From the bedroom of his upmarket home, Noah Urban played cat and mouse with music execs as he leaked some of the biggest hits by major world artists.
The 19-year-old – who went by the alias of King Bob – leaked unreleased songs from artists like rappers Playboi Carti, Lil Uzi Vert and singer , gaining online notoriety.
When he was finally nicked as part of a massive crackdown on a shadowy gang called , people flooded the internet to name the Florida teen as the man behind the sensational breaches.
Now that same gang has been linked to the cyber attack on British retailer – and The Sun can today reveal that ‘King Bob’ is linked to a British hacker arrested in.
Dundee-based Tyler Buchanan, 22, was pictured handcuffed in Spain last summer after being accused of masterminding Scattered Spider operations.
He was this week extradited to where he could be jailed up to 47 years for his part in a £9million cryptocurrency scam.
A 17-year-old from Walsall, West Midlands, is also still under investigation in relation to the gang’s hacks, which include an attack on MGM Resorts and Caesars Entertainment in 2023.
A source close to the case told The Sun: “King Bob ran operations from America while the FBI says his main contact in Europe was Buchanan.
“They were both major players in the Scattered Spiders communicating across the pond, mainly via Telegram.
“Smart kids but not smart enough to evade the authorities. The law was always going to catch up with them.”;
Marks & Spencer are this week battling to keep stores open after their systems were infiltrated over Easter weekend.
Online deliveries have been suspended and customers face empty shelves as the retail giant runs out of booze, Percy Pigs and Colin the Caterpillar sweets and cakes.
Earlier this week the part of its IT system after hackers tried to hijack its systems and Harrods also reported an attempted breach. It’s not yet known if they are related to the M&S cyber attacks.
Experts say underground collective Scattered Spider – made up of a loose band of teenagers in America and the UK – are the most likely culprits.
The group, thought to have an army of 1,000 hackers worldwide, have been behind major heists that have seen companies blackmailed for millions.
Their most daring raid came two years ago when MGM and Caesars paid £11.2million in ransom to get card payment systems, hotel room keys, slot machines and ATMs back up and running.
They specialise in ransomware – a type of attack designed to steal information or disable information in exchange for cash.
The group, which also tracks by the names of UNC3944, Oktapus, Starfaud and Scatter Swine, made a name for itself through the audacity of its ambitious schemes.
They have been known to pose as IT staff to trick workers into handing over login details and one-time passwords which allow them to gain access to systems.
They also practice a con called which involves persuading mobile carriers to reassign your number to a new phone card to steal information.
Buchanan and music leaker Noah Urban, now 20, were arrested alongside three other Scattered Spider members last year as part of a FBI operation to take down a £9million cryptotheft operation.
Victims were told various crypto accounts would be shut down and directed to a legitimate-looking website where their cash vanished.
Minion nickname
Urban, who took his nickname from a Minion in the Despicable Me film series, was arrested at an Airbnb in Palm Coast, Florida, where he was staying under a different name. Cops say he tried to wipe his computer and social media history during a raid.
He last month pleaded guilty to wire theft and identity fraud in Florida and is expected to soon be jailed for more than 40 years. He has also been ordered to pay more than £10million compensation to 59 victims.
The teenager was later unmasked as the hacker behind major record company leaks including songs from Ariana Grande’s album Eternal Sunshine and Playboi Carti’s songs Celine and She Might.
In a May 2023 police interview Urban said he had made “millions”; from fraud – and lost most of it on online gaming sites despite living in the posh neighbourhood of Cypress Knoll in Palm Coast, where properties rent for more than £1000 a month.
Prosecutors have linked Urban’s illegal activities to Tyler Buchanan, who was arrested at Mallorca airport in Spain last year as he tried to board a plane to Naples.
According to US court documents, when Police Scotland raided Buchanan’s home, they found “approximately 20 devices”; and browser history allegedly showed he registered websites used by the Scattered Spider – including one called NameCheap.
Federal officers obtained records from Virgin Media which showed NameCheap was leased by Buchanan for several months.
Court paperwork also claims he moderated a Telegram channel used by the group .
If convicted of wire fraud and identity theft, Buchanan could face decades in a US jail alongside co-accused Urban and three others, aged 20 to 25.
The Scattered Spiders are part of a bigger group of online hackers known as The Com.
Firms face being sued by customers if they don’t pay up
Cyber expert Paul Sibenik
Last month we told how thecoerce young girls into cutting themselves and sending explicit pictures, with some victims even encouraged to take their own lives.
Young girls have been encouraged to cut Nazi and occult emblems into their skin by the network, mainly made up of alienated teenage boys aged 14 to 17 brought together by the internet.
Crime takeaway
Many of The Com boast about their hacking successes and one teenager managed to steal enough cryptocurrency “to buy a luxury yacht.”;
Martin Ramsell, intelligence officer for the National Crime Agency – the UK’s answer to the FBI – told us: “Our domestic hackers are nowhere near as sophisticated as some of the overseas organisations and a bit more opportunistic.
“They are young but quite capable of finding a way into a network and, one inside, they know how to move around, where to look, what to steal and how to try erase their traces.
“I know there are lads with millions in cryptocurrency, enough to buy a luxury yacht, but it’s not easy to spend and they just end up buying sneakers and UberEats.”;
Paul Sibenik, CEO of international firm Cryptoforensic Investigators, which has investigated cases related to Scattered Spider, told The Sun how the group blackmails companies by disabling systems – then offering to sell back an encryption key to unlock them.
He said personal information is sold through the dark web or openly sold on sites such as notorious hacking platform OGUsers.
Paul said: “The extortion isn’t just about hackers saying ‘hey, you pay us the money and you’ll get access to your system back.
“The criminals often threaten to leak the private data of customers if companies don’t pay up.
“There are hacker forums where this type of data is advertised to other attackers and people’s personal information is openly swapped.
“There are multiple incentives to get companies to pay; access to their own data system, preventing the deletion of data and avoiding a data breach, which could cost them additional money in lawsuits from customers.”;
