Adam Young, former CEO, and Harrison Gevirtz, former CSO of C.A. Cloud Attribution, Ltd., have pleaded guilty to misprision of a felony. They concealed a global scheme run by tech support scammers active from early 2017 to April 2022. C.A. Cloud's infrastructure didn't just conceal; it actively optimized this criminal operation, providing essential tools for these illicit activities.
How C.A. Cloud Enabled Tech Support Scammers
C.A. Cloud's system facilitated this operation through several key mechanisms, moving far beyond passive service provision to active complicity in the schemes of tech support scammers:
- Infrastructure Provisioning: C.A. Cloud supplied core telecommunications services: telephone numbers, call recordings, call forwarding, and call-tracking. While standard for legitimate operations, these became critical infrastructure for the fraud scheme, allowing attackers to maintain consistent communication channels and manage their illicit campaigns effectively. This robust infrastructure was a backbone for the global network of these illicit operations.
- Evasion Tactics Consulting: Young and Gevirtz directly advised fraudulent clients on detection evasion. They recommended using large, rotating pools of telephone numbers. This strategy, similar to techniques used to clear network connection history, allowed scammers to maintain operational continuity and hinder law enforcement tracking. Such direct consultation provided a significant advantage to the fraudsters they served.
- Market Making for Fraud: In addition to direct advice, executives instructed sales staff to target known fraudulent businesses. They also facilitated connections between fraudsters, creating a marketplace for buying and selling call traffic. This network effect greatly expanded the criminal operation, making it harder to disrupt and empowering a wider array of these criminal enterprises.
- Direct Participation: Young and Gevirtz directly operated a call center in Tunisia. Employees there executed tech support fraud, fraudulently accessing victim computers via compromised links, impersonating Microsoft and Apple support, issuing false invoices, and exfiltrating personal and financial data. This showed they had direct operational knowledge of the attack chain they were enabling for others, essentially running their own team of fraudsters.
This goes beyond passive concealment. C.A. Cloud built a platform, supplied the tools, and provided operational guidance, even running these playbooks directly. The sophistication of their enablement allowed tech support scammers to operate with a degree of impunity that would otherwise be impossible.
The operational tactics employed by these fraudsters, both directly by the Tunisia call center and by C.A. Cloud's clients, align with established attack chains. Initial access often leveraged T1566.002 (Phishing: Spearphishing Link) through deceptive pop-up ads or compromised links. Once a victim engaged, the attackers would utilize social engineering to gain remote access, frequently employing T1021 (Remote Services) to control the victim's machine. This access facilitated the collection of sensitive data (T1005 - Data from Local System) and its subsequent exfiltration (T1041 - Exfiltration Over C2 Channel), alongside the generation of fraudulent invoices. These methods are hallmarks of organized tech support scammers.
The Global Reach of Tech Support Scammers
The case of C.A. Cloud Attribution highlights the increasingly global and interconnected nature of cybercrime. The company, based in the US, facilitated operations for tech support scammers across continents, with a direct call center in Tunisia targeting victims worldwide. This international coordination presents significant challenges for law enforcement, requiring cross-border collaboration and complex investigations to dismantle these networks. The ability of these scammers to leverage global infrastructure underscores the need for a unified international response to combat such pervasive fraud.
The anonymity provided by rotating phone numbers and encrypted communication channels further complicates tracking and prosecution. This global reach means that victims can be anywhere, and the perpetrators can operate from virtually any location with internet access, making the fight against such fraud a truly global endeavor.
Victims Bear the Brunt of Tech Support Scammers
The operational impact of this enablement is significant. Tech support fraud resulted in American losses of at least $2.1 billion in 2025, according to nearly 48,000 complaints filed with the FBI's Internet Crime Complaint Center (IC3). These figures represent direct financial exfiltration, often targeting vulnerable populations, including the elderly and those less familiar with technology. The tactics employed by tech support scammers are designed to exploit trust and fear, leading to devastating financial and psychological consequences.
Numerous reports detail the financial and psychological damage, underscoring the tangible cost of these operations. Victims often face not only monetary losses but also identity theft, compromised personal data, and a profound sense of violation and shame. The long-term effects can include severe emotional distress, anxiety, and a reluctance to trust legitimate technical assistance. The human cost of these schemes, enabled by companies like C.A. Cloud, extends far beyond the reported financial figures, highlighting the devastating impact of these fraudsters.
Protecting Yourself from Tech Support Scammers
Given the pervasive threat, individuals and organizations must adopt proactive measures to protect themselves from tech support scammers. For individuals, it's crucial to remember that legitimate tech companies like Microsoft or Apple will never proactively call you to offer support or demand remote access to your computer. Be wary of unsolicited calls, pop-up messages, or emails claiming your computer is infected. Always verify the identity of the caller and never provide personal or financial information to unverified sources. If you suspect a scam, hang up and report it to the authorities.
For businesses, this case highlights how the evolving legal landscape is compelling organizations relying on third-party services to conduct more granular vendor risk assessments. Consequently, due diligence practices are observed to be extending beyond mere service offerings, scrutinizing how those services are deployed and the vendor's awareness of their clients' operational intent. This highlights a critical supply chain security issue, far beyond a simple compliance checkbox. Ensuring that your vendors are not inadvertently or intentionally enabling such illicit activities is paramount for corporate responsibility and security.
Holding Enablers Accountable
The guilty plea for misprision of a felony, carrying a maximum three-year federal prison sentence and fines up to $250,000, marks a legal precedent. Sentencing is scheduled for June 16, 2026. While legal proceedings continue, the financial impact on those targeted by these schemes has already been realized. This case clearly distinguishes between providing a service and actively enabling criminal operations. Advising fraudsters on detection evasion, direct marketing to known illicit entities, and facilitating their network connections moves a provider beyond neutrality into complicity, directly supporting the actions of tech support scammers.
The Department of Justice appears to be expanding accountability for corporate leaders involved in cybercrime enablement. The focus is shifting from solely prosecuting direct perpetrators to targeting the infrastructure providers and expertise suppliers that scale these illicit operations. This broader approach is essential to disrupt the entire ecosystem that allows tech support scammers to thrive.
Tech platforms are not neutral conduits. Their design and operational choices carry direct consequences, and this case illustrates that individuals responsible for decisions actively supporting criminal enterprises will face legal accountability. This ruling sends a clear message to any company or individual considering profiting from such illicit activities: complicity will not be tolerated.
