A Florida teenager who served as a lackey for a cybercriminal group that specializes in cryptocurrency thefts was beaten and kidnapped last week by a rival cybercrime gang. The teen’s captives held guns to his head while forcing him to record a video message pleading with his crew to fork over a $200,000 ransom in exchange for his life. The youth is now reportedly cooperating with U.S. federal investigators, who are responding to an alarming number of reports of physical violence tied to certain online crime communities.
The grisly kidnapping video has been circulating on a number of Telegram chat channels dedicated to SIM-swapping — the practice of tricking or bribing mobile phone store employees into diverting a target’s phone number, text messages and calls to a device the attackers control.
The teen, known to the SIM-swapping community by the handle “Foreshadow,” appears to have served as a “holder” — a term used to describe a low-level member of any SIM-swapping group who agrees to carry out the riskiest and least rewarding role of the crime: Physically keeping and managing the various mobile devices and SIM cards that are used in SIM-swapping scams.
“Yo, Dan, please bro send the 200k,” Foreshadow said in the video, which was shot on Sept. 15 in the backseat of a moving car. Bleeding from a swollen mouth with two handguns pointed at his head, Foreshadow pleaded for his life. A still shot from that video is available here [Warning: the image is quite graphic].
“They’re going to kill me if you don’t,” Foreshadow continued, offering to get a job as a complicit mobile store employee or “plug” to help with future SIM-swaps. “I’ll pay you back. Just let me know what you need. I got you, for real. Any work for free. Whatever. However long you need me, too. I’ll apply to any store you need me to apply to. I can be a plug. I don’t care if I get caught by the cops or anything. I’ll get that money back for you. I used to do that work.”
It’s not clear where in the world the hostage video was recorded. But at one point in the video, the vehicle’s radio can be heard in the background mentioning WMIB, which is a hip-hop station in South Florida that serves both Ft. Lauderdale and Miami.
As Foreshadow’s hostage video began making the rounds on SIM-swapping Telegram channels, a rumor surfaced that Foreshadow had died after being shot in the leg. It soon emerged that Foreshadow had not died, and that he was cooperating with the Federal Bureau of Investigation (FBI). Members of the SIM-swapping community were then warned to delete any messages to or from Foreshadow. One of those messages read:
JUST IN: FORESHADOW IS NOT DEAD!!!!
HES CURRENTLY CO-OPERATING WITH THE FBI DUE TO HIM BEING KIDNAPPED AND AN ATTEMPT TO EXTORT HIM FOR 200K
IF YOU HAVE CHATS WITH HIM CLEAR THEM
Foreshadow appears to be a teenager from Florida whose first name is Justin. Foreshadow’s main Telegram account was converted from a user profile into a channel on Sept. 15 — the same day he was assaulted and kidnapped — and it is not currently responding to messages.
Foreshadow’s erstwhile boss Jarik told KrebsOnSecurity that the youth was indeed shot by his captors, and blamed the kidnapping on a rival SIM-swapper from Australia who was angry over getting shortchanged of the profits from a previous SIM-swapping escapade.
The FBI did not immediately respond to requests for comment.
Reached via Telegram, the alleged mastermind of the kidnapping — a SIM-swapper who uses the handle “Gus” — confirmed that he ordered the attack on Foreshadow because the holder had held back some of his stolen funds. In the same breath, Gus said Jarik was “gonna get done in next” for sharing Gus’ real name and address with KrebsOnSecurity.
“No1 cared about that nigga anyway, he snaked targs [targets] and flaunted it everywhere,” Gus said of Foreshadow. “I’ve been fucked over so many times I’ve lost millions. I am just a guy trying to make more money.”
Foreshadow’s experience is the latest example of a rapidly escalating cycle of physical violence that is taking hold of criminal SIM-swapping communities online. Earlier this month, KrebsOnSecurity detailed how multiple SIM-swapping Telegram channels are now replete with “violence-as-a-service” offerings, wherein denizens of the underground hire themselves out to perform various forms of physical violence — from slashing tires and throwing a brick through someone’s window, to conducting drive-by shootings, firebombings and home invasions.
On Aug. 12, 2022, 21-year-old Patrick McGovern-Allen of Egg Harbor Township, N.J. was arrested by the FBI and charged with stalking in connection with several of these violence-as-a-service jobs. Prosecutors say the defendant fired a handgun into a Pennsylvania home, and helped to torch another residence in the state with a Molotov Cocktail — all allegedly in service of a beef over stolen cryptocurrency.
