Scattered Spider Hacker Noah Michael Urban Sentenced to 10 Years in Federal Prison
Published
- Hacker convicted: A Scattered Spider will spend a decade in prison for involvement in cyberthreat activities.
- Accusations: The young Florida individual pleaded guilty to wire fraud and aggravated identity theft in SIM swapping attacks.
- Restitutions: The hacker was also ordered to pay approximately $13 million in restitution to victims.
Noah Michael Urban, a 20-year-old Florida resident and key member of the notorious Scattered Spider cybercrime group, was sentenced to 120 months in federal prison for orchestrating sophisticated SIM swapping attacks that compromised major corporations and individual victims.
Comprehensive Cybercrime Sentencing Details
The cybercrime sentencing exceeded prosecutors' recommendations, with Judge Harvey E. Schlesinger imposing a 10-year prison term alongside $13 million in restitution payments and three years of supervised release.
Urban, operating under the aliases “Elijah,” "King Bob," and "Sosa," pleaded guilty to conspiracy to commit wire fraud, wire fraud, and aggravated identity theft relating to 29 cryptocurrency victims and 13 companies, Bloomberg News recently reported.
Federal prosecutors had initially sought an 8-year sentence, but the court opted for enhanced penalties reflecting the extensive scope of Urban's criminal activities, reports say. The restitution amount encompasses victims from multiple jurisdictions.
The individual allegedly conspired to steal at least $800,000 from five victims via SIM-swapping attacks.
Urban is the first to be sentenced of the several other arrested individuals linked to the hacker collective. Four Scattered Spider members were charged by U.K. authorities in July, and the FBI arrested the group’s alleged leader earlier this year.
Scattered Spider Group Operations and Impact
The Scattered Spider English-speaking cybercrime group, also known as Oktapus, Starfraud, UNC3944, Scatter Swine, and Muddled Libra, specialized in SMS and voice phishing campaigns targeting corporate employees.
Urban's group executed sophisticated social engineering attacks during the summer of 2022, compromising over 130 companies, including Twilio, LastPass, DoorDash, Plex, and MailChimp.
The group's methodology involved creating fraudulent Okta authentication pages and distributing phishing messages claiming VPN credential expiration or schedule changes.
SIM-Swapping Attack Infrastructure
Security reporter Brian Krebs noted that Urban maintained active participation in the Star Fraud SIM-swapping collective, which demonstrated particular expertise in compromising T-Mobile customer accounts and claimed internal T-Mobile access on 100 separate occasions during a seven-month period in 2022.
Urban also leveraged these capabilities to steal unreleased music recordings from prominent artists, subsequently distributing these materials through underground forums, Krebs said.
Judicial Complications and Enhanced Penalties
During proceedings, a co-defendant compromised a magistrate judge's email account, accessing Urban's sealed indictment through social engineering techniques targeting court password management contractors.
“The Court’s password business is handled by an outside contractor. And somebody called the outside contractor representing Judge Toomey, saying, ‘I need a password change.’ And they gave out the password change. That’s how whoever was making the phone call got into the court,” Judge Harvey E. Schlesinger said, according to a court transcript.
This month, CISA released an advisory with updates on Scattered Spider enhanced TTPs and reported DragonForce Ransomware deployment.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular