A 10-year prison sentence is hoped to serve as a deterrent for this "smarter than most" teenager.

Author: Margi Murphy

Translated by: Deep Tide TechFlow

Noah Urban played a role in the notorious "Scattered Spider" gang by persuading people to unknowingly grant criminals access to sensitive computer systems.

On a September afternoon in 2022, in a Telegram group chat filled with gold bag emojis and clown emojis, overflowing with "laughing my ass off" (lmfaos) and "laughing out loud" (loooools), a pixelated thumbnail appeared showing a bloodied teenager. At the time, 18-year-old Noah Urban, living on Florida's Palm Coast, clicked on the video.

In the video, the teenager pleaded with Noah to transfer $200,000 to his kidnappers, who were holding a gun to his head. "Elijah, really bro, you know we’ve worked together before," the teenager said, addressing Noah by one of his aliases. His face was swollen, his mouth full of blood, with drops staining his white Hollister hoodie. "You know I’ve always supported you. Just tell me, I’ll do anything you want me to do."

Noah immediately recognized the teenager. Justin had worked for him, helping him steal cryptocurrency. Although he didn’t know Justin’s full name, he knew he couldn’t compromise with the kidnappers. Moreover, he suspected the video might be fake. So, he didn’t transfer any funds.

Such a scene might terrify most teenagers, but by 2022, Noah had seen too many similar things. At that time, he was evading the FBI as a member of a cybercrime gang later known as "Scattered Spider" (Note: also known as UNC3944, a hacker organization primarily composed of teenagers and young adults, believed to be mainly from the U.S. and the U.K. This group is known for its complex social engineering tactics and cyberattacks). This gang had become one of the most notorious cybercrime organizations globally, linked to dozens of attacks against companies in the U.S. and the U.K. Among the most severe were the 2023 ransomware attack on MGM Resorts International, which crippled the casino's computer systems and caused $100 million in damages, and an attack earlier this year on British retailer Marks & Spencer Group Plc, expected to result in about $400 million in losses.

MGM Las Vegas Hotel and Casino. Photographer: AaronP/Getty Images

The FBI and the U.K. National Crime Agency have listed "Scattered Spider" as a priority target. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) described the gang as "a serious and ongoing threat to U.S. institutions." Cyber defense company Mandiant listed it as one of the "most aggressive and pervasive threat actors impacting European and U.S. institutions." Last year, "60 Minutes" reported on "Scattered Spider's" connections to Russian ransomware hackers.

Noah played a key role in the gang as a "caller." His experience is a cautionary tale of how a high school student with little technical ability transitioned from gaming to quickly stealing cryptocurrency, and then to entering the computer networks of telecom and tech companies through phone scams to steal sensitive data. He grew up in a middle-class family in Central Florida, often wearing Crocs and board shorts to fish, zip-lining at Gatorland, or visiting Universal Studios in Orlando—activities typical of an ordinary boy. However, as his criminal activities escalated, his virtual exploits began to spill into the real world. Kidnappings, firebomb attacks, and sexual extortion cases caught the attention of law enforcement. Friends Noah made online now face long prison sentences.

This report is compiled from court documents, conversations on Discord, and Telegram messages, as well as interviews with dozens of threat intelligence analysts, law enforcement officials, and others familiar with Noah's criminal career. This includes Noah himself, who spoke with Bloomberg Businessweek through dozens of phone calls from a prison in Florida, stipulating that these conversations not be reported until after his sentencing.

"Hello, my name is Kevin, and I’m calling on behalf of T-Mobile's internal security management."

Noah was not a true hacker. Born in 2004, the same year Facebook launched, he preferred swimming and football over programming. He had a few friends and a high school girlfriend, but most of the time he was a loner, not participating much in class. "I was a weird kid," Noah recalled. "I didn’t have many friends, so I didn’t learn those social cues that come from interacting with people." Three years after graduation, even his favorite teacher didn’t remember him.

Noah started playing Minecraft at age 8 or 9, and at 15, he met some people through the game and first heard about SIM swapping scams. This scam involves transferring someone’s phone number to a phone you own to intercept security codes, take over their online accounts, and transfer funds. This operation requires no programming skills; the key skill is social engineering—persuading or bribing telecom company employees to "activate" the number for you.

Noah quickly demonstrated excellent conversational skills, possessing a deep voice that belied his age, allowing him to deceive victims into giving up personal information. He attributed his social engineering abilities to his parents, saying, "Politeness and respect are the two most important things I learned as a child."

Through Minecraft, he met the leader of a SIM swapping gang, who paid him $50 each time Noah successfully stole cryptocurrency over the phone. He made $3,000 in his first week.

A childhood photo of Noah Urban. Source: Rob Urban

Noah was not short on money. His parents separated when he was a toddler, but life was comfortable. His mother owned a house in a gated community north of Orlando and worked in human resources; his father, a Navy veteran, ran an online marketing company and owned a home with a pool and hot tub nearby.

However, the adrenaline rush from SIM swapping, along with the friendship that was hard to find in real life, deeply fascinated Noah. "If you’re standing in line at Walmart with 10 people, you might not find many people you click with," he said, "but if you can pick your friends online—everyone has common interests—it’s especially easy to get along."

Noah joined a group of about 15 players, including 17-year-old Daniel Junk from Portland, Oregon, and another 17-year-old, Tyler Buchanan, from Scotland. Noah said they purchased a database stolen from cryptocurrency wallet company Ledger SAS, which provided a list of cryptocurrency holders and their email addresses. The next step was to access these email accounts, and they began looking for anyone using Outlook, AOL, or Yahoo! accounts. They told Noah these accounts were the easiest to breach.

These new friends were part of the so-called "Com" underground network, which was widely spread across Discord and Telegram, gathering many young people seeking coveted usernames, video game loot, and cryptocurrency that could be stolen through account takeovers. The FBI began investigating "Com" in 2018, estimating that by then, the group had stolen $50 million.

As more "Com" members discovered the simplicity of stealing cryptocurrency, the demand for SIM swapping increased. Some speculated which telecom company, such as T-Mobile US Inc. or AT&T Inc., had call center contractors who were easiest to deceive. Others hired kids to run into phone stores to steal iPads from customer representatives. For fun, the thieves often filmed these acts and uploaded them online.

Photographer: Jakub Porzycki/Getty Images

Noah said Junk discovered a method to register his personal computer on T-Mobile's corporate network and use remote access software to enter the company's SIM activation tools, sometimes maintaining access for months. When T-Mobile detected suspicious logins, it would reset accounts, locking Junk out. So, he began paying Noah to call and trick employees into giving up login information. Noah pretended to be an IT department employee and successfully obtained the login details.

Others involved in SIM swapping would listen on Discord as Noah made calls, while playing Counter-Strike or Call of Duty, and reading scripts Junk had written for him. "Hello, my name is Kevin," the script began, "I’m calling on behalf of T-Mobile's internal security management." When unsuspecting sales representatives inadvertently let Noah into the system, Junk and his friends would hold their breath, listening to every word. When Noah made a mistake, they would laugh uncontrollably. (A T-Mobile spokesperson stated that the company has improved security measures to "reduce illegal SIM swapping.")

As Noah deceived more people, he found that the targets were not only predictable but essentially kind-hearted. While it was difficult to convince employees that they had submitted an IT ticket, he could make them believe that the ticket was mistakenly linked to their account—could they please help close the ticket so he could finish his work? They almost always complied. When Noah breached a new account through conversation, the validation from new friends felt even more satisfying than the gratification from Minecraft.

"It’s shocking that such a young kid has the ability to incite a shooting somewhere in the world and almost never face consequences."

Noah's mother began to suspect what he was up to. Mysterious pizzas ordered by strangers started arriving at her doorstep. She overheard conversations about SIM swapping. When she tried to impose stricter rules, 16-year-old Noah moved in with his father.

