Latest news with #TylerRobertBuchanan
Daily Mail
30-04-2025
- Daily Mail
The British teen 'Scattered Spider' hackers 'behind M&S cyber attack' as experts tell customers to change passwords and issue warning over 'ransomware' threat to UK retailers
British teenagers have been linked to the notorious Scattered Spider hacking group suspected of being responsible for the cyber attack that continues to cripple Marks & Spencer. The gang of cyber criminals is believed to be largely made up of English-speaking teenagers and young men, predominantly from the UK and US. Online security experts fear the hackers could strike again and have warned Brits to change their passwords to avoid falling victim to future 'ransomware' attacks. The shadowy collective is thought to have an army of 1,000 hackers worldwide and has been linked with major heists that have seen firms blackmailed for millions. Previous arrests have seen alleged members of the criminal outfit from the UK being detained by cops. Among them is Tyler Robert Buchanan. The 23-year-old is alleged to be Scattered Spider's leader. He was arrested at a Spanish airport in June last year. Scotsman Buchanan is alleged to have been behind the 2023 hack of Las Vegas casino operators Caesar's Entertainment and MGM Resorts International. US prosecutors also claim he was part of a sophisticated £9million cryptocurrency fraud, which saw victims being sent phishing text messages warning their accounts would be closed. The link directed them to a legitimate-looking website which they then entered their personal details in. It's alleged the hacking gang then seized these details and used them to pilfer £9million worth of virtual currency. Buchanan, of Dundee, was arrested in Spain earlier this year while on his way to Italy and is in custody awaiting extradition to the US to face charges of conspiracy to commit wire fraud, conspiracy, wire fraud, and aggravated identity theft. Earlier this month he was charged alongside four American men, all of whom are below the age of 25. Should he be convicted in the US, he could face 47 years in jail. Last year, a 17-year-old boy from Walsall was also arrested in connection with the same Las Vegas cyber attack. He was detained by police last July on suspicion of Blackmail and Computer Misuse Act offences before being bailed pending further enquiries. The boy is still under investigation, the National Crime Agency (NCA) confirmed to MailOnline today. Officers from the Regional Organised Crime Unit for the West Midlands (ROCUWM) joined officers from the NCA, in coordination with the United States Federal Bureau of Investigation (FBI) to carry out the strike. Speaking at the time, Detective Inspector Hinesh Mehta, cyber crime unit manager, at ROCUWM, said: 'These cyber groups have targeted well known organisations with ramsomware and they have successfully targeted multiple victims around the world taking from them significant amounts of money. 'We want to send out a clear message that we will find you. It's simply not worth it.' Bryan Vorndran, assistant director of FBI's cyber division, said: 'Today's arrest is a testimony to the strength of the FBI's domestic, international, and private sector partnerships.' M&S has faced a week of mayhem following the cyber attack over the Easter weekend. Trade website Bleeping Computer said 'multiple sources' pointed to Scattered Spider having gained access to M&S's servers as far back as February before putting their plan into action over the bank holiday. As a result M&S paused its click-and-collect service, where customers order items online for collection from a shop. These orders are still being face disruption. Julius Cerniauskas, chief executive of web intelligence experts Oxylabs, feared other firms could soon be targeted by hackers seeking to cause similar cyberspace chaos. 'Following the M&S cyber attack and the potential involvement of hacking group, Scattered Spider, all major UK retailers will be seriously worried if they'll be tangled in the web next,' he warned. 'The impact on the M&S share price shows the damage these attacks can do and will have many corporate retailers working day and night to ensure they do not suffer a similar fate. 'Ransomware gangs typically target companies like Marks & Spencer with the aim of causing maximum disruption to force a quick payout. By freezing critical systems, criminals create chaos for both customers and the business - affecting online orders, payments, and store operations. 'Their goal is simple: the greater the disruption, the greater the pressure on the company to pay the ransom. 