UK trio pleads guilty to running $10M MFA bypass biz A trio of men have pleaded guilty to running a multifactor authentication (MFA) bypass ring in the UK, which authorities estimate has raked in millions in less than two years. Callum Picari, Vijayasidhurshan Vijayanathan, and Aza Siddeeque have each admitted to responsibility for running OTP.agency, an underground operation …
It is one example of free speech in Telegram, when in fact, advertising criminal services must be illegal and blocked on any online platform. The alternative of legal enforcement involving the police, courts and 3 letter agencies is too slow and too costly.
Domain registers must collaborate much better with such cases.
It is an open question what to do with content legal in one jurisdiction and illegal in another. But the western cyberspace has it mostly overlapping and unified. While the egregious crime mentioned in the article is illegal in any non-terrorist territory.
Basically all egregious crimes, for which all countries agree upon, must be *censored* on the platform level. Thus the "free speech" discussion or speculation stops here.
In any case, they look a perfect fit for roles in the next Lock, Stock & Barrel film.
It looks to be fishing TOTP credentials. From the linked Krebs' article:
...The customer enters the target’s phone number and name, and OTP Agency will initiate an automated phone call to the target that alerts them about unauthorized activity on their account.The call prompts the target to enter a one-time password generated by their phone’s mobile app, and that code is then relayed back to the scammer’s user panel at the OTP Agency website.
“We call the holder with an automatic calling bot, with a very believable script, they enter the OTP on the phone, and you’ll see it in real time,” OTP Agency explained on their Telegram channel....
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
