about groups like Scattered Spider is their demographic, often teenagers communicating through Discord and Telegram, who possibly live in suburbs near the retailers they're targeting. Joe Tidy's direct communication with the hackers reveals criminals who are articulate, strategic, and frustratingly ordinary. They're not cartoon villains, they're people who've chosen criminal applications for their technical skills. As the UK aims to become a quantum-enabled economy by 2035, quantum technologies will form the backbone of next-generation cybersecurity infrastructure. Unlike current encryption relying on mathematical complexity, quantum security uses physics itself as protection, theoretically impossible to breach without detection. The combination of traditional investigative work and breakthrough technologies like quantum encryption offers our best hope for creating a digital environment where groups like Scattered Spider become museum pieces. Perhaps we should focus less on action figures and more on the real-world heroes developing technologies that make criminal enterprises obsolete. After all, the best way to deal with villains isn't immortalising them in plastic, it's building a world where their methods don't work. I'll be first in line for my figurine of Professor Gerald Buller. Annie Diamond is the deputy managing director of specialist technology, science and energy PR agency Hot Tin Roof Agenda is a column for outside contributors. Contact: agenda@
BBC News
23-05-2025
- BBC News
Cyber criminals contact BBC to claim hack on Co-op, M&S
Cyber criminals reached out to the BBC's Joe Tidy on Telegram, expressing frustration that their ransom demands weren't being met. Through their hack, they have accessed 70,000 staff members' and potentially millions of customers' information.
Business Mayor
21-05-2025
- Business
- Business Mayor
Police investigation into UK retail hacks focuses on English-speaking youths
Joe Tidy Cyber correspondent, BBC World Service Getty Images Detectives investigating cyber attacks on UK retailers are focussing on a notorious cluster of cyber criminals known to be young English-speakers, some of them teenagers, police have revealed. For weeks speculation has mounted that disruptive attacks on M&S, Co-op, Harrods and some US retailers could be the work of a hacking community called Scattered Spider. Speaking about the hacks for the first time, the National Crime Agency (NCA) has told BBC News the group is a key part of its ongoing investigation to find the culprits. 'We are looking at the group that is publicly known as Scattered Spider, but we've got a range of different hypotheses and we'll follow the evidence to get to the offenders,' Paul Foster, head of the NCA's national cyber crime unit, said in a new BBC documentary. 'In light of all the damage that we're seeing, catching whoever is behind these attacks is our top priority,' he added. The wave of attacks, which began at Easter, have resulted in empty shelves in stores, the suspension of online ordering, and millions of people's private data being stolen. The attacks have been carried out using DragonForce, a platform that gives criminals the tools to carry out ransomware attacks. However, the hackers pulling the strings have still not been identified and no arrests have been made. Paul Foster, who leads the NCA's National Cyber Security Centre Some cyber experts say the hackers display the traits of Scattered Spider, a loose community of often young individuals who organise across sites like Discord, Telegram and in forums, most likely located in the UK and US. Read More Nexus Venture Partners promotes principal Anand Datta to partner Although the NCA says it is exploring all parts of the cyber crime ecosystem, it too is looking in the same direction. 'We know that Scattered Spider are largely English-speaking but that doesn't necessarily mean that they're in the UK – we know that they communicate online amongst themselves in a range of different platforms and channels, which is, I guess, key to their ability to then be able to operate as a collective,' Mr Foster said. M&S has been hit with ransomware, which has scrambled the company's servers rendering computer systems useless. The high street giant is still struggling to keep shelves stocked and has halted online shopping for weeks. Hackers have also stolen customer and employee data from the company. At Co-op, staff took systems offline to prevent a ransomware infection but a huge amount of customer and staff data was stolen and is being held to ransom. Operations at the firm's supermarkets, insurance offices and funeral services have been badly affected. It is not known what is happening at Harrods but the company admitted it had to pull computer systems offline because of an attempted cyber attack. When the hackers behind the M&S and Co-op attacks anonymously contacted the BBC last week, they declined to say whether or not they were Scattered Spider. 