Robert Urban lives in a five-bedroom house in DeLand, Florida. The garage is filled with tools, and the living room is cluttered with toys belonging to his partner's two children. A white Maltese dog barks at his feet. He noticed some changes when Noah started calling him "buster." Noah was about 15 at the time. "You don’t drive a Ferrari, you still have to pay the mortgage, you work hard, yet you’re still struggling," he recalled Noah saying. Since then, Urban has observed a "dramatic change" in his son's behavior.

When designer clothes were delivered to the house, or during rare social occasions when Noah wore a $35,000 diamond-encrusted Rolex and Louis Vuitton sneakers, he would tell his father that he sold items through Minecraft and invested the proceeds in cryptocurrency. Urban himself liked Bitcoin and boasted to friends about his son's success.

Urban tried to get Noah to liquidate some of his cryptocurrency assets for more traditional investments. "No, Dad," Noah would tell him, "I have my plans." Instead, he spent $80,000 to buy a Minecraft account with the username Elijah, another $30,000 for the Twitter handle @e, and an additional "ridiculous" amount for @autistic.

Robert Urban at his home in DeLand, Florida. Photographer: Michelle Bruzzese/Bloomberg Businessweek

Noah soon began hiring his own phone scammers, including someone he knew named Justin. He would pay between $60 and $1,000 depending on the security level of the telecom account. If a phone scammer could get an employee to install remote access tools, he would pay up to $4,000. When the COVID-19 pandemic closed schools nationwide, Noah was very pleased with the extra free time for employees.

Access to telecom companies was sporadic, leading some SIM swappers to start stealing from each other. Some began doxing, posting the real names and personal information of other hackers online to extort them. Bloomberg Businessweek reviewed dozens of videos on Discord and Telegram showing young people throwing bricks at houses while shouting the names of their respective SIM swapping factions, a behavior known as "bricking." They also hacked and leaked nude photos and personal information of opponents' girlfriends, encouraging others to harass them. There were even dedicated Telegram chat groups for humiliating the girlfriends of "Com" members.

Detective David Hale of the Weston-East Goshen Police Department in eastern Pennsylvania said he learned about "Com" in January 2022 when he was called to a wealthy suburban home where someone had fired eight shots into the living room, injuring three people. Two weeks prior, another home in the area reported a firebombing incident. Both attacks targeted young women associated with "Com." "It’s shocking that such young kids have the ability to incite a shooting somewhere in the world and almost never face consequences," Hale said.

Noah claimed he was not involved in any internal conflicts, but he knew trouble would come. In 2021, hackers threw bricks at his mother’s house, thinking he still lived there. She received anonymous messages threatening that if her son did not transfer hundreds of thousands of dollars in cryptocurrency, the attacks would continue. Noah refused, and eventually, the attacks stopped.

Allison Nixon grew increasingly worried about this. As the chief researcher at cybersecurity firm Unit221B, she was frustrated by hackers evading police scrutiny and concerned about the aggressiveness of their attacks.

Adults in the cybersecurity field often take a lenient view of teenage hackers, trying to guide them into industry careers to harness their talents. But in Nixon's view, this approach was no longer effective. "The only way to solve this problem," she said, "is for the government to address it historically, like they would with violent street gangs."

Her advice did not resonate with government officials. She described them as "completely overwhelmed" and acting as if they had more important things to do than chase kids online. She and other cybersecurity investigators warned law enforcement that "Com" members could become a larger threat.

By 2022, Noah was nearing the end of high school. He became increasingly estranged, missing assemblies and prom, and did not submit a YouTube compilation video showcasing classmates wearing masks. According to court records, Noah was already a millionaire, but he was more focused on elevating his criminal enterprise to new heights.

"I just want financial freedom, to hang out with my friends all day, and listen to music."

While searching for new lists of cryptocurrency holders, Noah came up with the idea to target the communications technology company Twilio Inc. Since the company’s software is used by 50,000 businesses to manage SMS and phone communications with customers, Noah believed it would have a wealth of valuable data. In August 2022, just weeks before his 18th birthday, he and friends purchased a spoofed domain that looked like the login page for user authentication company Okta Inc. and sent Twilio employees text messages with links.

"Warning!!! Your Twilio schedule has been changed. Click twilio-okta.com to view the changes!"

Noah successfully tricked a Twilio employee. However, when that person did not have the data he wanted, he logged into their Slack account and messaged a higher-level employee he found on LinkedIn. "I basically told them we needed this data for audit purposes or something like that," Noah said, "and then they exported the database and sent it to me."

With access codes from Twilio's enterprise clients, Noah and his accomplices were able to breach more companies. Overall, they ultimately obtained customer data from 209 companies using Twilio, including SMS verification codes. "We felt like gods," Noah said.

Days later, a cybersecurity firm called Group-IB, which assists Twilio clients, announced the data theft on its blog and named the hackers 0ktapus. A frightened Noah discarded his $3,000 computer and phone, replacing them with new devices. Soon after, a member of 0ktapus shared the data with another SIM swapper, who further disseminated it. As more "Com" members picked names from the database, the data lost all value on the black market.

Image: Jaque Silva/Getty Images

Members of Noah's team kept a low profile for a while, but when the police did not come knocking, they became bolder. According to Group-IB, 0ktapus continued to steal credentials from thousands of employees in 2022. Once they successfully accessed a corporate account, they would identify higher-privileged employees and target them. In December of that same year, the gang also stole personal information of 5.7 million customers from the cryptocurrency exchange Gemini Trust Co., owned by the Winklevoss twins, and put that information up for sale on criminal forums.

After Noah turned 18, he moved out of his father's house and into a long-term Airbnb in a quiet community on Florida's Palm Coast. He furnished his place with a bed, table, sofa, TV, and a cat with fur resembling an Oreo cookie, named Diana. He said, "I just want financial freedom, to hang out with my friends all day, and listen to music."

Once a week, he would drive his Dodge Challenger to a commercial street, choosing between an Olive Garden and a hibachi restaurant, leaving $100 to $200 in cash tips. He also enjoyed speeding down the highway at night, listening to music from Lil Uzi Vert, Playboi Carti, and Ken Carson.

Noah was often active on a forum called Leakth.is, where people would post "gems" (i.e., unreleased tracks) from their favorite artists. He decided to target employees of Universal Music Group NV and Warner Music Group Corp. to gain access to sound engineers' and producers' Dropbox or iCloud accounts, suspecting their files contained unreleased music.

In 2022, Noah used a Twitter account named King Bob to post a snippet he claimed was an unreleased Playboi Carti song titled "Money N Drugs." The name was a nod to the Minions in "Despicable Me." His account's follower count skyrocketed to 11,000 overnight. Various theories about King Bob's identity spread online, with fans speculating he might be a promoter from a music studio or a disgruntled production assistant. (The record label declined to comment, and Playboi Carti's manager did not respond to requests for comment.)

Noah claimed he was not the only one using the alias King Bob to steal music, and he believed that posting gems was promotional rather than theft. However, those he attacked had a different view. Nasir Pemberton, a producer who worked for Kanye West, A$AP Rocky, and Playboi Carti, accused Noah of stealing hundreds of his songs and sharing screenshots of his Dropbox on Discord. "He almost ruined my life," Pemberton said.

"It's all about status in their community. It's just flexing power."

0ktapus was not the only group within "Com" that drew attention. Another faction—later nicknamed "Scattered Spider" after teaming up with Noah's group—also sought to go beyond SIM swapping. This faction included some former members of Lapsus$, a group that had attacked Nvidia Corp. and Uber Technologies Inc. One member, a hacker named Jack, boasted about his connections with ransomware providers and had software to bypass advanced security tools. (Another member, Thalha Jubair, who prosecutors say went by the codename EarthtoStar, was arrested in the U.K. this month. U.S. prosecutors publicly charged the 19-year-old Jubair on September 18, alleging he helped extort 47 U.S. companies for a total of $115 million. His U.K. lawyer declined to comment.)

Noah thought it would be cool to collaborate with them. He began reaching out to Jack, who was impressed by the Twilio breach but belittled Noah and his friends' strategy of stealing databases by breaching companies. Jack believed it was much faster to make money by extorting the breached companies.

