Police Investigation into UK Retail Hacks Focuses on English-Speaking Youths
The disruption caused by a wave of cyber attacks on UK retailers has been evident for weeks, with empty shelves, cancelled online orders, and the theft of millions of customers' data. However, the identities of those responsible have remained elusive, with companies and authorities providing only limited details. In their first interview, the National Crime Agency (NCA) has revealed where their suspicions lie, pointing to the notorious cyber-criminal collective Scattered Spider as a key part of their investigation.
A New Lead in the Investigation
Scattered Spider is notable for being young and comprised of native English speakers. This is a stark contrast to most high-profile cyber criminals, who hail from countries like Russia and North Korea. The NCA has confirmed that they are exploring all parts of the cyber-crime ecosystem, but it appears they have narrowed down their focus to this group.
"We are looking at the group that is publicly known as Scattered Spider, but we've got a range of different hypotheses and we'll follow the evidence to get to the offenders," said Paul Foster, head of the NCA's national cyber-crime unit. "In light of all the damage that we're seeing, catching whoever is behind these attacks is our top priority."
The Role of DragonForce in the Hacks
The hacks have been carried out using DragonForce, a platform that provides criminals with the tools to carry out ransomware attacks. However, despite this, the hackers pulling the strings remain unidentified, and no arrests have been made.
Cyber-experts suggest that Scattered Spider may be behind the hacks, citing their traits as similar to those of the group. "They display the traits of Scattered Spider, a loose community of often young individuals who organise across sites like Discord, Telegram, and forums," said one expert.
The Investigation's Scope
The NCA is exploring all parts of the cyber-crime ecosystem, including platforms and channels used by Scattered Spider. "We know that Scattered Spider are largely English-speaking but that doesn't necessarily mean that they're in the UK - we know that they communicate online amongst themselves in a range of different platforms and channels," said Mr Foster.
The Impact on Retailers
M&S, Co-op, and Harrods have all been affected by the hacks, with ransomware attacks causing disruption to their operations. M&S has struggled to restock shelves, while Co-op staff took systems offline to prevent a ransomware infection. At Co-op, a huge amount of customer and employee data was stolen and is being held for ransom.
The Group's History
Scattered Spider has been linked to high-profile attacks on US casinos in 2023 and Transport for London last year. In November, the US charged five British and American men and boys in their twenties and teens for alleged Scattered Spider activity. One of those arrested is 23-year-old Scottish man Tyler Buchanan.
The Tactics Used by Scattered Spider
Cyber-security researchers have given Scattered Spider nicknames such as Octo Tempest and Muddled Libra. They use social engineering techniques to manipulate victims, often by using tactics like clicking on links or resetting passwords.
Expert Insights
A former teen hacker who was arrested nine years ago and now works in cyber-security expressed surprise that teenagers could be behind the hacks. "It wouldn't surprise me - quite [the] opposite. The tools are readily available, and it's very easy to jump online and search straight away," he said.