back to article UK trio pleads guilty to running $10M MFA bypass biz

A trio of men have pleaded guilty to running a multifactor authentication (MFA) bypass ring in the UK, which authorities estimate has raked in millions in less than two years.  Callum Picari, Vijayasidhurshan Vijayanathan, and Aza Siddeeque have each admitted to responsibility for running OTP.agency, an underground operation …

  1. Anonymous Coward
    Anonymous Coward

    Costly legal enforcement

    It is one example of free speech in Telegram, when in fact, advertising criminal services must be illegal and blocked on any online platform. The alternative of legal enforcement involving the police, courts and 3 letter agencies is too slow and too costly.

    Domain registers must collaborate much better with such cases.

    It is an open question what to do with content legal in one jurisdiction and illegal in another. But the western cyberspace has it mostly overlapping and unified. While the egregious crime mentioned in the article is illegal in any non-terrorist territory.

    Basically all egregious crimes, for which all countries agree upon, must be *censored* on the platform level. Thus the "free speech" discussion or speculation stops here.

    1. Yet Another Anonymous coward Silver badge

      Re: Costly legal enforcement

      Once they've agreed to that could all countries also agree not to spy on each other, declare war on each other or cheat at golf ?

    2. elsergiovolador Silver badge

      Re: Costly legal enforcement

      It's a big ask from pharmaceutical lobby to shut down herb sellers. I mean, they want law enforcement that we pay for to keep their competition at bay instead of solving crimes.

    3. Anonymous Coward
      Anonymous Coward

      Re: Costly legal enforcement

      Surely by them running adverts on Telegram that makes it easier for the cops to find them?

      It always puzzles me why dodgy geezers advertising in the open like this think it is a good idea...

  2. Anonymous Coward
    Anonymous Coward

    "Bragged"

    Well there ya go. And now you're collared, ya scum.

    1. Pascal Monett Silver badge

      Re: "Bragged"

      In any case, they look a perfect fit for roles in the next Lock, Stock & Barrel film.

      1. Yorick Hunt Silver badge
        Devil

        Re: "Bragged"

        They look more like rejects from the "Identikit" game.

  3. Anonymous Coward
    Anonymous Coward

    "but the NCA estimates it could be up to"

    Now wouldn't it be annoying if the perps keps accurate books and so they can plead guilty to having raked in exactly this much, probably low five figures after expenses, rather than the high six the crimefighters imagine?

  4. Hubert Cumberdale Silver badge

    "The group bragged they could steal one-time passwords from Apply Pay and 30+ sites"

    Apply? As in, a bit like an apple but not quite?

    1. bumpbumpbump

      It;s the version form Temu

  5. Mr Dogshit

    But how did it work?

    Curious minds need to know

    1. Guy de Loimbard Silver badge

      Re: But how did it work?

      That's exactly what was going through my mind as I read this article.

      Fully appreciate they're not going to publish the exact details, but I'd like to know what the MFA work around looks like in theory.

    2. Brewster's Angle Grinder Silver badge

      Re: But how did it work?

      It looks to be fishing TOTP credentials. From the linked Krebs' article:

      ...The customer enters the target’s phone number and name, and OTP Agency will initiate an automated phone call to the target that alerts them about unauthorized activity on their account.

      The call prompts the target to enter a one-time password generated by their phone’s mobile app, and that code is then relayed back to the scammer’s user panel at the OTP Agency website.

      “We call the holder with an automatic calling bot, with a very believable script, they enter the OTP on the phone, and you’ll see it in real time,” OTP Agency explained on their Telegram channel....

  6. clyde666

    time?

    Have they been in jail for 3 years?

    Arrested in March 2021. Three years to bring it to trial?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like