Tech

‘The Comm’: The Group Linked to a Nationwide Swatting Rampage

SWAT team

The FBI is investigating a cybercriminal group called “the Comm” whose members are allegedly involved in a nationwide wave of swattings that impacted schools and universities earlier this year, according to court records reviewed by Motherboard.

The FBI arrested at least one alleged member of the group, Braiden Williams, in May. Posts on the messaging app Telegram uncovered by Motherboard suggest authorities may have arrested another member too.

Videos by VICE

The news comes as schools and universities around the country face an onslaught of swatting calls, in which criminals phone law enforcement or the schools themselves and make bogus threats of bombings or mass shootings. The idea generally is to elicit a response from police which then shuts the school down.

“I am currently involved in an investigation of cyberstalking by WILLIAMS and other co-conspirators who have threatened to commit bombings of numerous universities throughout the United States,” an affidavit written by FBI Special Agent Zachary Fuller reads. Seamus Hughes, who runs Court Watch, first alerted Motherboard to the affidavit. Motherboard then uncovered more court records that relate to the group.

Do you know anything else about the Comm or ACG? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, or email joseph.cox@vice.com.

In May, the Ambler Police Department in Pennsylvania contacted the FBI concerning numerous nationwide bomb threats. These threats were made in the name of a 15 year old girl the FBI refers to in its affidavit as VICTIM A. “Emails were sent to hundreds of schools and universities describing VICTIM A’s purported plans to commit acts of mass violence. These emails caused significant disruptions at schools and universities across the country, especially because they occurred on a weekend when many schools were hosting graduations,” the document reads.

A sister of the victim, called VICTIM B in the affidavit, told investigators that recent swatting attacks involved the “Comm Group.”

The Comm uses Discord and Telegram to engage in a wide spread of criminal acts, according to the complaint. These include SIM swapping, stealing cryptocurrency, swatting, and “corporate intrusions,” it reads. The Comm also commissions real life violence, according to the complaint. In September, Motherboard reported on the dramatic pivot in SIM swapping communities turning to real world acts, such as firebombings, shootings, and kidnappings. 

A subgroup within the Comm refers to itself as ACG, according to the complaint. ACG has been involved in all of those types of crime since at least summer 2021, it adds. Williams was a member of the Comm and worked with ACG to perform SIM swaps, steal hundreds of thousands of dollars, and launder those proceeds before sending them to ACG’s leaders, the complaint alleges. ACG also engage in online gambling, it adds.

Williams or his co-conspirators allegedly SIM swapped their way into targets’ Coinbase accounts, and Wiliams admitted to FBI agents in an interview that he worked with ACG, according to another set of court records filed in California found by Motherboard. He told agents he used the illicit funds for a trip to Europe and to buy an orange 2020 Dodge Challenger, a black 2015 Ford Mustang, and a 2016 Dodge Challenger, those court records add.

comm-to-publish.jpg
A section of the affidavit. Image: Motherboard.

The FBI arrested Williams for those SIM swapping charges on July 22, 2022, the records say. He was released a few days later with some prohibitions on his internet access. In November, he was arrested again by local Kansas law enforcement following a high-speed chase, according to the court records. He was then, again, taken into custody by the U.S. Marshals for allegedly violating his bail conditions, and was transferred from Kansas to California a few months later. A judge then ordered Williams be released to a halfway house. That’s when the alleged harassment against VICTIM A appears to have started.

When FBI agents executed another warrant against the halfway house where Williams was staying, an agent found Williams’ phone was actively participating in a Discord call named “ACG MEETING.”

Motherboard found multiple references to ACG inside SIM swapping-focused Telegram groups Motherboard has access to. These include alleged dox of a young girl targeted in part by “Acg Dritan” and “Acg Joey,” according to Telegram posts. Next to photos of the young girl, the posts also appear to show images of someone harming themselves.

the-comm-to-publish-2.jpg
A section of the affidavit. Image: Motherboard.

Another post mentions “acg aspertaine.” A man called James Thomas Andrew McCarty who allegedly used the nickname Aspertaine appears in multiple court records uncovered by Motherboard. McCarty allegedly swatted multiple schools, police departments, and private residences. McCarty and a co-conspirator then allegedly mocked responding law enforcement officers through Ring cameras they hacked, according to court records.

Motherboard also found a rap video on YouTube that claims to come from ACG Joey. It includes numerous mentions of SIM swapping and cryptocurrency, including “just linked the Coinbase,” “I hit a Verizon,” “made more money off SIMs.” 

The latest affidavit against Williams goes into detail about alleged harassment he conducted against VICTIM A specifically. She told investigators she accepted a Snapchat friend request from Williams in the fall of 2022. The pair chatted over the next few months on Snapchat, Telegram, and Discord, according to the complaint. As mentioned, Williams then went to jail. VICTIM A then decided not to have any more contact with Williams, and blocked Williams from communicating with her when she learned in around April 2023 that Williams had been released.

VICTIM A then faced a wave of harassment, including unsolicited food deliveries at her home. She noticed her online food delivery account had an unauthorized access notification, according to the complaint. She attributed this to Williams, it adds. Two masked males also used a brick to smash the Blink doorbell and then threw a brick through the glass front door of a house neighboring VICTIM A’s. Attached to the brick a handwritten note read “msg us or else”.

On May 13, VICTIM A then communicated with who she believed to be Williams through a friend’s Telegram account. The person made a threat to “bomb [her]” and “get active” if she did not communicate with him.

The FBI’s Kansas City Field Office, which the affidavit says has been investigating the Comm, declined to comment. Prosecutors listed on the docket of Williams’ latest case did not respond to a request for comment. Williams’ federal public defender acknowledged a request for comment, but did not provide a statement in time for publication. 

NPR reported 182 schools in 28 states received false calls about threats in September and October. In March, VICE News covered a deluge of swatting calls across Pennsylvania, New Jersey, Massachusetts, Rhode Island, Ohio, and Iowa. Then in April, Motherboard revealed a specific computer generated swatting service called Torswats was causing havoc across America.

Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.