Noah said they gained access to an employee account at the cryptocurrency trading platform Crypto.com through conversation. They also used the United Parcel Service (UPS) system to collect personal data on potential victims. (A spokesperson for Crypto.com stated that the attack on its platform had not been previously reported by the media, that the information affected only "a very small number of individuals," and that no customer funds were accessed. UPS stated in 2023 that it had fixed the issue but declined to provide further details for this article.)

The group was eager to obtain more data. Noah claimed that during breaks in virtual classes, he used ChatGPT to research which organizations could access the personal details needed to steal cryptocurrency and which types of employees might have that information. In January 2023, they breached video game company Riot Games Inc., stealing the source code for its popular game League of Legends and some anti-cheat tools. They demanded $10 million to return the data, marking the group's first ransom request. Riot Games refused to pay.

Noah said he was not involved in the extortion attempt, but he had previously accessed the company through his phone scam skills. During the theft, he upgraded his personal Riot Games account, which became an important clue for investigators—along with a message he allegedly sent days later that seemed to acknowledge the attack.

Noah's booking photo. Source: Volusia County Sheriff's Office

On the morning of March 1, 2023, everything began to collapse. When Noah returned home from the vet with his cat, more than twenty FBI agents and police surrounded his car, demanding he open the door. He hesitated, worried that Diana would run away, which initially made them suspect he was hiding something. After he explained, the police allowed him to take the cat inside.

Noah sat on the couch reading the search warrant while the agents rummaged through his home, seizing his computer and iPhone. He refused to provide the password. When he asked to call his father, an FBI agent agreed and held Noah's phone up to his face in an attempt to unlock it. "Nice try," Noah thought, while dodging.

Prosecutors stated that federal agents seized approximately $4 million in cryptocurrency, $100,000 in cash, and $100,000 worth of jewelry, including a Rolex watch and five other watches. They also took a cash counting machine and Noah's Sony PlayStation 5. Noah said they left him with only $16 and a passport.

"Like any other father, my heart is broken, but I will always love him and will not give up on him before I die."

Noah was not arrested that day, but FBI agents accused him of breaching Riot Games and being involved in several cryptocurrency thefts. "They made me sit down and said, 'We know you're a social engineer,'" Noah recalled. "'We know you're part of Scattered Spider.'"

It turned out that the FBI had been tracking Noah since 2021, when he was marked as a low-level participant in a SIM swap incident in Portland, Oregon. Despite Noah's lack of technical skills, he was still "one of the top swappers we knew of at the time," said Special Agent Douglas Olson, who was involved in the case. "He was very, very good at tricking employees into swapping victims' phone numbers and obtaining personal information to commit crimes."

Noah moved back in with his father, who said he was shocked by the extent of his son's alleged criminal activities. That same month, they flew to Oregon with a lawyer, where FBI agents had been tracking Jank, one of Noah's associates. According to court documents, Noah admitted to prosecutors that he had stolen up to $15 million from late 2020 to early 2023. He stated that he would no longer engage in cryptocurrency or hacking activities.

Despite Noah's statements during the interview, FBI's Olson believed he "showed no remorse at all." Olson said Noah's entire social life revolved around committing cyber crimes, which desensitized him to the victims. In fact, Noah told agents that most of his earnings were almost immediately spent on cryptocurrency gambling and gaming sites. "It's all about status in their community," Olson said. "It's just flexing power."

Even after the raid at home, Noah continued his social engineering and music theft activities, according to an FBI agent involved in the investigation who requested anonymity. Cybercrime researchers noted that Scattered Spider seemed to lay low for a while after the raid. In September of that same year, the gang allegedly breached Caesars Entertainment Inc. and extorted the casino company for $15 million. According to insiders, Caesars did not respond to requests for comment.

Days later, MGM Resorts discovered that hackers had accessed its systems and stolen employees' Okta passwords. MGM shut down its computer systems. In the Las Vegas casino lobby, the slot machines' payout functions stopped working. Guests, including then-chairwoman of the Federal Trade Commission Lina Khan, were locked out of their rooms. The company did not pay the ransom, but the attack was estimated to have caused $100 million in damages.

