A 20-year-old Florida man tied to one of the most disruptive cybercrime groups in recent memory has been sentenced to ten years in federal prison and ordered to pay $13 million in restitution to victims.
Noah Michael Urban of Palm Coast, Florida, better known in underground circles as Sosa, King Bob, Elijah, Gustavo Fring, and Anthony Ramirez, pleaded guilty earlier this year to charges of wire fraud and conspiracy.
Federal prosecutors said Urban and his co-conspirators engaged in SIM-swapping campaigns that diverted victims’ mobile phone calls and text messages to devices under their control, allowing the theft of at least $800,000 from five individuals between August 2022 and March 2023.
Although prosecutors initially recommended an eight-year term, the judge imposed a 120-month sentence along with three years of supervised release. The restitution order, which covers both Florida and California cases against Urban, was set at $13 million.
Scattered Spider Operations
Urban was indicted in Los Angeles in late 2024 as one of five key members of Scattered Spider, also tracked as Oktapus, Scatter Swine, and UNC3944. The group specialized in SMS phishing (smishing) and voice phishing (vishing) campaigns that targeted employees of U.S. companies. Victims were lured to fraudulent authentication portals mimicking Okta login pages, tricked into entering passwords and MFA codes, and then exploited for access into corporate environments.
The operation spanned the summer of 2022 and hit more than 130 organizations, including Twilio, LastPass, DoorDash, MailChimp, and Plex. Stolen access enabled follow-on intrusions, theft of proprietary data, and millions of dollars’ worth of stolen cryptocurrency.
Star Fraud and SIM-Swapping Tactics
Urban wasn’t just part of Scattered Spider, he also belonged to Star Fraud, a notorious collective of SIM-swappers with a reputation for attacking major telecom providers. Investigations found that Star Fraud members repeatedly compromised mobile carrier employees, gaining temporary control over victims’ phone numbers.
In one seven-month span in 2022, Star Fraud boasted of 100 separate intrusions into T-Mobile systems, according to logs published by KrebsOnSecurity. These SIM-swapping capabilities were critical to high-profile extortion campaigns, including the MGM Resorts and Caesars Entertainment breaches in 2023.
Urban’s Online Persona: “The Com” and Leaked Music
For years, Urban was a fixture in The Com, a largely Telegram- and Discord-based community of English-speaking cybercriminals. Using the moniker King Bob, he frequently bragged about stealing unreleased rap music, or “grails,” often obtained via SIM-swapping techniques. Some of these tracks were sold; others were given away freely on forums.
Judge Targeted in Hack
In an extraordinary development, Urban’s case intersected with a direct attack on the judiciary itself. While Urban was in federal custody, a co-defendant in the California prosecution reportedly hacked into a magistrate judge’s email account and accessed sealed documents tied to Urban’s indictment.
Court transcripts from February 2025 confirm the breach occurred after an attacker impersonated a judge in a call to a court contractor, successfully requesting a password reset. Judge Harvey E. Schlesinger, presiding over Urban’s case, later described it as a “big faux pas” and confirmed the compromise had been traced to Scattered Spider associates attempting to gather intelligence on Urban’s legal proceedings.
Urban, speaking through one of his online accounts, has insisted his sentence is unjust, claiming the judge in his case failed to account for his age and bias stemming from the incident.
Broader Implications
The sentencing of Noah Urban marks a significant milestone in U.S. law enforcement’s pursuit of Scattered Spider and affiliated groups. Yet the threat posed by these actors remains. Scattered Spider continues to operate, reportedly forming new alliances with ShinyHunters and LAPSUS$ under the larger umbrella of The Com. Analysts say these alliances are intended to consolidate resources in response to law enforcement crackdowns, producing more versatile and dangerous operations.
Flashpoint research has noted Scattered Spider’s wave-based attack strategy, in which entire sectors are targeted in short, concentrated bursts. By focusing on human weaknesses rather than purely technical flaws, groups like Scattered Spider demonstrate how deception remains one of the most effective paths into corporate systems.
How Can Netizen Help?
Founded in 2013, Netizen is an award-winning technology firm that develops and leverages cutting-edge solutions to create a more secure, integrated, and automated digital environment for government, defense, and commercial clients worldwide. Our innovative solutions transform complex cybersecurity and technology challenges into strategic advantages by delivering mission-critical capabilities that safeguard and optimize clients’ digital infrastructure. One example of this is our popular “CISO-as-a-Service” offering that enables organizations of any size to access executive level cybersecurity expertise at a fraction of the cost of hiring internally.
Netizen also operates a state-of-the-art 24x7x365 Security Operations Center (SOC) that delivers comprehensive cybersecurity monitoring solutions for defense, government, and commercial clients. Our service portfolio includes cybersecurity assessments and advisory, hosted SIEM and EDR/XDR solutions, software assurance, penetration testing, cybersecurity engineering, and compliance audit support. We specialize in serving organizations that operate within some of the world’s most highly sensitive and tightly regulated environments where unwavering security, strict compliance, technical excellence, and operational maturity are non-negotiable requirements. Our proven track record in these domains positions us as the premier trusted partner for organizations where technology reliability and security cannot be compromised.
Netizen holds ISO 27001, ISO 9001, ISO 20000-1, and CMMI Level III SVC registrations demonstrating the maturity of our operations. We are a proud Service-Disabled Veteran-Owned Small Business (SDVOSB) certified by U.S. Small Business Administration (SBA) that has been named multiple times to the Inc. 5000 and Vet 100 lists of the most successful and fastest-growing private companies in the nation. Netizen has also been named a national “Best Workplace” by Inc. Magazine, a multiple awardee of the U.S. Department of Labor HIRE Vets Platinum Medallion for veteran hiring and retention, the Lehigh Valley Business of the Year and Veteran-Owned Business of the Year, and the recipient of dozens of other awards and accolades for innovation, community support, working environment, and growth.
Looking for expert guidance to secure, automate, and streamline your IT infrastructure and operations? Start the conversation today.
