Tyler Buchanan, a 23-year-old British man, has been extradited from Spain to the US facing charges linked to the Scattered Spider hacking group behind a major cyber attack on M&S that halted online sales and shook investor confidence. The breach highlights the growing threat from youth-driven cybercrime syndicates leveraging sophisticated phishing and SIM swapping tactics.
Last week, Marks & Spencer (M&S) found itself grappling with a significant cyber attack that has severely impacted its IT systems, resulting in the suspension of online sales for over a week and a substantial decrease in market value. Amid this turmoil, Tyler Buchanan, a 23-year-old British man, was extradited from Spain to the United States, where he faces multiple charges related to his involvement with the cyber criminal group Scattered Spider, which is believed to be behind the M&S breach.
Buchanan’s extradition follows a ten-month process during which he awaited legal proceedings on allegations of orchestrating cyber attacks alongside young co-conspirators. The FBI claims that Scattered Spider has targeted dozens of companies across the UK, US, Canada, and India throughout 2022, with M&S being one of the more recent victims.
According to sources, DragonForce—a hacking collective—has suggested that it, along with its affiliates, was responsible for the M&S hack and similar attacks on other retailers, including Co-op and Harrods. Notably, experts indicate that the association between DragonForce and Scattered Spider is not surprising, as they are thought to operate collaboratively to carry out extortion through ransomware.
Buchanan was arrested in July 2022 in Palma, Mallorca, about to board a flight to Naples. At the time, law enforcement discovered he had access to a cryptocurrency wallet containing over $26 million in Bitcoin. His unassuming appearance contrasted sharply with his alleged criminal activities, as he was described wearing casual attire when apprehended.
His father, Robert Buchanan, maintains that his son is not involved with Scattered Spider, though he acknowledges Tyler’s exceptional proficiency in technology, reportedly beginning at the age of six. Family representatives have described Buchanan’s role in the cyber realm as more akin to a team captain than a central leader.
Court documents reveal that Buchanan and his associates engaged in phishing schemes—strategies that involve tricking individuals into providing their access credentials via deceptive communications. The FBI further elucidates that Buchanan had registered a fake website without adequate precautions, making it relatively easy for authorities to trace him back to Dundee, Scotland. In April 2023, police recovered a substantial array of computers and devices containing sensitive information from compromised companies.
Cyber security experts note that Scattered Spider’s activities include techniques such as SIM swapping. This involves deceiving telecom employees to transfer victims’ phone numbers to new SIM cards, allowing hackers access to one-time codes for account logins. Experts highlight that attackers often employ British English to convincingly masquerade as legitimate IT support, leading potentially unsuspecting targets to divulge sensitive information.
M&S has not publicly detailed how the attack was executed or what ransom demands were made, but historical precedents suggest that such cyber extortion often involves substantial financial demands. Microsoft has identified Scattered Spider as one of the pervading threats in the cybercrime landscape, linking it to notable incidents including a significant breach at MGM Resorts International in September 2023, which resulted in considerable operational disruption and financial loss.
A troubling trend linked to Scattered Spider is its association with a broader, darker community known as The Com, which reportedly manipulates vulnerable youths into participating in criminal activities. The UK’s National Crime Agency has expressed concern over minors being enticed to engage in malicious behaviour by more experienced cybercriminals within these circles.
Recent reports indicate that attackers associated with Scattered Spider have resorted to extreme intimidation tactics, involving threats of violence to extort sensitive information. These alarming behaviours suggest a culture where young hackers vie for reputation and success within the community, leading to inter-group rivalries and competitive aggression.
Buchanan remains in federal custody in California and is expected to appear in court later this month. His lawyer has asserted his entitlement to the presumption of innocence, characterising him as a well-intentioned individual rather than a key player in a sophisticated criminal enterprise. The nature of the M&S attack remains under investigation, with cyber security experts from CrowdStrike, the National Cyber Security Centre, GCHQ, and law enforcement agencies involved in the ongoing response efforts to mitigate the damage.
Experts emphasize the importance of vigilance among retailers and corporations, advocating for enhanced security measures to protect against such disruptive cyber threats in an increasingly digital environment.
Source: Noah Wire Services
- https://www.ibtimes.co.uk/marks-spencer-says-site-was-not-hacked-admits-data-breach-1526236 – This article discusses a previous data breach in October 2015, where Marks & Spencer’s website exposed customer information due to a technical issue, leading to a temporary suspension of the site.
