cyberscoop.com
Open in
urlscan Pro
13.249.91.36
Public Scan
URL:
https://cyberscoop.com/the-com-764-cybercrime-violent-crime-fbi-intellignce-report/
Submission: On December 06 via api from TR — Scanned from US
Submission: On December 06 via api from TR — Scanned from US
Form analysis 1 forms found in the DOM
GET https://cyberscoop.com/
<form role="search" id="searchform" class="site-search" method="get" action="https://cyberscoop.com/">
<meta itemprop="target" content="https://cyberscoop.com/?s={s}">
<label class="screen-reader-text" for="search-field"> Search for: </label>
<input class="site-search__input js-site-search-input" itemprop="query-input" type="text" id="search-field" value="" placeholder="Search news, people, podcasts, videos" name="s">
<button class="site-search__button">
<svg class="icon icon--search" width="19" height="19" fill="none" viewBox="0 0 19 19" xmlns="http://www.w3.org/2000/svg">
<path
d="M7.9.7a6.805 6.805 0 0 0-6.8 6.8c0 3.752 3.048 6.8 6.8 6.8a6.757 6.757 0 0 0 3.975-1.288l5.262 5.25 1.125-1.125-5.2-5.212A6.77 6.77 0 0 0 14.7 7.5c0-3.752-3.048-6.8-6.8-6.8Zm0 .8c3.319 0 6 2.681 6 6s-2.681 6-6 6-6-2.681-6-6 2.681-6 6-6Z"
fill="currentColor" stroke="currentColor"></path>
</svg>
<span class="visually-hidden">Search</span>
</button>
</form>Text Content
Skip to main content
Advertisement
* CyberScoop
* AIScoop
* FedScoop
* DefenseScoop
* StateScoop
* EdScoop
Advertise Search Close
Search for: Search
Open navigation
* Topics
Back
* AI
* Cybercrime
* Commentary
* Financial
* Government
* Policy
* Privacy
* Technology
* Threats
* Research
* Workforce
* Special Reports
* Events
* Podcasts
* Videos
* Insights
* Subscribe to Newsletters
* Advertise
Switch Site
* CyberScoop
* AIScoop
* FedScoop
* DefenseScoop
* StateScoop
* EdScoop
Subscribe
Advertisement
Subscribe to our daily newsletter.
Subscribe
Close
* Exclusive
EXCLUSIVE: FEDS ARE PROBING 764, THE COM’S USE OF CYBERCRIMINAL TACTICS TO CARRY
OUT VIOLENT CRIMES
Documents reviewed by CyberScoop show that law enforcement is tracking these
violent criminal groups’ use of malicious cyber tools to cause harm to children.
By Greg Otto and Jana Winter
December 5, 2024
Listen to this article
9:43
Learn more. This feature uses an automated voice, which may result in occasional
errors in pronunciation, tone, or sentiment.
(Getty Images)
The child sextortion group 764 and the global collective of loosely associated
groups known as “The Com” are using tools and techniques normally used for
financially motivated cybercrime tactics — such as SIM swapping, IP grabbing and
social engineering — to commit violent crimes, according to exclusive law
enforcement and intelligence reports reviewed by CyberScoop.
The reports offer insight into the underbelly of the global network, showing how
they are using traditional cybercriminal tools to identifying, targeting,
grooming, extorting, and causing physical and psychological harm to victims as
young as 10. They were shared with police nationwide and in some cases, with
foreign-allied governments.
The intelligence report also shows how The Com is leveraging the cybercrime
knowledge within its subgroups to go beyond ransomware attacks or data breaches
and into areas the FBI classifies as terrorism.
An October 2023 intelligence note says in March of that year, 6996, a group
associated with The Com, published what it called “The Bible” on its Telegram
channel, “highlighting techniques for conducting ATM/Debit/Credit Card skimming,
IP Grabbing, forming a cult, doxing and extortion/grooming.”
Advertisement
“The 6996 channel features digital art and photos of graffiti promoting the
violent online groups M.K.U. and 764,” according to the intelligence note, which
was marked Unclassified/For Official Use Only.
The group “appears to be situated at the nexus of communities of users who share
gore material, [Racially or Ethnically Motivated Violent Extremist-White
Supremacist] adherents such as M.K.U. and child exploitation actors like 764.”
M.K.U., it says, is a neo-Nazi group with a presence in Russia and Ukraine.
The intelligence note was produced by the Joint Regional Intelligence Center and
the Central California Intelligence Center, both part of the Department of
Homeland Security’s intelligence sharing network of regional fusion centers.
