A cyberattack that resulted in the shutdown of two prominent Las Vegas casinos in 2023 has continued to captivate the cybersecurity world due to its unique characteristics. It marked the first instance of collaboration between English-speaking hackers from the US and UK with ransomware groups based in Russia. However, beneath the surface of this high-profile incident lies a darker trend that deserves more attention – the involvement of young Western cybercriminals in online groups focused on extorting, harassing, and bullying vulnerable teenagers into self-harm and other dangerous activities.
In September 2023, the MGM Resorts hotel chain in Las Vegas fell victim to a ransomware attack orchestrated by a Russian group known as ALPHV/Black Cat. As MGM scrambled to contain the breach, details of the hack started to emerge through media interviews conducted by an individual claiming firsthand knowledge. This 17-year-old from the UK described how the attack began with a simple phone call to an MGM tech support person that led to an employee account password reset, initiating the intrusion.
The hacking group responsible for the MGM breach was nicknamed “Scattered Spider” by security firm CrowdStrike, highlighting their dispersed nature across various cybercrime-focused online platforms collectively known as “The Com.” This network serves as a hub for cybercriminals to collaborate, boast about their achievements, and engage in rivalries over stolen funds and digital assets. However, beyond financial extortion, members of The Com are known to resort to physical violence against each other, blurring the lines between online crime and real-world harm.
One such member of The Com, known by the username “@Holy,” was identified as a key player in both cybercrime exploits and harmful online activities targeting young individuals. Investigations revealed that @Holy was actively involved in channels dedicated to extorting young people into committing acts of self-harm and violence, with a focus on recording these activities for public consumption. This disturbing trend of exploiting vulnerable youths for criminal gain highlights the sinister underbelly of the cybercrime world, where financial motives intertwine with psychological manipulation and coercion.
The intertwining of cybercrime with harmful online behaviors has led to the emergence of groups like 764, which engage in coordinated campaigns of extortion, doxing, and harassment against minors. These activities have far-reaching consequences, often resulting in severe psychological trauma, physical harm, and even death. The insidious nature of these harm communities, combined with the technical expertise of cybercriminals, poses a significant challenge for law enforcement agencies tasked with combating online abuse and exploitation.
In response to the growing threat posed by these hybrid cybercrime and harm groups, law enforcement agencies are exploring new strategies, such as charging members with domestic terrorism offenses. By leveraging anti-terrorism statutes, prosecutors gain additional tools for investigating and prosecuting individuals involved in online crimes that extend beyond traditional hacking and fraud. However, the use of terrorism charges in cybercrime cases is not without controversy, as it raises concerns about overreach and the potential for undermining legal proceedings.
As the line between cybercrime and harm groups continues to blur, the need for coordinated efforts to combat online abuse and exploitation becomes more urgent. Public awareness, reporting mechanisms, and law enforcement collaboration are crucial in addressing the complex and evolving challenges posed by these malicious actors. By shining a light on the intersection of cybercrime and harm communities, we can strive to create a safer online environment for all individuals, especially vulnerable youths who are most at risk of exploitation and harm.