Beginning around 2022, while still in high school, Coristine ran a company called DiamondCDN that provided network services, according to corporate and digital records reviewed by Reuters and interviews with half a dozen former associates. Among its users was a website run by a ring of cybercriminals operating under the name “EGodly,” according to digital records preserved by the internet intelligence firm DomainTools and the online cybersecurity tool Any.Run.
The digital records reviewed by Reuters showed the EGodly website, dataleak.fun, was tied to internet protocol addresses registered to DiamondCDN and other Coristine-owned entities between October 2022 and June 2023, and that some users attempting to access the site around that time would hit a DiamondCDN “Security check.”
On LinkedIn, Coristine describes himself as a “Volunteer (Intern) Plumber” with the U.S. government.
In 2023, EGodly boasted on its Telegram channel of hijacking phone numbers, breaking into unspecified law enforcement email accounts in Latin America and Eastern Europe, and cryptocurrency theft. Early that year, the group distributed the personal details of an FBI agent who they said was investigating them, circulating his phone number, photographs of his house, and other private details on Telegram.
EGodly also posted an audio recording of an obscene prank call made to the agent’s phone and a video, shot from the inside of a car, of an unknown party driving by the agent’s house in Wilmington, Delaware at night and screaming out the window, “EGodly says you’re a bitch!”
Reuters could not independently verify EGodly’s boasts of cybercriminal activity, including its claims to have hijacked phone numbers or infiltrated law enforcement emails. But it was able to authenticate the video by visiting the same Wilmington address and comparing the building to the one in the footage.
The FBI agent targeted by EGodly, who is now retired, told Reuters that the group had drawn law enforcement attention because of its connection to swatting, the dangerous practice of making hoax emergency calls to send armed officers swarming targeted addresses. The agent didn’t go into detail. Reuters is not identifying him out of concern for further harassment.
“These are bad folks,” the former agent said. “They’re not a pleasant group.”
Another individual who has been subject to abuse from EGodly and a cybercrime researcher who has followed the group said it was composed of hardened fraudsters, citing the group’s makeup and the credibility of its claims. Both asked not to be identified, citing fears of retaliation.
Even if the connection between Coristine and EGodly were fleeting, Nitin Natarajan, who served as the deputy director of CISA under former President Joe Biden, told Reuters it was worrying that someone who provided services to EGodly only two years ago was part of a group that has gained wide access to government networks.
“This stuff was not in the distant past,” he said. “The recency of the activity and the types of groups he was associated would definitely be concerning.”
Add new comment