Regional fusion centers were set up after 9/11 to facilitate intelligence and
emerging threat information sharing across the country and among state, local
and federal law enforcement and other government agencies.
Neither center responded to emails seeking comment from CyberScoop.
The joint intelligence note is titled “Violent Online Group Publishes Guide to
Forming a Cult, Committing Fraud and Grooming Minors for Self-Harm.” It
categorizes the investigative areas as: “Domestic Violent Extremism, Cyber
Crime, Fraud and Exploitation” for law enforcement and other agencies receiving
it. It says “6996 appears to be similar to online child exploitation group,
764, which has been implicated in coercing minors to self harm, including
suicide; animal cruelty; and the production of child sexual abuse material.”
Advertisement
An intelligence report produced Joint Regional Intelligence Center and the
Central California Intelligence Center that describes the cybercriminal tactics
used by violent online communities. (CyberScoop)
“Key content” flagged in the intelligence report from “The Bible” shared in
March 2023 on Telegram include:
* A description of what ATM “skimming” is, how to avoid being skimmed, a
five-step guide on how to skim, and recommendations for equipment and
software needed to successfully skim debit and credit cards.
* A description of “IP Grabbing,” how to use free online tools to obtain
someone’s IP address, and various services that can be used to hide an IP
address.
* A section on how to use open-source tools to doxx and gather information
about potential victims and how to find new victims to target.
Advertisement
The groups use these methods to trick children into sending sexually explicit
photos of themselves, threaten to make the photos public unless they harm
themselves, and kill or harm animals, among other crimes. The group’s members
have coerced children into attempting suicide, harming themselves, siblings and
animals.
“We’ve had people kill their grandparents,” a senior official with the National
Center for Missing and Exploited Children said during a panel with FBI agents
about 764 last month at a domestic terrorism and violence prevention conference
in Pittsburgh. “It’s just awful.”
Another document reviewed by CyberScoop, a FBI tradecraft alert from May 2024,
also warned law enforcement nationwide about 764’s doxxing practices. The alert
says the group created a fake suicide prevention Telegram chat that promised to
provide anonymous support to suicidal minor females, claiming the chat “could
help save other girls and kids from the same trauma.” The “764” actors would
then use social engineering tactics to convince the victims to give the actors
their personal information, which the actors would then use to doxx and extort
the victims.”
The FBI National Press Office declined to comment when asked about this
tradecraft alert.
At the same panel at the violence prevention conference in late October, FBI
agents urged parents to be aware of what their kid is doing on their phone and
encouraged law enforcement in the room to look out for this in their
communities. The FBI agents on the panel asked CyberScoop for anonymity citing
concerns about being doxxed by 764 and The Com.
Advertisement
The FBI personnel declined to speak with CyberScoop about the cybercrime tactics
or about anything beyond what was said during the panel, referring all questions
to the FBI press office, which declined comment.
“It almost sounds too much to be true, but its real,” said one FBI agent. “I
want to stress: this is everywhere.” Another agent said they have seen this “in
every state, every field office and arrests have been made in 23 countries.”
Those investigating these crimes have been mostly tightlipped about the cyber
aspects of their probes and of the networks themselves. But a recent Department
of Justice press conference following the sentencing of Richard Densmore, who
ran a network of 764 Discord servers, hinted at the cyber components of the
broader law enforcement effort to track down members of the loosely associated
collectives. Densmore was sentenced to 30 years for recruiting children online —
including by infiltrating online gaming sites that children frequent — to cut
themselves and engage in graphic sexual acts.
The connection between The Com and 764 has been explored in previous reporting
by independent cybersecurity journalist Brian Krebs. However, the documents
reviewed by CyberScoop offer new insight into how law enforcement is tracking
these associated groups and how 764 and The Com are using cybercriminal
techniques to carry out their crimes.
At a different panel at the same violence prevention conference in late October,
a federal prosecutor spoke briefly about 764.
Advertisement
“There is a national law enforcement and national level focus on this network,
where its entire premise is weaponizing child pornography and sextortion and
other criminal acts to attack the most vulnerable members of our community,
often being children, with the idea that when these children become adults our
entire foundation will crumble from underneath us, ” they said.
“It’s not premised on the idea of child pornography, it’s premised on the idea
of collapsing society and they do it through animal cruelty and they do it
through swatting and sextortion.”
The Department of Justice has also recently arrested several Com members for
non-violent cybercrimes. In October, Canadian authorities arrested a person,
suspected to be a Com member, of allegedly orchestrating a series of data
exfiltration attacks targeting customers of the data-storage firm Snowflake.
