Noah Michael Urban, a 20-year-old from Palm Coast, Florida and a central member of the Scattered Spider cybercrime collective, was sentenced to 10 years in federal prison on August 20, 20251. The sentencing follows Urban’s guilty plea in April 2025 to charges of wire fraud and conspiracy in Florida, as well as a separate count of conspiracy to commit wire fraud in California2. The court also ordered Urban to pay $13 million in restitution and to undergo three years of supervised release upon completion of his prison term. This case highlights the legal consequences for participants in high-profile cybercrime groups and the persistent threat posed by social engineering attacks against major corporations and individuals.
Case Details and Criminal Charges
The Florida charges against Urban stemmed from a series of SIM-swapping attacks that resulted in the theft of at least $800,000 from five identified victims1. SIM-swapping is a technique where attackers fraudulently convince a mobile carrier to transfer a victim’s phone number to a SIM card they control, thereby intercepting two-factor authentication codes and gaining access to sensitive accounts. The California charges were part of a broader November 2024 indictment against five Scattered Spider members. These charges were related to extensive SMS phishing campaigns, also known as smishing, which targeted employees at over 130 companies during 20222. The group specifically impersonated Okta identity management login pages to harvest corporate credentials from employees at major firms including Twilio, LastPass, DoorDash, MailChimp, and Plex.
Scattered Spider’s Tactics and Techniques
Operating under the aliases “King Bob” and “Sosa,” Urban was a member of both Scattered Spider, also tracked as Oktapus or UNC3944, and the SIM-swapping group “Star Fraud”1. The group is notorious for its focus on social engineering rather than technical exploitation, claiming over 100 successful breaches of T-Mobile infrastructure within a seven-month period in 2022. According to analysis by Flashpoint, Scattered Spider employs a “wave-like” approach, intensively targeting specific sectors with social engineering campaigns before moving on2. The group has also formed alliances with other prominent threat actors, including ShinyHunters and LAPSUS$, to expand its capabilities and impact. This collaborative model allows for the sharing of resources, stolen data, and techniques, increasing the overall threat level.
Unprecedented Courtroom Intrusion
A remarkable aspect of this case involved the group directly targeting the judicial process itself. During the proceedings, hackers socially engineered an outside court contractor to change a magistrate judge’s password, gaining access to official email accounts and stealing a copy of Urban’s sealed indictment1. This incident, confirmed in a February 2025 status hearing transcript, demonstrates the audacity and reach of these groups even when under legal scrutiny. Urban reportedly claimed his sentence was unjust, alleging the presiding judge, Harvey E. Schlesinger, delivered a harsher penalty than prosecutors requested because the judge was personally affected by this breach during the case.
Asset Seizure and Financial Impact
Authorities made a significant financial impact on Urban’s operations well before sentencing. In March 2023, law enforcement seized cryptocurrency assets from Urban worth approximately $2.89 million1. By October 2024, the value of these seized assets had appreciated to an estimated $3.67 million. This seizure demonstrates the increasing capability of law enforcement agencies to track and recover cryptocurrency proceeds from cybercrime operations. The $13 million restitution order reflects the substantial financial damage caused by Urban’s activities across multiple victims and organizations.
Broader Context and Industry Implications
The sentencing occurs alongside several other significant developments in the technology and security landscape reported on August 20-21, 2025. These include a major copyright lawsuit filed by Getty Images against Stability AI for using millions of photos without permission to train AI tools, Google’s announcement of new Pixel devices with advanced security features including C2PA Content Credentials for identifying AI-edited images, and a reported $50 price increase for PlayStation 5 consoles attributed to economic pressures2. Additionally, OpenAI reported reaching its first $1 billion revenue month in July 2025, while Microsoft faced scrutiny over its security practices following reports that China-based engineers were maintaining Pentagon cloud systems without proper disclosure2.
The relevance of this case extends beyond the immediate legal consequences for one individual. The techniques employed by Scattered Spider—particularly social engineering, SIM-swapping, and phishing—remain highly effective against many organizations. Defense against these threats requires a combination of technical controls and user awareness training. Multi-factor authentication methods resistant to SIM-swapping, such as hardware security keys or authenticator applications, should be implemented for all critical accounts. Organizations should also establish strict verification procedures for any requests to change account credentials or access privileges, particularly those received via telephone or email.
The sentencing of Noah Michael Urban represents a significant milestone in the legal response to cybercrime groups that specialize in social engineering attacks. While the 10-year prison term and $13 million restitution order send a strong message about the consequences of such activities, the concurrent breach of court systems demonstrates the ongoing challenge these groups present. Organizations must remain vigilant against social engineering threats, implementing both technical safeguards and comprehensive training programs to protect against these persistent attacks. The case also highlights the growing effectiveness of law enforcement in tracking and seizing cryptocurrency proceeds from cybercriminal operations.
References
- KrebsOnSecurity: SIM-Swapper, Scattered Spider Hacker Gets 10 Years
- Bloomberg: Scattered Spider Member Sentenced to 10 Years in String of Hacks
- The Hacker News: Scattered Spider Hacker Gets 10 Years in Prison for SIM Swapping Attacks
- BleepingComputer: Scattered Spider Hacker Gets Sentenced to 10 Years in Prison
- The Cyber Security News (X): Scattered Spider Sentencing Announcement