'While it appears M&S has regained some control, preventing the situation from escalating further will depend on thorough system cleansing, patching vulnerabilities, and ensuring no backdoors have been left behind by the attackers.' Experts say criminal outfits like the Scattered Spiders pose a 'sophisticated threat' to the public and to businesses worldwide. Such cyber hackers typically demand up to £10million in ransom for returning full access to firms, say industry sources. No arrests have been made over the M&S hack, a Met spokesman confirmed, adding: 'Detectives from the Met's cyber crime unit are investigating. Inquiries continue.' Detectives have been working alongside the National Cyber Security Centre and data watchdog the Information Commissioner's Office (ICO). Marks & Spencer would not share details last night nor speculate on the culprit or confirm whether it has paid a ransom. In hacks such as this, criminals typically infiltrate an IT system, freeze it and demand payment from companies. It's believed ransomware called DragonForce may have been used in the attack on M&S, which has cost the retailer millions in lost sales and lower share prices. Ciaran Martin, the founding chief executive of the National Cyber Security Centre, said it had 'serious' consequences for the grocer. 'This is a pretty bad episode of ransomware,' he said. 'It is a highly disruptive event and a very difficult one for them to deal with.' It's unclear how long it will take for M&S to recover its systems. However, expert Lisa Forte - a partner at cyber security firm Red Goat - said getting anything back online in a week is 'never going to happen'. 'I don't know one organisation that could do it,' she told the BBC. A ransomware attack - described as like being a 'digital bomb' going off by one expert - could take weeks to fix. Official advice is not to pay, as you would be putting trust in a criminal gang who may not be true to their word in releasing the files and systems they have taken 'hostage'. Tech experts are also warning people to change their online passwords to strengthen their own digital security.
Yahoo
29-04-2025
- Yahoo
The British teenagers behind ‘depraved' cyber attacks
British teenagers have been linked to the online gang thought to have targeted Marks & Spencer in a major cyber-attack. Known as Scattered Spider, the gang is best described as a loose online collective of English-speaking young men. Previous arrests of its members, in connection with different incidents, have revealed that they hail from the UK and the US. Tyler Robert Buchanan, 23, a Briton who US prosecutors claim is Scattered Spider's leader, was arrested at a Spanish airport last June. He is alleged to have been behind the September 2023 hack of Las Vegas casino operators Caesar's Entertainment and MGM Resorts International, causing widespread disruption at some of the city's most high-profile venues. Mr Buchanan, a Scot who is understood to have been remanded in custody after being detained while trying to take a charter flight between Spain and Italy, was charged earlier this month alongside four American men, all of whom are below the age of 25. Last year, a 17-year-old from Walsall was also arrested in the UK in connection with the same Las Vegas hacks. West Midlands Police did not respond to a request for an update on his case. Nonetheless, the arrests have not stopped the gang's ongoing activities. Scattered Spider is thought to have most recently targeted Marks & Spencer, forcing the multinational retailer to halt its online sales for the past five days. The attack has wiped millions of pounds from the London Stock Exchange-listed company's market value, even emptying shelves at some of its shops. Aiden Sinnott, a senior threat researcher with cyber security company Sophos' Secureworks unit, said that Scattered Spider is a 'nihilistic' part of a much deeper online subculture that engages in 'depraved and outrageous things'. Known for attracting 'English-speaking' teenagers and young men to its ranks, the gang first emerged on the murky cyber crime scene around June 2022. 'They're not like a traditional [organised crime] group in that there's no kind of structured hierarchy,' Mr Sinnott said. 'In terms of personas and who's behind them, it's quite difficult to pin down, because it is kind of an online collective that operates behind usernames.' The cyber security expert added that Scattered Spider is believed to be an offshoot of a much darker online community called The Com. This group is known for its kudos-beats-all ethos, where its members attempt to one-up each other in the most horrible ways possible to gain online status and prestige. In this warped subculture, nothing is off limits – be it renting Russian ransomware to target a high-street retailer or even child abuse. The Com's members have been linked to claims that they would egg each other on to coerce children into performing depraved acts on webcam, up to and including self harm. Using their advanced hacking skills, The Com's members threatened to expose their victims to friends and family unless their demands were met. 'It just seems to be almost nihilistic – there's no real financial motivation,' Sinnott said. 