A core leader of the hacker subset of The Com responsible for a series of high-profile phishing attacks and cryptocurrency thefts from September 2021 to April 2023 pleaded guilty to federal charges, the Justice Department said Friday.
Tyler Robert Buchanan of Dundee, Scotland, pleaded guilty to conspiracy to commit wire fraud and aggravated identity theft. The 24-year-old was arrested by Spanish police in Palma in 2024 as he attempted to board a charter flight to Naples, Italy.
Buchanan has been in federal custody since April 2025 and faces up to 22 years in federal prison at his sentencing, which is scheduled for August 21.
The British national and his co-conspirators, including Noah Michael Urban, who was sentenced to a 10-year federal prison sentence last year, harvested thousands of credentials via phishing and stole more than $8 million in cryptocurrency from U.S. residents via SIM-swapping attacks.
Victims included high net worth individuals and businesses in the entertainment, telecom, technology, business process outsourcing, IT, cloud and virtual currency sectors, officials said.
Buchanan and his co-conspirators were part of an aggressive subset of The Com coined Scattered Spider. While The Com and its offshoots don’t operate with formal leaders in the traditional sense, Buchanan played a crucial role in the operation, according to Allison Nixon, chief research officer at Unit 221B.
“[Buchanan] was the glue that held this gang together. His success at wiping out victims’ savings made him a target for both law enforcement and rival Com gangs,” Nixon told CyberScoop.
“[Buchanan] is part of an older generation that came from certain toxic gaming servers before the pandemic. People from this generation learned hacking in order to steal vanity usernames and bully kids before using it to steal peoples’ savings,” she added.
Federal authorities filed charges against five individuals with links to the Scattered Spider cybercrime outfit in 2024. Buchanan and Urban’s alleged co-conspirators — Ahmed Hossam Eldin Elbadawy, Evans Onyeaka Osiebo and Joel Martin Evans — still face charges in the case, officials said.
Nixon lauded law enforcement for acting decisively to arrest Buchanan during a brief window of opportunity while he was traveling internationally.
“Com members are obsessed with private jets and foreign vacations, and the feds took that dream away with one arrest,” she said.
The tactic, which U.S. officials also use against Russian cybercriminals, works because most countries are willing to support in the arrest of foreign criminals, thereby keeping them out of their respective jurisdictions, Nixon said.
“As a foreigner, he was caught in a weaker legal position than if he was arrested at home, and cases following this tactic tend to have very long sentences,” she added. “The takeaway for Com members watching this case is that criminal foreigners associated with violence are the lowest class in every country. And that’s what Com members are when they travel.”
The Justice Department said Buchanan and his co-conspirators defrauded at least a dozen companies and their employees throughout the United States. A digital device police found at his residence in April 2023 contained personal data on numerous individuals and victim companies, according to his plea agreement.
It’s unclear what transpired between that search in April 2023 in Scotland and his June 2024 arrest at a resort city on the Spanish island of Mallorca. Moreover, his plea agreement doesn’t include the entirety of his alleged crimes.
Buchanan attracted a lot of attention and successfully coordinated many attacks before a rival Com gang allegedly broke into his home and used a blowtorch on him to extra crypto keys in his possession, according to Nixon.
Following his arrest, Spanish police said Buchanan had gained control of bitcoin worth more than $27 million at that time.
While early leaders of Scattered Spider have been arrested or sentenced for their crimes, others have filled those roles with even more exceptional impact.
The Com has grown to thousands of members, typically between 11 and 25 years old, splintered into three primary subsets the FBI describes as Hacker Com, In Real Life Com and Extortion Com.
Criminal acts committed by these multiple, interconnected networks include swatting, extortion and sextortion of minors, production and distribution of child sexual abuse material, violent crime and various other cybercrimes.
You can read the indictment against Buchanan and some of his co-conspirators below.
The post Scottish man pleads guilty to attack spree that created Scattered Spider’s notoriety appeared first on CyberScoop.
–
Read More – CyberScoop
