Lapsus$ has been in the news recently for hacking several high-profile tech companies. With the list of victims growing, Bloomberg has delved into the person(s) behind the operation.
While many teens preoccupy themselves with what is expected to fascinate teens, it appears at least one of their peers derives pleasure in hacking into tech companies’ data. The teen, allegedly based in England, has successfully raided companies including Nvidia, Samsung, Ubisoft, Okta, and Microsoft.
It seems the teen in question is the head of the Lapsus$ hacking group.
Bloomberg reports that at least four researchers going after Lapsus$ agree the teenager is the group’s brain. He allegedly uses online aliases ‘White’ and ‘breachbase.’
Despite their findings, the teen has not been indicted or accused by law enforcement, suggesting there is no concrete evidence tying him to all the hacks Lapsus$ has claimed responsibility for.
Bloomberg reports it spoke with the teen’s mother at home, where he lives about five miles away from Oxford University. However, the mother claimed she was not aware of any allegations against the teen. “She declined to discuss her son in any way or make him available for an interview, and said the issue was a matter for law enforcement and that she was contacting the police,” the publication wrote.
Apparently, Lapsus$ is more than just the teen as the group is suspected of having several members. Bloomberg claims another Brazilian teenager is involved, with seven other accounts linked to the hacking group.
Showing the sophistication of Lapsus$ members, the researchers thought Lapsus$ was automated.
Another named core member of Lapsus$ is Oklaqq, who also goes by the alias WhiteDoxbin. He is alleged to have purchased Doxbin, where people could upload or search for other users’ personal information for doxing purposes. Apparently, there was a shakeup, and WhiteDoxbin had to return the site to the original owner. However, the character leaked the whole of the Doxbin data set, which then led to the Doxbin community doxing WhiteDoxbin. A video allegedly showed the outside of his home during the night in the UK.
Meanwhile, Brian Krebes, a cybersecurity expert, claimed WhiteDoxbin might have been responsible for the EA data breach that occurred last year. “Back in May 2021, WhiteDoxbin’s Telegram ID was used to create an account on a Telegram-based service for launching distributed denial-of-service (DDoS) attacks, where they introduced themself as “@breachbase.” News of EA’s hack last year was first posted to the cybercriminal underground by the user “Breachbase” on the English-language hacker community RaidForums, which was recently seized by the FBI.”
According to Krebes, it would be fatal to dismiss Lapsus$ as an over-eager teen group. “While it may be tempting to dismiss LAPSUS$ as an immature and fame-seeking group, their tactics should make anyone in charge of corporate security sit up and take notice. Microsoft says LAPSUS$ — which it boringly calls “DEV-0537” — mostly gains illicit access to targets via “social engineering.” This involves bribing or tricking employees at the target organization or at its myriad partners, such as customer support call centers and help desks.”
He also points out how the group has grown. “The LAPSUS$ Telegram channel has grown to more than 45,000 subscribers, and Microsoft points to an ad LAPSUS$ posted there offering to recruit insiders at major mobile phone providers, large software and gaming companies, hosting firms, and call centers,” Krebes wrote.