The person arrested – Ontario native Connor Moucka – was found by investigators
partly due to multiple threats of violence he made toward a cybersecurity
researcher.
In November, federal authorities unsealed charges against five individuals with
links to the “Scattered Spider” cybercrime syndicate, accusing them of
conducting an extensive phishing scheme that compromised companies nationwide,
enabling the theft of non-public data and millions in cryptocurrency. Scattered
Spider has also been tied to The Com.
Advertisement
The National Center for Missing & Exploited Children operates an online tip line
as a way to help victims remove their photos from the internet. Known as “Take
It Down,” the service helps minors or adults who were victimized as minors in
online image or video files with the removal of the sexually explicit content.
For more information, visit https://takeitdown.ncmec.org.
If you believe you are the victim of a crime using these types of tactics,
retain all information regarding the incident (e.g., usernames, email addresses,
websites or names of platforms used for communication, photos, videos, etc.) and
immediately report it to:
• FBI’s Internet Crime Complaint Center at www.ic3.gov
• FBI Field Office [www.fbi.gov/contact-us/field-offices or
1-800-CALL-FBI (225-5324)]
• National Center for Missing and Exploited Children (1-800-THE LOST or
www.cybertipline.org )
Advertisement
WRITTEN BY GREG OTTO AND JANA WINTER
IN THIS STORY
* 764
* ATM skimming
* doxxing
* Federal Bureau of Investigation (FBI)
* IP grabbing
* National Center for Missing & Exploited Children
* Sextortion
* SIM swapping
Share
* Facebook
* LinkedIn
* Twitter
* Copy Link
Advertisement
Advertisement
MORE LIKE THIS
1. INSIDE A NEW INITIATIVE TO LEND CYBERSECURITY VOLUNTEERS TO ORGANIZATIONS
THAT NEED IT MOST
By Tim Starks
2. EXCLUSIVE: SENATOR CALLS ON COMMERCE TO TIGHTEN PROPOSED RULES ON EXPORTING
SURVEILLANCE, HACKING TECH TO PROBLEMATIC NATIONS
By Tim Starks
3. U.S. GOVERNMENT SAYS SALT TYPHOON IS STILL IN TELECOM NETWORKS
By Tim Starks
Advertisement
TOP STORIES
1. WHITE HOUSE: CHINESE TELECOM HACKS HAVE BEEN IN MOTION FOR YEARS
By Greg Otto
2. HOW A RUSSIAN MAN’S HARROWING TALE SHOWS THE PHYSICAL DANGERS OF SPYWARE
By Tim Starks
Advertisement
LATEST PODCASTS
SPECIAL CYBERTALKS EDITION WITH NATIONAL CYBER DIRECTOR HARRY COKER
GREYNOISE’S ANDREW MORRIS ON USING AI TO FIND ZERO-DAYS
MANAGING APPLICATION PERMISSIONS TO MINIMIZE POTENTIAL ATTACK SURFACES
THE EVOLUTION OF MICROSOFT’S DIGITAL CRIMES UNIT
GOVERNMENT
* Russian-linked Turla caught using Pakistani APT infrastructure for espionage
* FTC goes after three data brokers with enforcement actions
* CFPB proposes new rule to regulate expansive data broker industry
* Trio of South Dakota politicians set to have bigger roles on cybersecurity
TECHNOLOGY
* Study shows potentially higher prevalence of spyware infections than
previously thought
* Small number of vulnerabilities patched in last Android security update of
2024
* Sen. Blumenthal wants FCC to get busy on telecom wiretap security rules
* Bitsight acquires Cybersixgill for $115 million
THREATS
* FCC, for first time, proposes cybersecurity rules tied to wiretapping law
* Notorious ransomware developer charged with computer crimes in Russia
* Appeals court tosses sanctions on Tornado Cash crypto mixer
* Starbucks, UK grocers impacted by ransomware attack on Blue Yonder
POLICY
* An opportunity for Trump’s deregulation journey: Cybersecurity harmonization
* Stronger cyber protections in health care targeted in new Senate bill
* Vulnerability disclosure policy bill for federal contractors clears Senate
panel
* How to remove the cybersecurity gridlock from the nation's energy lifelines
Advertisement
About Us
* FedScoop
* DefenseScoop
* StateScoop
* EdScoop
* CyberScoop
* AIScoop
* Newsletters
* Advertise with us
* Ad specs
* (202) 887-8001
* hello@cyberscoop.com
* FB
* TW
* LinkedIn
* IG
* YT
Close Ad
Continue to CyberScoop