The incident was shocking. Ransomware had typically been the domain of Russian groups, and now evidence suggested that this software was being used by hackers closer to home.

Cybersecurity firms CrowdStrike Holdings Inc. and Mandiant reported that Scattered Spider had been actively tracking their clients for months. These companies shared recordings of interactions between Scattered Spider and their customer service employees, and researchers were surprised to hear familiar accents. Jeff Lunglhofer, chief information security officer at cryptocurrency exchange Coinbase Global Inc., described them in 2023 as "young, articulate males," "quick on their feet, and even quite clever."

A month after the MGM attack, Microsoft Corp. described in a blog post that Scattered Spider's ransom notes had become increasingly aggressive. Members used home addresses and family names, along with physical threats, to coerce people into sharing passwords or codes, Microsoft stated. In November of that same year, the U.S. Department of Homeland Security warned that Scattered Spider was collaborating with the ransomware group AlphV, whose members spoke Russian and provided ready-made malware for ransom splits.

Noah denied involvement in the casino attack or deploying ransomware, and he was not charged with these crimes. However, the government suspected he had not fully reformed. Prosecutors later claimed that in August 2023, Noah withdrew $10,000 worth of Bitcoin from a wallet that the FBI was tracking, despite his promise to no longer engage with cryptocurrency. They discovered messages Noah sent to friends on Discord. One read: "I talked to a federal lawyer today. They said if I’m not indicted soon, I’m likely to win this case. You can’t imagine how bad it would be if I hadn’t gone into 'nuke mode' (referring to deleting everything on his computer)."

Analysis of Noah's accounts by the FBI showed that by mid-2022, he had helped transfer about $76 million through cryptocurrency exchanges and online gambling services. Noah said that figure was not entirely accurate but "close enough."

As law enforcement began to close in on Noah, some of his associates found themselves in another kind of trouble. Jank pleaded guilty in March 2023, admitting to conspiracy to commit telecom fraud. He continued hacking while on bail. In November of that same year, when he returned to his apartment in Portland, three men dragged him into a van. They bound his hands behind his back and put a hood over his head. The kidnappers repeatedly removed the hood to ask Jank where he hid his cryptocurrency, and when he did not answer, they tightened the hood around his neck. They did not know that federal agents had already seized $4 million in cryptocurrency from him.

"Damn," Jank recalled, sitting in a child-sized chair in a visiting room at the federal prison in Lompoc, California, as he recounted the kidnapping. "I thought I was going to die."

The next morning, a jogger found Jank tied to a pole, bruised and battered. Jank was arrested again a month after leaving the intensive care unit and was sentenced to six years in prison. He said being in prison now felt like a relief, with a scar still visible on his wrist from a cable tie, tattooed with a character from Futurama named Bender. He said his family could rebuild their lives without harassment, and he himself was no longer tempted to hack. "What we did, I think, was really bad," he said.

In October 2024, four men were arrested in connection with Jank's kidnapping. They all pleaded not guilty and are currently awaiting trial. Prosecutors stated that two other men were responsible for the kidnapping of Justin, the boy who had asked Noah for help in the video. The two were convicted of burglary and cryptocurrency theft. Justin managed to escape and was found by a state trooper on a Florida highway, 120 miles from home. He was unable to be reached for comment.

Screenshot of Noah's video call from a Florida prison. Photographer: Margi Murphy

Noah was arrested in January 2024, nine months after police searched his residence in Palm Coast. He was held without bail during his detention. Subsequently, California prosecutors charged him and four others with hacking attacks against 13 companies, including AT&T, T-Mobile, Verizon Communications Inc., Twilio, and Riot Games. Among those charged was his Scottish gaming friend Tyler Buchanan, who was arrested in Spain in June 2024 and extradited to the U.S., where he pleaded not guilty to the charges. Buchanan and his lawyer did not respond to requests for comment. AT&T, T-Mobile, Verizon, Twilio, and Riot Games also declined to comment.

