Three men in the UK were arrested this month for attempting to attack a local man and steal his virtual currency. The incident is the latest example of how certain cybercriminal communities are increasingly resorting to physical violence to settle bills and disputes.
Just after 11pm on September 6, a resident of the Spalding Common area in the Lincolnshire district of Britain called police to say three men were acting suspiciously and had jumped a nearby fence.
“The three men made off in a VW Golf and were briefly stopped nearby,” the company said in a statement Lincolnshire Police. “The car was searched by officers who found a fake gun, taser, baseball bat and police uniform in the trunk.”
Thomas Green23, Rayhan Miah23 and Leonardo Sapiano24 were all charged with gun possession, and “with intent to harm another, to make an unjustified demand for cryptocurrency from a person.”
KrebsOnSecurity has learned the defendants were at Spalding Common to pay a surprise visit to a 19-year-old hacker known by the names “Discoli”, “Disco Dog” and “Chinese”. In December 2020, Discoli was credited with hacking and leaking the user database of OGUsers, a forum overrun by people looking to buy, sell, and trade access to compromised social media accounts.
Reached by telegram, Discoli confirmed that police believe the trio tried to force their way into his home on Spalding Common and that one of them was wearing a police uniform when they approached his home.
“They were so obvious they were fake cops, so much so that one of our neighbors called,” Discoli said in an instant message chat. “That call led to the arrests. Their intent was crypto robbery/extortion, I happened to be not home at the time.”
Lincolnshire Police declined to comment on this story, citing an ongoing investigation.
Discoli said he does not know any of the accused men but believes they were hired by one of his enemies. And he said his would-be attackers didn’t just target him.
“As far as I know, they had a list of people they wanted to meet one at a time,” he said.
The robbery foiled is the latest drama associated with members of certain criminal hacking communities attacking each other with physical violence, making a constant offering to anyone in the target’s region who agrees to carry out the attacks make paying thousands of dollars.
Last month, a 21-year-old New Jersey man was arrested and charged with stalking in connection with a state investigation into cybercriminal groups who settle scores by hiring people to perform physical attacks on their rivals.
prosecutors say Patrick McGovern-Allen recently took part in several of these programs – including firing a handgun at a house in Pennsylvania and torching a residence in another part of the state with a Molotov cocktail.
McGovern-Allen and the three British defendants are part of an online community at the forefront of a dangerous escalation of coercion and intimidation tactics increasingly being used by competing cybercriminal groups to steal cryptocurrency from one another and keep their rivals in check keep.
The Telegram chat channels where these young men do business have hundreds to thousands of members each, and some of the more interesting requests in these communities are job postings for personal tasks and assignments, which can be found by searching for posts titled “ If you live near” or “IRL job” – short for “in real life” job.
A number of these classified ads are designed to conduct “brickings” in which someone is commissioned to visit a specific address and throw a brick through the target’s window. In fact, prior to McGovern-Allen’s arrest, his rumored Telegram persona was bragging about exporting several bricks for rent.
Many of the people involved in paying others for these physical attacks are also frequent participants in Telegram chat channels that focus solely on SIM card swapping, a crime in which identity thieves hijack a target’s cell phone number and thereby gaining control over the victim’s various online accounts and identities.
Not surprisingly, the vast majority of people currently being targeted via Telegram for bricking and other real-world physical attacks are typically other cybercriminals involved in SIM swapping crimes (or people on the fringes of the scene ).
Several young men living in the UK are accused of stealing millions of dollars worth of cryptocurrency via SIM swaps. Joseph James O’Connor, aka “Plugwalk Joe”, was arrested in Spain in July 2021 on an FBI warrant on 10 counts of offenses related to unauthorized computer access and cyberbullying. According to U.S. investigators, O’Connor also played a central role in the 2020 Twitter incursion that forced Twitter accounts of top celebrities and public figures to tweet links to cryptocurrency scams. O’Connor is currently fighting extradition to the United States.
Robert Lewis Barr, a 25-year-old Scotsman who allegedly stole more than $8 million worth of crypto, was arrested on an FBI warrant last year and is also fighting extradition. US investigators say Barr SIM swapped a US Bitcoin broker in 2017 and spent much of the stolen funds throwing lavish parties in luxury rented apartments in central Glasgow.
In many ways, these “violence-as-a-service” incidents are a natural extension of “swatting,” which involves calling the police bogus bomb threats, hostage situations, and other violent scenarios in order to lure them into a potentially deadly visit to the Force address of a target. According to prosecutors, both Barr and O’Connor have a history of hitting their enemies and their SIM swap victims.