'It seems to be about gaining kudos within the group. And that kudos comes from doing increasingly depraved and outrageous things.' Scattered Spider's members, while closely linked to The Com, are thought to be more motivated by money and prestige for pulling off heists against high-profile companies. Their British and American origins mean that, unlike when Russian cyber-criminals target the West, 'they are within reach of law enforcement,' Sinnott said. Cyber-security experts believe that Scattered Spider has rented a piece of Russian-made hacking software – ransomware – called DragonForce. In a ransomware attack, the attackers encrypt – forcibly scramble – business-critical computer files and then demand a hefty ransom to unscramble them again. DragonForce's creators would expect a cut of the ransom as their fee for renting out the software to Scattered Spider. Royal Mail, which was targeted by Russian hackers in 2021 amid similar circumstances, faced a £67 million demand. It chose not to pay. Most businesses choose not to pay the ransom in similar circumstances, although for some it is a less painful option than rebuilding entire corporate systems and processes from scratch. Marks & Spencer has declined to comment on the cyber-attack to date. Broaden your horizons with award-winning British journalism. Try The Telegraph free for 1 month with unlimited access to our award-winning website, exclusive app, money-saving offers and more.
Telegraph
29-04-2025
- Telegraph
The British teenagers behind ‘depraved' cyber attacks
British teenagers have been linked to the online gang thought to have targeted Marks & Spencer in a major cyber-attack. Known as Scattered Spider, the gang is best described as a loose online collective of English-speaking young men. Previous arrests of its members, in connection with different incidents, have revealed that they hail from the UK and the US. Tyler Robert Buchanan, 23, a Briton who US prosecutors claim is Scattered Spider's leader, was arrested at a Spanish airport last June. He is alleged to have been behind the September 2023 hack of Las Vegas casino operators Caesar's Entertainment and MGM Resorts International, causing widespread disruption at some of the city's most high-profile venues. Mr Buchanan, a Scot who is understood to have been remanded in custody after being detained while trying to take a charter flight between Spain and Italy, was charged earlier this month alongside four American men, all of whom are below the age of 25. Last year, a 17-year-old from Walsall was also arrested in the UK in connection with the same Las Vegas hacks. West Midlands Police did not respond to a request for an update on his case. Nonetheless, the arrests have not stopped the gang's ongoing activities. Scattered Spider is thought to have most recently targeted Marks & Spencer, forcing the multinational retailer to halt its online sales for the past five days. The attack has wiped millions of pounds from the London Stock Exchange-listed company's market value, even emptying shelves at some of its shops. Aiden Sinnott, a senior threat researcher with cyber security company Sophos' Secureworks unit, said that Scattered Spider is a 'nihilistic' part of a much deeper online subculture that engages in 'depraved and outrageous things'. Known for attracting 'English-speaking' teenagers and young men to its ranks, the gang first emerged on the murky cyber crime scene around June 2022. 'They're not like a traditional [organised crime] group in that there's no kind of structured hierarchy,' Mr Sinnott said. 'In terms of personas and who's behind them, it's quite difficult to pin down, because it is kind of an online collective that operates behind usernames.' The cyber security expert added that Scattered Spider is believed to be an offshoot of a much darker online community called The Com. This group is known for its kudos-beats-all ethos, where its members attempt to one-up each other in the most horrible ways possible to gain online status and prestige. In this warped subculture, nothing is off limits – be it renting Russian ransomware to target a high-street retailer or even child abuse. The Com's members have been linked to claims that they would egg each other on to coerce children into performing depraved acts on webcam, up to and including self harm. Using their advanced hacking skills, The Com's members threatened to expose their victims to friends and family unless their demands were met. 'It just seems to be almost nihilistic – there's no real financial motivation,' Sinnott said. 'It seems to be about gaining kudos within the group. And that kudos comes from doing increasingly depraved and outrageous things.' Scattered Spider's members, while closely linked to The Com, are thought to be more motivated by money and prestige for pulling off heists against high-profile companies. Their British and American origins mean that, unlike when Russian cyber-criminals target the West, 'they are within reach of law enforcement,' Sinnott said. Cyber-security experts believe that Scattered Spider has rented a piece of Russian-made hacking software – ransomware – called DragonForce. In a ransomware attack, the attackers encrypt – forcibly scramble – business-critical computer files and then demand a hefty ransom to unscramble them again. DragonForce's creators would expect a cut of the ransom as their fee for renting out the software to Scattered Spider. Royal Mail, which was targeted by Russian hackers in 2021 amid similar circumstances, faced a £67 million demand. It chose not to pay. Most businesses choose not to pay the ransom in similar circumstances, although for some it is a less painful option than rebuilding entire corporate systems and processes from scratch.
