They speak English, they are very young—sometimes only 11—and they are part of a murky, dangerous online network that threatens major retailers, cripples hospitals and sometimes extorts teenagers to tragic ends. Cyber investigators and law enforcement are trying to crack the code of “The Com,” a chaotic ecosystem where gamers become hackers and hackers become predators.
A new and worrying threat
In the traditional cyber world, we are used to clear categories: Eastern European ransomware gangs operating like businesses; ideological hacktivists; and lone data thieves. But in recent years, something has changed on the dark web. A new threat has emerged that undermines conventional definitions and poses an unprecedented headache for the FBI, the UK’s National Crime Agency (NCA), and cybersecurity firms worldwide. It has a name that sounds almost harmless: The Com, short for Community.
According to The Guardian, The Com is not a structured hierarchical organization. It is a chaotic, violent, English‑speaking ecosystem made up of thousands of members, most aged 16–25 and sometimes much younger.
Their activities span a disturbing range: from shutting down IT systems of major British retailers to bomb threats at schools, to cruel psychological manipulation that coerces girls to harm themselves on camera.
The latest victims linked to The Com are premium users of the world’s largest adult site, PornHub. Reports say a group called ShinyHunters, which grew out of The Com’s complex networks, gained access to users’ search histories and viewing habits. This is an invasion of privacy at the most intimate level—but to members of this community, it is just another trophy.
ShinyHunters emerged from the same network that spawned the notorious Scattered Spider collective, previously tied to breaches of major UK companies such as Marks & Spencer, the Co‑op and Harrods.
Blurred boundaries
The biggest challenge in confronting The Com is its lack of formal structure. There are no membership cards, no offices, no single boss—just a loose coalition with blurred lines. Aiden Synott, chief threat researcher at British cybersecurity firm Sophos, describes The Com as encompassing a broad spectrum of actors.
He says the network ranges from 11‑year‑olds trying to hack Minecraft to adults in their twenties who specialize in targeting vulnerable children online.
Synott’s description reveals a recruitment mechanism resembling cults or street gangs: The Com functions as a pipeline, with older community members identifying potential in young gamers and digitally grooming them. They build contact with children and coax or pressure them into committing escalating digital crimes. What starts as a prank or game cheat can evolve into sophisticated attacks seen from groups like Scattered Spider and ShinyHunters.
Communication within the community takes place on popular platforms like Discord and Telegram—closed chat rooms and encrypted channels where members share extreme, often illegal images, brag about successful hacks, and trade stolen information.
One Telegram channel, named after a combination of ShinyHunters, Lapsus$ and Scattered Spider, recently posted that it is responsible for The Com’s supply and demand—that is, directing what the community will do or at least set as targets. The implication is clear: these hubs are the economic and operational engines of the network.
A global struggle against The Com
This phenomenon is not hidden from law enforcement on either side of the Atlantic. Last July, the FBI issued an unusual public warning about The Com, describing it as an international online ecosystem of interconnected networks, primarily English‑speaking. The most troubling aspect of the FBI alert was the identity of the perpetrators—many of whom committing crimes are minors.
In the UK, the picture is grim as well. The National Crime Agency reported that Com‑related reports increased sixfold between 2022 and 2024. The NCA’s psychological profile of community members shows they are typically young men driven by status, power, control, misogyny, sexual gratification or an obsession with violent and extreme content.
Interestingly, this profile resembles the incel communities that made headlines about a decade ago on underground forums like 4chan, where misogyny spread and members encouraged online bullying and violent harassment against perceived enemies.
Unlike traditional hackers, often motivated by money, members of The Com mix dark impulses with the use of technical skill for cybercrime—a blend of hostile intent and criminal digital capabilities.
Octopus tentacles of the network
The Com is often divided into three main subgroups, though, as Synott notes, the boundaries are fluid:
1. Hacker Com:
The most recognized layer to the public and security professionals, including groups like ShinyHunters, Scattered Spider, and Lapsus$. Scattered Spider’s specialty is shutting down IT systems of large companies and extracting private data, often demanding crypto ransom for its return or non‑publication.
ShinyHunters and Lapsus$ have also stolen data without classic ransomware, instead causing reputational damage or selling information to third parties. Other activities include hacking social media accounts to run crypto scams.
A notable example is Noah Urban, a 20‑year‑old from Florida and former Scattered Spider member, who was sentenced this year to 10 years in prison for his role in a cybercrime campaign involving stolen cryptocurrency.
2. IRL Com (In Real Life Com):
If Hacker Com focuses on digital and economic harm, IRL Com seeks to drag violence off the screen and into reality. Linked to groups like Bricksquad and ACG, their main tactic is swatting—triggering armed police response to a victim’s address with false reports of violent incidents or hostages.
They have “summoned” SWAT teams to college campuses, sent bomb threats to schools, and even offer Violence‑as‑a‑Service—a grotesque business model that prices contracts for acts of violence, from vandalism to physical assault, sometimes against other Com members in internal conflicts.
3. Extortion Com:
Perhaps the darkest and most dangerous arm, focused on targeting vulnerable children and teenagers. A notorious group operating under this umbrella is known as “764.” According to the FBI, victims are usually 10–17 years old. The method is brutal: victims are coerced or threatened into live‑streaming or recording self‑harm, explicit sexual acts, or even suicide.
The horror doesn’t end with the act. The footage is then distributed among network members, allowing continued extortion and control through threats of further dissemination. While exploiting teens for sexual content and money is commonly known as sextortion, The Com adds cruelty for cruelty’s sake.
The UK’s NCA describes Com networks that manipulate victims (often children) into harming themselves, their siblings, or pets. Sophos data shows more than 250 active FBI investigations into this specific arm of The Com.
A new generation of cyber criminals
This terror is not limited to the U.S. In the UK this year, 19‑year‑old Cameron Finnigan from West Sussex was sentenced to nine years in prison after being convicted of possessing a terrorism document and encouraging someone online to end their life. British anti‑terror police described Finnigan as linked to group 764, labeled an “extreme satanic group” with a far‑right ideology.
Investigators and experts conclude that trying to fit The Com into neat categories is futile. As Aiden Synott puts it: “These aren’t three stable, separate columns. There is constant movement between the groups.”
Thus, the threat from The Com remains dynamic and evolving. What begins as a bored teen on Discord can end in a ransomware attack on a hospital or a family tragedy in a teenager’s bedroom. This is a new generation of cyber criminals—and they are not playing by the old rules.