'Tools readily available' Cyber security researchers at CrowdStrike formed the name 'Scattered Spider' because of the group's sporadic nature, but other cyber companies have given the cluster nicknames including Octo Tempest and Muddled Libra. The group was also linked to high-profile attacks including on two US casinos in 2023 and Transport for London last year. In November, the US charged five British and American men and boys in their twenties and teens for alleged Scattered Spider activity. One is 23-year-old Scottish man Tyler Buchanan, who has not made a plea, and the rest are US based. NCA investigators will not say how the hackers have managed to breach victim organisations but earlier this month, the National Cyber Security Centre issued guidance to organisations urging them to review their IT help desk password reset processes. 'Calling up IT help desks is a tactic that Scattered Spider seems to favour and they use social engineering techniques to manipulate someone into doing something like clicking on a link or resetting someone's account to a password they can use,' Lisa Forte from cyber security firm Red Goat said. In the BBC documentary, a former teen hacker who was arrested nine years ago and now works in cyber security, said he was not surprised that teenagers could be behind the hacks. 'It wouldn't surprise me – quite [the] opposite. The tools are readily available and it's very easy to jump online and search straight away. You can feel a bit untouchable but for what end? You're gonna be arrested 99% of the time,' he said. READ SOURCE
Yahoo
18-05-2025
- Business
- Yahoo
A letter from the M&S hackers landed in my inbox - this is what happened next
Almost daily, my phone pings with messages from hackers of all stripes. The good, the bad, the not-so-sure. I've been reporting on cyber security for more than a decade, so I know that many of them like to talk about their hacks, findings and escapades. About 99% of these conversations stay firmly locked in my chat logs and don't lead to news stories. But a recent ping was impossible to ignore. "Hey. This is Joe Tidy from the BBC reporting on this Co-op news, correct?" the hackers messaged me on Telegram. "We have some news for you," they teased. When I cautiously asked what this was, the people behind the Telegram account - which had no name or profile picture - gave me the inside track on what they claimed to have done to M&S and the Co-op, in cyber attacks that caused mass disruption. Through messages back-and-forth over the next five hours, it became clear to me that these apparent hackers were fluent English speakers and although they claimed be messengers, it was obvious they were closely linked to - if not intimately involved in - the M&S and Co-op hacks. They shared evidence proving that they had stolen a huge amount of private customer and employee information. I checked out a sample of the data they had given me - and then securely deleted it. They were clearly frustrated that Co-op wasn't giving in to their ransom demands but wouldn't say how much money in Bitcoin they were demanding of the retailer in exchange for the promise that they wouldn't sell or give away the stolen data. After a conversation with the BBC's Editorial Policy team, we decided that it was in the public interest to report that they had provided us with evidence proving that they were responsible for the hack. I quickly contacted the press team at the Co-op for comment, and within minutes the firm, who had initially downplayed the hack, admitted to employees, customers and the stock market about the significant data breach. Much later, the hackers sent me a long angry and offensive letter about Co-op's response to their hack and subsequent extortion, which revealed that the retailer narrowly dodged a more severe hack by intervening in the chaotic minutes after its computer systems were infiltrated. The letter and conversation with the hackers confirmed what experts in the cyber security world had been saying since this wave of attacks on retailers began – the hackers were from a cyber crime service called DragonForce. Who are DragonForce, you might be asking? Based on our conversations with the hackers and wider knowledge, we have some clues. DragonForce offers cyber criminal affiliates various services on their darknet site in exchange for a 20% cut of any ransoms collected. Anyone can sign up and use their malicious software to scramble a victim's data or use their darknet website for their public extortion. This has become the norm in organised cyber crime; it's known as ransomware-as-a-service. The most infamous of recent times has been a service called LockBit, but this is all but defunct now partly because it was cracked by the police last year. Following the dismantling of such groups, a power vacuum has emerged. Cue a tussle for dominance in this underground world, leading to some rival groups innovating their offerings. DragonForce recently rebranded itself as a cartel offering even more options to hackers including 24/7 customer support, for example. The group had been advertising its wider offering since at least early 2024 and has been actively targeting organisations since 2023, according to cyber experts like Hannah Baumgaertner, Head of Research at Silobeaker, a cyber risk protection company. "DragonForce's latest model includes features such as administration and client panels, encryption and ransomware negotiation tools, and more," Ms Baumgaertner said. As a stark illustration of the power-struggle, DragonForce's darknet website was recently hacked and defaced by a rival gang called RansomHub, before re-emerging about a week ago. "Behind the