The City of London Police has arrested seven teens who have been tied to the Lapsus$ hacking group. The group has been causing havoc to big tech companies like Microsoft, Samsung, Okta, Ubisoft, and Nvidia.
Lapsus$ has taken credit for some of the most audacious hacks in recent times, but it is now time to face the music. Not long ago, news broke that an England teenager, who is said to go about with the moniker ‘white’ was spearheading the hacking collective, although his mother denied being aware of any allegations against the boy. However, the release by Police did not indicate if the teen was among those arrested. According to Detective Inspector Michael O’Sullivan of the City of London Police, “The City of London Police has been conducting an investigation with its partners into members of a hacking group. Seven people between the ages of 16 and 21 have been arrested in connection with this investigation and have all been released under investigation. Our enquiries remain ongoing.”
The teen’s father spoke to BBC and expressed his shock at the alleged criminal activities of his son. I had never heard about any of this until recently. He’s never talked about any hacking, but he is very good on computers and spends a lot of time on the computer. I always thought he was playing games. We’re going to try to stop him from going on computers.”
The BBC reports the boy had earned about $14 million from hacking. He is believed to be autistic and attends a special education school in Oxford.
However, according to cybersecurity expert Brian Krebs, at least one member of Lapsus$ was tied to the data breach suffered by EA last year. This account was corroborated by a Vice article that pointed out that it foreshadowed the massive hacks the group would pull off.
Experts believe the head of the group was caught because he was doxxed by irate customers. He allegedly procured Doxbin, a website where people could put out personal information about others or search. Apparently, he didn’t maintain the site to the standard demanded by the users. He returned the site to the original owner after he had leaked the entire Doxbin dataset on Telegram. This led the whole community to dox him in return.
The community posted key info about him, including his net worth. “After a few years his net worth accumulated to well over 300BTC [close to $14m]… [he is] now is affiliated with a wannabe ransomware group known as ‘Lapsus$’, who has been extorting & ‘hacking’ several organisations.”
Security experts had been on the teenager’s trail for nearly a year. Allison Nixon, chief research officer at Unit 221B, a cyber-security firm, said “We’ve had his name since the middle of last year and we identified him before the doxing. Unit 221B working with [cyber-security company] Palo Alto after identifying the actor, watched him on his exploits throughout 2021, periodically sending law enforcement a heads-up about the latest crimes.”
Lapsus$ has grown in influence as more tech firms fell victim to its activities. It has a large presence on Telegram, where about 47,000 people subscribe to its channel.