Earlier this month, three men in the United Kingdom were arrested for attempting to assault a local man and steal his virtual currencies. The local man’s neighbor called the cops and said the three men were acting suspiciously and that one of them was wearing a police uniform. U.K. police stopped the three men allegedly fleeing the scene, and found a police uniform and weapons in the trunk of the car. All three defendants in that case were charged with “intent to cause loss to another to make an unwarranted demand of Crypto Currency from a person.”
Dina Temple-Raston and Sean Powers over at The Record recently interviewed several members of the SIM-swapping community about this escalation in violence. That story is also available on the Click Here podcast — Throwing Bricks for $$$: Violence-as-a-Service Comes of Age.
Crime is dangerous business…
While bad guys going after bad guys may seem like poetic justice, invariably innocent people while be harmed, either through mistaken identity or collateral damage because they happened to be in the wrong place at the wrong time. Maybe incidents like this will cause others to think twice about their illegal activities and cooperate with law enforcement in going after the criminals.
Only to the ignorant. What it is is ascension of Mafia-style crime. Never “good.”
FREE THE HOLDER
his boss jarik d0x is on d0xbin
THE PERSON WHO ARRANGED THE KIDNAPPING IS GUS FROM AUSTRALIA!!!
Gus is me memba of parliment. It’s a bloody outrage it is. we should take this all the way to tha prime minista.
Hey! Mista prime minista! ANDYYYYY!
“Aye mates, what’s the good word?”
Bro jarik is a skid, he said i did it, i Angus J Simpson didnt do anything, Come pull up @ 87 Ballina street, Lenox head.
It was Bruno Drundridge. Probably retribution from a SIM Swap that cost him 900 dollaridoos in Squatter’s Crog
I don’t feel sorry for cockroaches.
This person stole from others, this isn’t some kid breaching a router and messing with a printer for fun.
Printers have feelings too. Shame on you.
now my holder is gone, bruh, free him i will give him 25% more
Need to find this “Foreshadow” guy’s telegram. Need to impersonate him.
Maybe I’m being overly optimistic, or underestimating criminal OpSec. But it seems that violent crime is the kind of thing that makes law enforcement take close notice. And conducting that violence for pay makes the criminals more likely to get caught.
If that keeps happening, won’t smarter/more dangerous criminals have the sense to avoid the risk?
I’ve seen time and time again that criminal business can get by unnoticed most of the time until they are involved with violence or the organization starts dealing with drugs such as fentanyl. There was a site on the dark web for a while that only sold cannabis related products. I saw that site stay up for multiple years while other sites just as popular were being shut down left and right after just a few months. The only reason I can think of is because all the other sites had hard drugs available.
” Foreshadow’s main Telegram account was converted from a user profile into a channel on Sept. 15 — the same day he was assaulted and kidnapped — and it is not currently responding to messages.”
Unless the channel has comments enabled (which isn’t the default behavior last I checked), there’s really no way to send messages TO a channel in order to solicit a response. (And any such inquiries are unavoidably public, so, I’m not sure that’s a good idea anyway.)
It’s not the focus of the article, but I’d be grateful if you could clarify this section a little.
What’s confusing? As I said, I was not able to send messages to that telegram ID.
anyone got the link to the video or tg channel?
Hey can you upload it somewhere else i can’t see the videos for some reason.
If sim-swapping weren’t so easy and of value this wouldn’t be a thing.
DAMN BRUH IM NEXT… IM A CRYPTO HAVKER SIMMER WHEN AM I NEXT???
How dumb do you have to be to engage in online crime when your real identity is apparently already known?
If “Foreshadow” were just an anonymous handle, no one could have done this to him.
And how dumb do you have to be as a cryptocurrency holder to even make SIM-swapping a viable crime? Stop storing coins on exchanges. Stop using SMS as a 2-factor authentication method. Christ, half the point of cryptocurrency is *self-custody* of your own money. And stop advertising on social media under your real name that you even possess crypto.
Just profound stupidity all around.
From the article, he held physical objects like smartphones and physical SIM cards. SIM swappers also employ people to work in real world locations like mobile carrier stores to perform SIM swaps.
This isn’t 100% online.
You entirely missed the larger points.
Oi it was me who got this little prick done in
AYE SOMEONE ROB THAT FOOL KRXGOD I HEARD HE GOT 400K!!!!!
play stupid games, win stupid prizes
I’ve heard Enzo Rodriguez, from Quimper, France, had something to do with this.
If the man’s really that young, he doesn’t deserve this kind of treatment from anyone. I’d rather these people learn a lesson as a kid than being put in danger as an adult.