STV News
25-04-2025
- STV News
Scottish man linked to hacking group which 'stole millions in crypto' extradited to US
A Scottish man accused of being part of a hacking group which allegedly stole millions of dollars in cryptocurrency has reportedly been extradited to the United States from Spain. Tyler Robert Buchanan, 23, from the UK, was charged with conspiracy to commit wire fraud, conspiracy, wire fraud, and aggravated identity theft. Buchanan was arrested on May 31, 2024, at an airport in Palma de Mallorca, Spain, as he attempted to board a flight to Naples, the Spanish National Police said. They claimed he was part of an organised group which gained control of 391 bitcoins worth approximately $27m (£20m). An International Arrest Warrant (IAR) had been issued against him by a court in the Central District of California, the Policia Nacional said in a statement. Bloomberg now reports the 23-year-old was detained in California after a court appearance on Thursday following his extradition from Spain on Wednesday. The hacking group are alleged to have targeted employees of companies across the US with phishing text messages and then used the harvested employee credentials to log in and steal non-public company data and information and to hack into virtual currency accounts to steal millions of dollars in cryptocurrency. The U.S. Attorney's Office for the Central District of California said last year if convicted, each defendant would face a statutory maximum sentence of 20 years in federal prison for conspiracy to commit wire fraud, up to five years in federal prison for the conspiracy count, and a mandatory two-year consecutive prison sentence for aggravated identity theft. Officials said that Buchanan would also face up to 20 years in prison for the wire fraud count. Noah Urban, 20, of Florida, Joel Evans, 25, of North Carolina, Ahmed Elbadawy, 23, and Evans Osiebo, 20, from Texas, were charged with one count of conspiracy to commit wire fraud, one count of conspiracy, and one count of aggravated identity theft. United States attorney Martin Estrada said last year: 'We allege that this group of cybercriminals perpetrated a sophisticated scheme to steal intellectual property and proprietary information worth tens of millions of dollars and steal personal information belonging to hundreds of thousands of individuals. 'As this case shows, phishing and hacking has become increasingly sophisticated and can result in enormous losses. If something about the text or email you received or website you're viewing seems off, it probably is.' Akil Davis, the Assistant Director in Charge of the FBI's Los Angeles Field Office added: 'The defendants allegedly preyed on unsuspecting victims in this phishing scheme and used their personal information as a gateway to steal millions in their cryptocurrency accounts. 'These types of fraudulent solicitations are ubiquitous and rob American victims of their hard-earned money with the click of a mouse. 'I'm proud of our stellar cyber agents whose work led to the identification of the alleged schemers who are facing significant prison time if convicted.' The US Justice Department and the US Attorney's Office in the Central District of California have been contacted for comment. Get all the latest news from around the country Follow STV News Scan the QR code on your mobile device for all the latest news from around the country
