Suspected Leader of MGM, Caesars Cyberattacks Arrested

Spanish police apprehended UK national Tyler Buchanan on June 15, alleging that he is the leader of the Scattered Spider hacking group believed to be behind the cyberattacks on MGM Resorts, Caesars Entertainment, and many other large companies around the globe.

The arrest was made in Palma de Mallorca while Buchanan, who is from Dundee, Scotland, was attempting to board a flight to Italy.

Buchanan Alleged to be Expert in ‘SIM Swapping’

Police say that the 22-year-old Buchanan was in control of $27 million in Bitcoin at the time of his arrest. The arrest warrant was issued by the FBI’s Los Angeles office. 

Buchanan was the second key member of Scattered Spider to be arrested in 2024. Police in Florida arrested 19-yaer-old Noal Michael Urban in January, charging him with wire fraud, conspiracy to commit wire fraud, and five counts of aggravated theft. 

According to a report by Cybernews, Buchanan was a specialist in “SIM swapping,” in which hackers compromise phones or other devices in order to gain access to one-time passwords and other versions of two-factor authentication systems. As a whole, Scattered Spider has primarily worked on social engineering schemes to extract data from IT helpdesk staff, then using those identities to access and attack organizations.

Scattered Spider made its mark on the gaming industry last September, when it breached MGM Resorts’ systems. The attacks impacted everything from hotel booking systems to slot machines, ATMs, and even the functionality of room keys. At one point, many MGM properties on the Las Vegas Strip and beyond were manually checking in customers to their hotels, resulting in long waits for visitors. MGM would ultimately put the cost of the hack at around $100 million.

Caesars was also targeted by Scattered Spider in September. However, the global gaming giant chose instead to negotiate a ransom with the group, paying $15 million, or half of the initial $30 million demanded by the hackers, to have their systems unlocked and any stolen data returned to the company.

FBI Cracking Down on Scattered Spider Members

In May, the FBI announced that it was cracking down on Scattered Spider, devoting resources to identifying and charging suspected members of the group. 

“We are working towards charging individuals where we can with criminal conduct, in this case, largely around the Computer Fraud and Abuse Act,” FBI cyber deputy assistant director Brett Leatherman told Reuters in May. 

But experts in cybercrimes have their doubts that these arrests will put much of a dent in the group’s activities. As the name would suggest, Scattered Spider is made up of a decentralized web of young hackers located primarily in the US, UK, and Canada, which has been working with veteran ransomware hackers in Russia and Eastern Europe. 

“Often we don’t see that mingling of geographical hackers working together outside the confines of like hacktivism, for example,” Leatherman said. 

The activities of Scattered Spider haven’t been limited to casino firms. Other organizations that have been attacked by the hackers include LastPass, DoorDash, Apple, and Walmart, among many more. 

Casinos.com reached out to MGM and Caesars for comments on the latest Scattered Spider arrest, but did not hear back before publication.

(Image: Ty O'Neill/Associated Press)