Inside the Fall of a Scattered Spider Cybercriminal: Tylerb Pleads Guilty
In a landmark case against the notorious cybercrime group Scattered Spider, senior member Tyler Robert Buchanan—known online as "Tylerb"—has pleaded guilty to wire fraud conspiracy and aggravated identity theft. The 24-year-old British national admitted his role in a devastating 2022 SMS phishing campaign that compromised over a dozen major tech companies and siphoned millions in cryptocurrency from individual investors. Buchanan now faces up to 20 years in U.S. prison. This Q&A breaks down the key details of the case, the group's tactics, and what led to his capture.
Who is Tylerb, and what role did he play in Scattered Spider?
Tyler Buchanan, a 24-year-old from Dundee, Scotland, operated under the hacker handle Tylerb—a name that once topped leaderboards in English-language cybercrime circles for the most prolific thieves. As a senior member of Scattered Spider, he specialized in social engineering attacks that tricked company help desks into granting access. Buchanan admitted to orchestrating massive SMS phishing campaigns, targeting employees of tech giants like Twilio, LastPass, and DoorDash. His guilty plea to wire fraud conspiracy and aggravated identity theft marks a pivotal win for law enforcement in dismantling this elusive group.
What was the 2022 SMS phishing campaign, and how did it work?
In the summer of 2022, Buchanan and other Scattered Spider members launched a high-volume SMS phishing attack. They sent tens of thousands of deceptive text messages to employees of major technology companies. These messages impersonated IT support or internal systems, tricking recipients into revealing login credentials. Once inside a company's network, the group harvested data, including customer information and account access tokens. They then used this data to perform SIM-swapping attacks on cryptocurrency investors, transferring phone numbers to devices they controlled. This allowed them to intercept SMS-based two-factor authentication codes and drain victims' crypto wallets.
How much money did Buchanan and Scattered Spider steal?
The U.S. Justice Department confirmed that Buchanan admitted to stealing at least $8 million in virtual currency from individual victims across the United States. Overall, the group's broader operations—which included ransoms and data theft from over a dozen companies—resulted in tens of millions of dollars in losses. The attacks on companies like LastPass and Twilio also exposed sensitive user data, leading to further financial and reputational damage.
How did the FBI track down Tyler Buchanan?
Investigators connected Buchanan to the phishing spree through digital breadcrumbs. The same username and email address were used to register numerous phishing domains just before the attacks began. Domain registrar NameCheap reported that the account logged in from a U.K.-based IP address. Scottish police confirmed that the address was leased to Buchanan throughout 2022. These details, combined with evidence from the phishing infrastructure, led FBI agents to identify him as a key perpetrator.
Why did Buchanan flee the United Kingdom in 2023?
Buchanan's criminal activities made him a target for rival cybercrime gangs. In February 2023, a violent confrontation occurred when thugs hired by a competitor invaded his home, assaulted his mother, and threatened to burn him with a blowtorch unless he handed over his cryptocurrency wallet keys. As first reported by KrebsOnSecurity, Buchanan fled the UK to evade both law enforcement and reprisals. This hasty departure ultimately led to his capture abroad, where he was detained by airport authorities in Spain.
What evidence did investigators find on Buchanan's devices?
Although the original text doesn't detail device contents, UK investigators later recovered a device at Buchanan's residence after his flight. The forensic analysis likely revealed chat logs, phishing tools, and cryptocurrency transaction records linking him to the SIM-swap operations. This evidence bolstered the case and contributed to his decision to plead guilty rather than face a full trial.
What exactly is Scattered Spider, and why is it dangerous?
Scattered Spider is a prolific English-speaking cybercrime group known for its advanced social engineering methods. Unlike many hacker groups that rely on malware, Scattered Spider impersonates employees or contractors to deceive IT help desks into granting network access. Once inside, they steal data for ransom, often using the stolen information to launch SIM-swap attacks on high-value targets like cryptocurrency holders. Their tactics have breached firms such as LastPass, Twilio, DoorDash, and Mailchimp, causing millions in losses and exposing sensitive data. Buchanan's guilty plea represents a crackdown on this elusive threat, but experts warn that the group remains active.
Related Articles
- 7 Critical Facts About the .NET 10.0.7 Out-of-Band Security Update
- Cyberattack on Foxconn: Apple's Data Safe Despite Massive Breach at Supplier
- Dirty Frag: The Linux Privilege Escalation Exploit You Need to Understand
- 8 Critical Cyber Threats and Breaches You Need to Know: April 13 Threat Intelligence Update
- Amazon SES Exploited in Massive Phishing Campaign; Experts Warn of Credential Theft
- Canonical Under Cyber Siege: Ubuntu Sites, Snap Store, and Launchpad Hit by Sustained Attack
- Securing Your Organization in the Age of AI-Powered Vulnerability Discovery
- Google Revamps Bug Bounty Program: Now Pays Up to $1.5 Million for Top Android Exploits