scenes of the ransomware ecosystem there seems to be some jostling - that might be for prime 'leader' position or just to disrupt other groups in order to take more of the victim share," said Aiden Sinnott, senior threat researcher from the cyber security company Secureworks. DragonForce's prolific modus operandi is to post about its victims, as it has done 168 times since December 2024 - a London accountancy firm, an Illinois steel maker, an Egyptian investment firm are all included. Yet so far, DragonForce has remained silent about the retail attacks. Normally radio silence about attacks indicates that a victim organisation has paid the hackers to keep quiet. As neither DragonForce, Co-op nor M&S have commented on this point, we don't know what might be happening behind the scenes. Establishing who the people are behind DragonForce is tricky, and it's not known where they are located. When I asked their Telegram account about this, I didn't get an answer. Although the hackers didn't tell me explicitly that they were behind the recent hacks on M&S and Harrods, they confirmed a report in Bloomberg that spelt it out. Of course, they are criminals and could be lying. Some researchers say DragonForce are based in Malaysia, while others say Russia, where many of these groups are thought to be located. We do know that DragonForce has no specific targets or agenda other than making money. And if DragonForce is just the service for other criminals to use – who is pulling the strings and choosing to attack UK retailers? In the early stages of the M&S hack, unknown sources told cyber news site Bleeping Computer that evidence is pointing to a loose collective of cyber criminals known as Scattered Spider - but this has yet to be confirmed by the police. Scattered Spider is not really a group in the normal sense of the word. It's more of a community which organises across sites like Discord, Telegram and forums – hence the description "scattered" which was given to them by cyber security researchers at CrowdStrike. They are known to be English-speaking and probably in the UK and the US and young – in some cases teenagers. We know this from researchers and previous arrests. In November the US charged five men and boys in their twenties and teens for alleged Scattered Spider activity. One of them is 22-year-old Scottish man Tyler Buchanan, who has not made a plea, and the rest are US based. Crackdowns by police seem to have had little effect on the hackers' determination, though. On Thursday, Google's cyber security division issued warnings that it was starting to see Scattered Spider-like attacks on US retailers now too. As for the hackers I spoke to on Telegram, they declined to answer whether or not they were Scattered Spider. "We won't answer that question" is all they said. Perhaps in a nod to the immaturity and attention-seeking nature of the hackers, two of them said they wanted to be known as "Raymond Reddington" and "Dembe Zuma" after characters from US crime thriller The Blacklist which involves a wanted criminal helping police take down other criminals on a blacklist. In a message to me, they boasted: "We're putting UK retailers on the Blacklist." M&S says customer data stolen in cyber attack Beware phony IT calls after Co-op and M&S hacks, says UK cyber centre Why is the M&S cyber attack chaos taking so long to resolve? Sign up for our Tech Decoded newsletter to follow the world's top tech stories and trends. Outside the UK? Sign up here.
BBC News
18-05-2025
- Business
- BBC News
M&S and Co-Op: BBC reporter on talking to the hackers
Almost daily, my phone pings with messages from hackers of all stripes. The good, the bad, the not-so-sure.I've been reporting on cyber security for more than a decade, so I know that many of them like to talk about their hacks, findings and 99% of these conversations stay firmly locked in my chat logs and don't lead to news stories. But a recent ping was impossible to ignore."Hey. This is Joe Tidy from the BBC reporting on this Co-op news, correct?" the hackers messaged me on Telegram."We have some news for you," they teased. When I cautiously asked what this was, the people behind the Telegram account - which had no name or profile picture - gave me the inside track on what they claimed to have done to M&S and the Co-op, in cyber attacks that caused mass messages back-and-forth over the next five hours, it became clear to me that these apparent hackers were fluent English speakers and although they claimed be messengers, it was obvious they were closely linked to - if not intimately involved in - the M&S and Co-op shared evidence proving that they had stolen a huge amount of private customer and employee information. I checked out a sample of the data they had given me - and then securely deleted it. Messages that confirmed suspicions They were clearly frustrated that Co-op wasn't giving in to their ransom demands but wouldn't say how much money in Bitcoin they were demanding of the retailer in exchange for the promise that they wouldn't sell or give away the stolen a conversation with the BBC's Editorial Policy team, we decided that it was in the public interest to report that they had provided us with evidence proving that they were responsible for the hack. I quickly contacted the press team at the Co-op for