A 17-year-old boy from England was arrested on Thursday as part of the larger investigation into the cyber hacking group known as Scattered Spider, which has claimed responsibility for last September’s cyberattacks against MGM Resorts, Ceasars, and other companies.
The FBI worked with West Midlands Police in the UK to arrest the teenager from Walsall, a town just north of Birmingham, England.
During the arrest, officials also confiscated “a number of digital devices” which will be examined as evidence in the case.
The teen, who has not yet been named, was taken into custody on suspicion of blackmail and offenses related to the Computer Misuse Act.
“We have been working closely with the National Crime Agency and FBI,” Detective Inspector Hinesh Mehta, Cyber Crime Unit Manager for the Regional Organised Crime Unit for the West Midlands (ROCUWM), said in a statement.
“These cyber groups have targeted well known organisations with ransomware and they have successfully targeted multiple victims around the world, taking from them significant amounts of money. We want to send out a clear message that we will find you. It’s simply not worth it.”
The FBI outed the arrest as a sign of the strength of its partnerships with other law enforcement and private sector organizations.
“The FBI, in coordination with its partners, will continue to relentlessly pursue malicious actors who target American companies, no matter where they may be located or how sophisticated their techniques are,” Bryan Vorndran, assistant director of the FBI’s Cyber Division, said in a statement.
MGM also praised the action, saying that it was proud of its own response to the attacks.
“By voluntarily shutting down our systems, refusing to pay a ransom and working with law enforcement on their investigation and response, the message to criminals was clear: it’s not worth it,” MGM said in a statement.
MGM paid dearly for not cooperating with hackers at the time of the attack. Systems at many MGM properties in the United States were impacted, forcing hotels to manually check in customers and deal with errors on slots machines, ATMs, and other systems. Earlier this year, the company estimated the total cost of the attack at $100 million.
MGM’s statement about refusing to pay a ransom may be a jab at fellow gaming giant Caesars Entertainment. While Scattered Spider also targeted Caesars, that company chose to pay a $15 million ransom, or about half of the group’s initial demand, to have their systems restored and any stolen data returned.
In the months since those attacks, the FBI has made a point of cracking down on the members of Scattered Spider. In June, Spanish police apprehended 22-year-old UK national Tyler Buchanan, the alleged leader of Scattered Spider. That arrest was made based on a warrant issued by the FBI. A similar arrest was made against 19-year-old Noah Michael Urban in Florida in January.
However, many cybersecurity experts have doubts over whether these arrests will have a measurable impact on Scattered Spider or other hacking groups. Since these groups tend to be decentralized and made up of members from many different nations, there isn’t a single, powerful leadership structure to dismantle that would destroy a group’s ability to continue targeting victims.
Ed Scimia is a freelance writer who has been covering the gaming industry since 2008. He graduated from Syracuse University in 2003 with degrees in Magazine Journalism and Political Science. In his time as a freelancer, Ed has worked for About.com, Gambling.com, and Covers.com, among other sites. He has also authored multiple books and enjoys curling competitively, which has led to him creating curling-related content for his YouTube channel "Chess on Ice."
Read Full Bio