Police Investigation Into Uk Retail Hacks Focuses On English-speaking Youths

Detectives investigating cyber attacks connected UK retailers are focussing connected a notorious cluster of cyber criminals known to beryllium young English-speakers, immoderate of them teenagers, constabulary person revealed.

For weeks speculation has mounted that disruptive attacks connected M&S, Co-op, Harrods and immoderate US retailers could beryllium nan activity of a hacking organization called Scattered Spider.

Speaking astir nan hacks for nan first time, nan National Crime Agency (NCA) has told BBC News nan group is simply a cardinal portion of its ongoing investigation to find nan culprits.

"We are looking astatine nan group that is publically known arsenic Scattered Spider, but we've sewage a scope of different hypotheses and we'll travel nan grounds to get to nan offenders," Paul Foster, caput of nan NCA's nationalist cyber crime unit, said successful a caller BBC documentary.

"In ray of each nan harm that we're seeing, catching whoever is down these attacks is our apical priority," he added.

The activity of attacks, which began astatine Easter, person resulted successful empty shelves successful stores, nan suspension of online ordering, and millions of people's backstage information being stolen.

The attacks person been carried retired utilizing DragonForce, a level that gives criminals nan devices to transportation retired ransomware attacks. However, nan hackers pulling nan strings person still not been identified and nary arrests person been made.

Some cyber experts opportunity nan hackers show nan traits of Scattered Spider, a loose organization of often young individuals who organise crossed sites for illustration Discord, Telegram and successful forums, astir apt located successful nan UK and US.

Although nan NCA says it is exploring each parts of nan cyber crime ecosystem, it excessively is looking successful nan aforesaid direction.

"We cognize that Scattered Spider are mostly English-speaking but that doesn't needfully mean that they're successful nan UK - we cognize that they pass online amongst themselves successful a scope of different platforms and channels, which is, I guess, cardinal to their expertise to past beryllium capable to run arsenic a collective," Mr Foster said.

M&S has been deed pinch ransomware, which has scrambled nan company's servers rendering machine systems useless. The precocious thoroughfare elephantine is still struggling to support shelves stocked and has halted online shopping for weeks. Hackers person besides stolen customer and worker information from nan company.

At Co-op, unit took systems offline to forestall a ransomware infection but a immense magnitude of customer and unit information was stolen and is being held to ransom. Operations astatine nan firm's supermarkets, security offices and ceremonial services person been severely affected.

It is not known what is happening astatine Harrods but nan institution admitted it had to propulsion machine systems offline because of an attempted cyber attack.

When nan hackers down nan M&S and Co-op attacks anonymously contacted nan BBC past week, they declined to opportunity whether aliases not they were Scattered Spider.

Cyber information researchers astatine CrowdStrike formed nan sanction "Scattered Spider" because of nan group's sporadic nature, but different cyber companies person fixed nan cluster nicknames including Octo Tempest and Muddled Libra.

The group was besides linked to high-profile attacks including connected 2 US casinos successful 2023 and Transport for London past year.

In November, nan US charged 5 British and American men and boys successful their twenties and teens for alleged Scattered Spider activity. One is 23-year-old Scottish man Tyler Buchanan, who has not made a plea, and nan remainder are US based.

NCA investigators will not opportunity really nan hackers person managed to breach unfortunate organisations but earlier this month, nan National Cyber Security Centre issued guidance to organisations urging them to reappraisal their IT thief table password reset processes.

"Calling up IT thief desks is simply a maneuver that Scattered Spider seems to favour and they usage societal engineering techniques to manipulate personification into doing thing for illustration clicking connected a nexus aliases resetting someone's relationship to a password they tin use," Lisa Forte from cyber information patient Red Goat said.

In nan BBC documentary, a erstwhile teen hacker who was arrested 9 years agone and now useful successful cyber security, said he was not amazed that teenagers could beryllium down nan hacks.

"It wouldn't astonishment maine - rather [the] opposite. The devices are readily disposable and it's very easy to jump online and hunt consecutive away. You tin consciousness a spot untouchable but for what end? You're gonna beryllium arrested 99% of nan time," he said.