- https://www.independent.co.uk/news/business/news/m-s-website-down-after-shoppers-details-leaked-a6711671.html – This report covers the October 2015 incident where Marks & Spencer’s website was temporarily taken down after customers’ personal details were leaked, with the company attributing the issue to a technical glitch rather than a hack.
- https://www.govinfosecurity.com/spanish-police-bust-alleged-leader-scattered-spider-a-25536 – This article details the arrest of a 22-year-old British national in Spain, suspected to be the leader of the Scattered Spider cybercrime group, which has been linked to various cyber attacks, including those targeting companies like MGM Resorts.
- https://www.itpro.com/security/cyber-crime/alleged-scattered-spider-ringleader-taken-down-in-spain-after-law-enforcement-crackdown – This piece reports on the arrest of a 22-year-old from Dundee, Scotland, named Tyler Buchanan, believed to be a prominent figure behind the Scattered Spider hacking group, which has attacked numerous organizations over the past two years.
- https://www.cityam.com/marks-spencer-website-leaks-customer-details-but-retailer-insists-its-a-technical-issue-not-a-hacking/ – This article discusses the October 2015 incident where Marks & Spencer’s website exposed customer information due to a technical issue, leading to a temporary suspension of the site.
- https://www.bbc.com/news/technology-34656818 – This report covers the October 2015 incident where Marks & Spencer’s website was temporarily taken down after customers’ personal details were leaked, with the company attributing the issue to a technical glitch rather than a hack.
- https://news.google.com/rss/articles/CBMiogJBVV95cUxOT2k2M28wUGlOaUowS3JRZ2RsWGJkT0thUzJhVHJid0dISFNtOWVDQWVPQUYtLU0tRE1GR2JpWGRWaXQ3SnNUbDdDc081Q1J4MHlodTVxWWY5MkN0b2dQclZfbFE3b3FSalRvYzJzbVFGdWFTRkdDQXN0WUhXbm51VW1vZ2JyS252d0VCckw5QlN6VGJzUTNqcmRpWjFlQ1VJemFkVWlPNWpnSTlFVzdzQ1ZZeEpMMmVWdzJoeWVaeWI3NzRrMDI4YnpTRWlUcHh6enV3TTNvU19mTzJUcHVad3VKUUw2TGJjSDhvNm11OEtJN1E4TXRWN1k2b29zTnBkYUNmZWxRcWlRVjNVX0MyYjhnYWliUERYYjZNaE5tTzFkdw?oc=5&hl=en-US&gl=US&ceid=US:en – Please view link – unable to able to access data
Noah Fact Check Pro
The draft above was created using the information available at the time the story first
emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed
below. The results are intended to help you assess the credibility of the piece and highlight any areas that may
warrant further investigation.
Freshness check
Score:
8
Notes:
The narrative discusses recent events, including the extradition of Tyler Buchanan and the cyber attack on Marks & Spencer. The mention of specific dates and ongoing investigations suggests that the content is relatively recent, though some events may have occurred over the past year.
Quotes check
Score:
5
Notes:
There are no obvious direct quotes from named individuals that could be traced back to an original source. The narrative cites general statements from family members and legal representatives, but these lack specific quotes that can be verified.
Source reliability
Score:
5
Notes:
The narrative originates from a news aggregator, which may compile reports from various sources. Without a specific publication name, the reliability cannot be confidently assessed as high. However, the inclusion of details about legal proceedings and involvement from reputable agencies like the FBI suggests some level of credibility.
Plausability check
Score:
8
Notes:
The claims about the cyber attack and the extradition process seem plausible given the context of recent cyber attacks and international legal cooperation. However, specific details such as the involvement of ‘The Com’ and the full extent of Scattered Spider’s activities might require further verification for absolute plausibility.
Overall assessment
Verdict (FAIL, OPEN, PASS): OPEN
Confidence (LOW, MEDIUM, HIGH): MEDIUM
Summary:
While the narrative describes recent events and seems plausible in context, it lacks direct quotes and originates from an unspecified source. Therefore, some aspects might need further verification for absolute credibility. The freshness and plausibility scores are relatively high, but without specific name attribution and source derivation, the overall confidence remains medium.
