Full Report
Baron Cain Martin, a 21-year-old, allegedly joined the nihilistic violent extremist group in 2019. Officials described his alleged crimes as “atrocious” and “so depraved they defy comprehension.” The post Alleged 764 leader arrested in Arizona, faces life in prison appeared first on CyberScoop.
Analysis Summary
# Threat Actor: Baron Cain Martin / "Convict" (Associated with 764)
## Attribution & Identity
* **Identity:** Baron Cain Martin, a 21-year-old male from Tucson, Arizona.
* **Known Aliases:** "Convict" (among many others).
* **Associated Groups:** Leader within "764," a nihilistic violent extremist group. 764 is described as an offshoot of "The Com," a global collective involved in criminal activities.
* **Attribution Notes:** Allegedly joined at least by 2019 and rose to a leadership position within the structure.
## Activity Summary
Baron Cain Martin was arrested in December (prior to the article date) and faces 29 federal charges for running a loose-knit collective (764). His alleged activities include:
* Running an enterprise focused on child exploitation and sextortion.
* Producing and distributing Child Sexual Abuse Material (CSAM).
* Cyberstalking and coercing minors into sexual activity.
* Conspiracy to commit wire fraud.
* Providing material support to terrorists.
* Allegedly providing expert advice and support in a conspiracy to kill or maim a person in a foreign country.
* Conspiring to coerce a victim outside the U.S. to self-harm, self-mutilate, and self-kill.
* Animal torture/crushing.
## Tactics, Techniques & Procedures
* **Grooming/Exploitation:** Wrote and allegedly distributed an influential online guide detailing how to identify, groom, and extort vulnerable children, specifically advising targeting those struggling with mental health.
* **Leadership/Direction:** Acted as an influencer and leader within 764, respected for his "atrocious and extreme" acts.
* **Material Support to Terrorism:** Charged with providing material support to terrorists due to the nature of the network’s activities.
* **Cybercrime:** Employed cyberstalking and wire fraud.
* **Violence/Coordination:** Provided assistance/advice for conspiracy to commit violent acts (murder/maiming) overseas.
* **MITRE ATT&CK IDs:** Not explicitly mentioned in the text, but likely relevant tactics would fall under **T1559 (Inter-Process Communication)**, **T1566 (Phishing)** for initial access to victims, and **T1590 (Acquisition Needs)** related to reconnaissance and identifying vulnerable targets.
## Targeting
* **Sectors:** Not sector-specific, criminal enterprise targeting vulnerable individuals.
* **Geography:** Based in Tucson, Arizona; accused of conspiring regarding victims both domestically and internationally (one victim outside the U.S.).
* **Victims:** Vulnerable minors (some as young as 13), particularly those struggling with mental health issues for sophisticated extortion.
## Tools & Infrastructure
* **Malware Families Used:** None specified.
* **Infrastructure:** Relied on online platforms for the propagation of CSAM and distribution of his grooming guide. The activities strongly imply the use of encrypted or decentralized communication methods common in extremist/predatory networks. (No specific URLs or IPs defanged due to lack of mention).
## Implications
Baron Cain Martin represents a high-severity threat due to his leadership role, the extremity of his alleged crimes (including terrorism charges and foreign murder conspiracy), and his influence in disseminating operational knowledge (the grooming guide) to a wider network (764/The Com). His arrest, alongside other leadership figures, suggests successful multi-agency operations aimed at dismantling this specific extremist/criminal infrastructure is underway. His reported influence suggests the network may have sustained internal support structures based on his methodology.
## Mitigations
* **Vigilance for Cyber Predators/Extremists:** Parents must remain vigilant regarding threats children face online, particularly concerning grooming tactics targeting mental health vulnerabilities.
* **Indicator Monitoring:** Monitor communications and online communities for the sharing of extremist manifestos, exploitation guides, or methodologies associated with nihilistic violent extremist groups.
* **Disinformation/Influence:** Be aware that influential members are creating and distributing "how-to" guides to radicalize and guide criminal behavior within online subcultures.
* **Law Enforcement Coordination:** Continued collaboration between federal agencies to "dogpile" and dismantle interconnected, loose-knit criminal networks like 764 and The Com.