Counterfeit crypto robbery lands three British men in jail – Krebs on security

Three men in the UK were arrested this month for attempting to assault a local man and steal his virtual currencies. The incident is the latest example of how certain cybercriminal communities are increasingly resorting to physical violence to settle scores and disputes.

Shortly after 11pm on September 6, a resident of the Spalding Common area of ​​Lincolnshire in the UK called the police to say that three men were acting suspiciously and had jumped a nearby fence.

“The three men fled in a VW Golf and were briefly stopped nearby,” a statement from The said Lincolnshire Police. “The car was searched by officers who found an imitation firearm, taser, a baseball bat and police uniform in the trunk.”

Thomas Green23, Rayhan Miah23 and Leonardo Sapiano24 were all charged with possession of the weapons, and “with intent to cause loss to another to make an unjustified demand for cryptocurrency from a person.”

KrebsOnSecurity has learned that the defendants were in Spalding Common to pay a surprise visit to a 19-year-old hacker known by the handles “Discoli”, “Disco Dog” and “Chinese”. In December 2020, Discoli took credit for hacking and leaking the user database of OGUsers, a forum crowded with people looking to buy, sell and trade access to compromised social media accounts.

Reached via Telegram, Discoli confirmed that police believe the trio tried to force their way into his home in Spalding Common, and that one of them was wearing a police uniform when they approached his residence.

“They were obvious about being fake police, so much so that one of our neighbors called,” Discoli said in a chat. – That call led to the arrests. Their purpose was for crypto robbery/extortion, I happened not to be at home at the time.”

Lincolnshire Police declined to comment for this story, citing an ongoing investigation.

Discoli said he did not know any of the accused men but believed they were hired by one of his enemies. And he said his would-be assailants weren’t just targeting him specifically.

“They had a list of people they wanted to meet on an ongoing basis as far as I know,” he said.

The foiled robbery is the latest drama involving members of certain criminal hacker circles who target each other with physical violence, making a standing offer to pay thousands of dollars to anyone in the target’s region who agrees to carry out the assaults.

Last month, a 21-year-old New Jersey man was arrested and charged with stalking in connection with a federal investigation into cybercriminal groups that hire people to carry out physical attacks on their rivals.

says the prosecution Patrick McGovern-Allen recently participated in several of these schemes — including firing a handgun into a home in Pennsylvania and setting fire to a residence in another part of the state with a Molotov cocktail.

McGovern-Allen and the three British defendants are part of an online community at the forefront of a dangerous escalation of coercive and intimidation tactics increasingly used by competing cybercriminal groups to steal cryptocurrency from each other and keep their rivals in check .

The Telegram chat channels where these young men transact have hundreds to thousands of members each, and some of the more interesting calls on these communities are job offers for personal assignments and tasks that can be found by searching for posts titled “If you live in near” or “IRL job” – short for “in real life” job.

A number of these classified ads are in the service of “bombing”, where someone is hired to visit a specific address and throw a brick through the target’s window. In fact, prior to McGovern-Allen’s arrest, his alleged Telegram personality boasted that he had done several brick-and-mortar jobs for hire.

Many of the people involved in paying others to commit these physical attacks are also frequent participants in Telegram chat channels that focus singularly on SIM swapping, a crime in which identity thieves hijack a target’s cell phone number and use it to wrest control of the victim’s different online accounts and identities.

Unsurprisingly, the vast majority of people currently targeted for bricking and other physical abuse via Telegram tend to be other cybercriminals involved in SIM swapping crimes (or individuals on the periphery of that scene).

The UK is home to a number of young men accused of stealing millions of dollars worth of cryptocurrencies via SIM swapping. Joseph James O’Connor, aka “Plugwalk Joe”, was arrested in Spain in July 2021 under an FBI warrant on 10 counts of offenses related to unauthorized computer access and cyberbullying. US investigators say O’Connor also played a central role in the 2020 Twitter hack, in which the Twitter accounts of top celebrities and public figures were forced to tweet out links to cryptocurrency scams. O’Connor is currently fighting extradition to the United States.

Robert Lewis Barr, a 25-year-old Scottish man who allegedly stole more than $8 million in crypto, was arrested on an FBI warrant last year and is also fighting his extradition. US investigators say Barr SIM-switched a US bitcoin broker in 2017 and spent much of the stolen funds throwing lavish parties at luxury rented flats in Glasgow city centre.

In many ways, these violence-as-a-service incidents are a natural extension of “swatting,” where fake bomb threats, hostage situations, and other violent scenarios are called in to police as part of a scheme to trick them into potentially visiting lethal force at a target’s address. According to prosecutors, both Barr and O’Connor have a history of beating their enemies and victims of SIM swapping.