A 20-year-old hacker, known by several aliases online—Sosa, Elijah, Gustavo Fring, and King Bob—has pleaded guilty to his role in a cybercrime wave that swept through dozens of organizations across the U.S. Noah Michael Urban, now a convicted member of the infamous cybercriminal group Scattered Spider, faces a lengthy prison sentence and financial penalties totaling over $13 million in restitution.
His conviction sheds light on one of the most sophisticated and elusive hacking groups of recent years—an alliance of young, tech-savvy fraudsters who blurred the line between high-level cybercrime and internet subculture.
The Charges and Conviction
Urban’s arrest in early 2024 marked a major breakthrough for federal investigators. Initially denying all accusations, Urban reversed his plea in 2025 and admitted guilt to multiple charges in both Florida and California.
Specifically, Urban pleaded guilty to:
- Two counts of wire fraud (Florida),
- One count of aggravated identity theft,
- One additional count of wire fraud (California).
Each wire fraud charge carries a maximum penalty of 20 years in prison. The identity theft charge requires a minimum additional sentence of two years. In addition to incarceration, Urban faces fines exceeding $1 million and is ordered to pay $13.2 million to 59 victims affected by his actions.
How the Crimes Were Committed
From August 2022 through March 2023, Urban and his associates used phishing messages, SIM-swapping, and identity fraud to infiltrate networks and steal data, funds, and digital assets. The victims included both individuals and major organizations. Total damages from Urban’s specific activity were estimated at $3.5 million.
A search of his home revealed an arsenal of incriminating materials:
- Over $3 million in cryptocurrency (at current exchange rates),
- $27,702 in cash,
- Jewelry and six luxury watches,
- Digital evidence including passwords, cryptocurrency wallet credentials, and software designed to erase data.
Critically, Urban had not deleted his browser history, which recorded the exact times he accessed victims' emails. Investigators were able to directly link him to compromised accounts.
The Leaked Music Angle
Beyond financial crimes, Urban gained notoriety for leaking unreleased music by high-profile artists like Lil Uzi Vert, Playboi Carti, and Juice Wrld. According to cybersecurity journalist Brian Krebs, Urban (under the alias King Bob) accessed these files by targeting individuals in the music industry—another instance where SIM-swapping tactics were deployed.
These unauthorized leaks, while less financially damaging, showcased the group’s broader motivations—ranging from monetary gain to digital clout and status within underground communities.
Inside Scattered Spider
Urban’s case is only a small piece of the puzzle. Scattered Spider, the hacking collective to which he belonged, has operated under multiple aliases including:
- Starfraud,
- Octo Tempest,
- Muddled Libra,
- 0ktapus (Group-IB),
- UNC3944 (Mandiant),
- Scatter Swine (Okta).
The group emerged in 2022 and quickly made a name for itself through high-profile attacks. Their targets are typically large firms in the telecommunications, customer service, and technology sectors. Notably, they have been linked to attacks against MGM Resorts and Caesars Entertainment, using ransomware variants like BlackCat (Alphv), Qilin, and RansomHub.
What sets Scattered Spider apart is their reliance on social engineering—manipulating individuals, not just systems, to gain access. Phishing and SIM-swapping remain their preferred methods. According to cybersecurity analysts, the core members are mostly English-speaking teenagers and young adults, aged between 16 and 22.
The Com: A Cybercriminal Subculture
Urban’s ties extend beyond Scattered Spider. Investigators have linked him and other members to a loosely affiliated online community called “The Com” (short for “The Community”). Described by Krebs as a “social network for cybercriminals,” The Com thrives on platforms like Telegram and Discord.
This digital underworld connects thousands of young people engaged in scams, cryptocurrency fraud, and corporate hacks. The community operates in a gray area between organized crime and adolescent rebellion, often glamorizing cyber exploits and offering a twisted sense of status through illicit achievement.
Federal Indictment and Group Prosecution
Urban wasn’t acting alone. In November 2024, the U.S. Department of Justice unsealed indictments against four additional individuals:
- Ahmed Hossam Eldin Elbadawy (23) – College Station, Texas
- Evans Onyeaka Osiebo (20) – Dallas, Texas
- Joel Martin Evans (25) – Jacksonville, North Carolina
- Tyler Robert Buchanan (22) – United Kingdom
Each was charged with:
- Conspiracy to commit wire fraud,
- Wire fraud,
- Aggravated identity theft.
According to court documents, the group used phishing text messages to pose as IT departments or trusted vendors, convincing employees of targeted companies to click links to fake login portals. Once credentials were stolen, the hackers accessed confidential business systems, siphoned proprietary information, and drained cryptocurrency wallets.
Authorities Speak Out
Federal officials emphasized the sophistication of the operation and the scale of the damage caused.
“We allege that this group of cybercriminals perpetrated a sophisticated scheme to steal intellectual property and proprietary information worth tens of millions of dollars,”
— U.S. Attorney Martin Estrada
“They preyed on unsuspecting victims in this phishing scheme and used their personal information as a gateway to steal millions,”
— Akil Davis, FBI Assistant Director in Charge, Los Angeles Field Office
The FBI led the investigation with support from Police Scotland and multiple regional field offices.
Conclusion: A Wake-Up Call in the Age of Digital Crime
Noah Urban’s conviction is a stark reminder of how deeply cybercrime can penetrate modern society. What began as online mischief by a teenager spiraled into one of the most destructive hacking operations of the past few years.
But while Urban’s sentence may serve justice, the culture that enabled him—the fusion of youth, technology, and digital anonymity—still thrives. As long as vulnerable systems exist and cybercriminal communities provide validation and support, new perpetrators will rise to take his place.
The war against cybercrime isn’t just technical—it’s cultural, social, and deeply human.
Comments 0