Noah was not charged with music theft, but prosecutors mentioned King Bob in the indictment, and his booking photo quickly became a meme online. On social media, Playboi Carti fans called for the FBI to release Noah's stolen music collection. A Reddit user blamed Noah's parents for his criminal behavior, prompting Noah's father to respond on the site. "Sometimes people make choices that go against what they were taught," Urban wrote. "Like any other father, my heart is broken, but I will always love him and will not give up on him before I die."

Gregory Kehoe, a prosecutor in the Middle District of Florida, predicted that individuals like Noah would find it difficult to completely escape crime. "It's not just an addiction; it's their lifestyle," he said. "If your entire social network revolves around online interactions on multiple platforms, how likely are you to not return to that life even if you encounter some setbacks?"

Noah showed signs that he was not yet ready to give up his online life. He had been placed in solitary confinement twice for using smuggled phones. In August 2024, he posted on his X (formerly Twitter) account: "Bored." The judge overseeing his case was hacked, and prosecutors accused one of Noah's associates of being responsible.

"Fortune 500 companies like AT&T and T-Mobile were easily deceived by a group of teenage kids."

A few weeks after his arrest, Noah called a reporter from Businessweek to respond to an interview request. Over the next year, he would call from the prison in Stark, Florida, almost every week to share his experiences. He spoke politely, calmly, and had a relaxing sense of humor. He said that initially, most inmates were skeptical of this white kid locked up for "computer charges"—a term usually synonymous with sex crimes. But when his booking photo appeared in a segment about the MGM hacking incident on 60 Minutes, they began to change their minds about him.

In April 2024, Noah pleaded guilty to telecom fraud and aggravated identity theft. During a video call in July, he curled up under the bottom bunk of the 30-person dorm where he had lived for 19 months, just weeks away from sentencing. In previous calls, he sounded confident, discussing how to earn the respect of inmates and gambling with ramen noodles instead of millions of dollars. However, this time, his hair was combed down over his forehead, making him look young and awkward. He talked about a girl he once liked, with whom he played volleyball at school.

When he heard the news that four "Scattered Spider" suspects had been arrested in the UK, his expression barely changed. Noah said that as long as young people continued to recruit each other, this crime would persist. "I hope it will end, but I don't see that possibility."

On August 20, 2024, Noah appeared in federal court in Jacksonville wearing a navy blue prison jumpsuit with "PRISONER" printed on the back for sentencing. In a phone call the night before, he said he was "nervous and excited," expecting not to receive more than eight years in prison and feeling optimistic about his lawyer's request for five years.

His lawyer, Kathryn Sheldon, told the court that Noah had been led astray by older co-conspirators and had become involved in activities he thought were a game. "I'm not trying to shift the blame to Coinbase or other organizations," she said, "but it's shocking that Fortune 500 companies like AT&T and T-Mobile were easily deceived by a group of teenage kids."

Noah apologized to the victims and their families, promising to raise awareness about the exploitation he was responsible for. "Whenever I can get out, I want to focus on improving myself," he said.

But he did not receive the leniency he hoped for. U.S. District Judge Harvey Schlesinger, an 85-year-old former prosecutor who had been a judge since 1991, read statements from several of Noah's victims, including a former firefighter who had hoped to use his cryptocurrency savings to pay for IVF treatments, and a retiree who had to take a job as a delivery driver after losing his money. A business owner from Minneapolis, whose hundreds of thousands of dollars in cryptocurrency were meant for his children, was also present in the courtroom to hear the sentencing.

The judge sentenced Noah to 10 years in prison—longer than the sentence requested by prosecutors. The judge stated that although most of Noah's crimes were committed as a minor, he was clearly "smarter than most people." The longer sentence was intended to serve as a deterrent. He barely moved as the judge read a long list of victims he owed money to and ordered him to pay $13.4 million in restitution.

The next evening, Noah called from prison. He said he regretted hurting his family and the victims, but he seemed hopeful about the friendships he had built. "I'm not saying what I did was good; it was a terrible community, and what I did was bad," Noah said. "But I love my life. I like myself. I'm glad I got to live this life in my own way."

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。