comment, and within minutes the firm, who had initially downplayed the hack, admitted to employees, customers and the stock market about the significant data breach. Much later, the hackers sent me a long angry and offensive letter about Co-op's response to their hack and subsequent extortion, which revealed that the retailer narrowly dodged a more severe hack by intervening in the chaotic minutes after its computer systems were infiltrated. The letter and conversation with the hackers confirmed what experts in the cyber security world had been saying since this wave of attacks on retailers began – the hackers were from a cyber crime service called DragonForce. Who are DragonForce, you might be asking? Based on our conversations with the hackers and wider knowledge, we have some offers cyber criminal affiliates various services on their darknet site in exchange for a 20% cut of any ransoms collected. Anyone can sign up and use their malicious software to scramble a victim's data or use their darknet website for their public has become the norm in organised cyber crime; it's known as most infamous of recent times has been a service called LockBit, but this is all but defunct now partly because it was cracked by the police last the dismantling of such groups, a power vacuum has emerged. Cue a tussle for dominance in this underground world, leading to some rival groups innovating their offerings. Power struggle ensues DragonForce recently rebranded itself as a cartel offering even more options to hackers including 24/7 customer support, for group had been advertising its wider offering since at least early 2024 and has been actively targeting organisations since 2023, according to cyber experts like Hannah Baumgaertner, Head of Research at Silobeaker, a cyber risk protection company. "DragonForce's latest model includes features such as administration and client panels, encryption and ransomware negotiation tools, and more," Ms Baumgaertner a stark illustration of the power-struggle, DragonForce's darknet website was recently hacked and defaced by a rival gang called RansomHub, before re-emerging about a week ago."Behind the scenes of the ransomware ecosystem there seems to be some jostling - that might be for prime 'leader' position or just to disrupt other groups in order to take more of the victim share," said Aiden Sinnott, senior threat researcher from the cyber security company Secureworks. Who is pulling the strings? DragonForce's prolific modus operandi is to post about its victims, as it has done 168 times since December 2024 - a London accountancy firm, an Illinois steel maker, an Egyptian investment firm are all included. Yet so far, DragonForce has remained silent about the retail radio silence about attacks indicates that a victim organisation has paid the hackers to keep quiet. As neither DragonForce, Co-op nor M&S have commented on this point, we don't know what might be happening behind the who the people are behind DragonForce is tricky, and it's not known where they are located. When I asked their Telegram account about this, I didn't get an answer. Although the hackers didn't tell me explicitly that they were behind the recent hacks on M&S and Harrods, they confirmed a report in Bloomberg that spelt it course, they are criminals and could be researchers say DragonForce are based in Malaysia, while others say Russia, where many of these groups are thought to be located. We do know that DragonForce has no specific targets or agenda other than making if DragonForce is just the service for other criminals to use – who is pulling the strings and choosing to attack UK retailers?In the early stages of the M&S hack, unknown sources told cyber news site Bleeping Computer that evidence is pointing to a loose collective of cyber criminals known as Scattered Spider - but this has yet to be confirmed by the Spider is not really a group in the normal sense of the word. It's more of a community which organises across sites like Discord, Telegram and forums – hence the description "scattered" which was given to them by cyber security researchers at are known to be English-speaking and probably in the UK and the US and young – in some cases teenagers. We know this from researchers and previous arrests. In November the US charged five men and boys in their twenties and teens for alleged Scattered Spider activity. One of them is 22-year-old Scottish man Tyler Buchanan, who has not made a plea, and the rest are US by police seem to have had little effect on the hackers' determination, though. On Thursday, Google's cyber security division issued warnings that it was starting to see Scattered Spider-like attacks on US retailers now for the hackers I spoke to on Telegram, they declined to answer whether or not they were Scattered Spider. "We won't answer that question" is all they in a nod to the immaturity and attention-seeking nature of the hackers, two of them said they wanted to be known as "Raymond Reddington" and "Dembe Zuma" after characters from US crime thriller The Blacklist which involves a wanted criminal helping police take down other criminals on a a message to me, they boasted: "We're putting UK retailers on the Blacklist." Sign up for our Tech Decoded newsletter to follow the world's top tech stories and trends. Outside the UK? Sign up here.
