UK Police Arrest 7 People In Connection With Lapsus$ Hacks (techcrunch.com) 9
An anonymous reader quotes a report from TechCrunch: Police in the United Kingdom have arrested seven people over suspected connections to the Lapsus$ hacking group, which has in recent weeks targeted tech giants including Samsung, Nvidia, Microsoft and Okta. In a statement given to TechCrunch, Detective Inspector Michael O'Sullivan from the City of London Police said: "The City of London Police has been conducting an investigation with its partners into members of a hacking group. Seven people between the ages of 16 and 21 have been arrested in connection with this investigation and have all been released under investigation. Our enquiries remain ongoing."
News of the arrests comes just hours after a Bloomberg report revealed a teenager based in Oxford, U.K. is suspected of being the mastermind of the now-prolific Lapsus$ hacking group. Four researchers investigating the gang's recent hacks said they believed the 16-year-old, who uses the online moniker "White" or "Breachbase," was a leading figure in Lapsus$, and Bloomberg was able to track down the suspected hacker after his personal information was leaked online by rival hackers. TechCrunch has seen a copy of the the suspected hacker's leaked personal information, which we are not sharing -- but it matches Bloomberg's reporting. City of London Police, which primarily focuses on financial crimes, did not say if the 16-year-old was among those arrested.
At least one member of Lapsus$ was also apparently involved with a recent data breach at Electronic Arts, according to [security reporter Brian Krebs], and another is suspected to be a teenager residing in Brazil. The latter is said to be so capable of hacking that researchers first believed that the activity they were witnessing was automated. Researchers' ability to track the suspected Lapsus$ members may be because the group, which now has more than 45,000 subscribers to its Telegram channel where it frequently recruits insiders and leaks victims' data, does little to cover its tracks. In a blog post this week, Microsoft said the group uses brazen tactics to gain initial access to a target organization, which has included publicly recruiting company insiders. As reported by Bloomberg this week, the group has even gone as far as to join the Zoom calls of companies they've breached and taunted employees trying to clean up their hack.
News of the arrests comes just hours after a Bloomberg report revealed a teenager based in Oxford, U.K. is suspected of being the mastermind of the now-prolific Lapsus$ hacking group. Four researchers investigating the gang's recent hacks said they believed the 16-year-old, who uses the online moniker "White" or "Breachbase," was a leading figure in Lapsus$, and Bloomberg was able to track down the suspected hacker after his personal information was leaked online by rival hackers. TechCrunch has seen a copy of the the suspected hacker's leaked personal information, which we are not sharing -- but it matches Bloomberg's reporting. City of London Police, which primarily focuses on financial crimes, did not say if the 16-year-old was among those arrested.
At least one member of Lapsus$ was also apparently involved with a recent data breach at Electronic Arts, according to [security reporter Brian Krebs], and another is suspected to be a teenager residing in Brazil. The latter is said to be so capable of hacking that researchers first believed that the activity they were witnessing was automated. Researchers' ability to track the suspected Lapsus$ members may be because the group, which now has more than 45,000 subscribers to its Telegram channel where it frequently recruits insiders and leaks victims' data, does little to cover its tracks. In a blog post this week, Microsoft said the group uses brazen tactics to gain initial access to a target organization, which has included publicly recruiting company insiders. As reported by Bloomberg this week, the group has even gone as far as to join the Zoom calls of companies they've breached and taunted employees trying to clean up their hack.
A minor heh? (Score:2)
LOL (Score:2)
The pun that "minors" are a "minority group" is a new one on me. If I had mod points, I'd give you +1 funny.
(They are not, of course, a minority group in any legal sense of the word.)
Pathetic on all sides (Score:2)
Of course, major companies that have IT security so abysmally bad that a 16 year old amateur can get in deserve all the pain that is coming their way, at least morally. That level of incompetence and apathy cannot be tolerated any longer. That said, this "hacker" is obviously a bloody amateur with no clue on how to hide his traces and minimal skills, coupled with a gigantic ego. Basically a cretin that throws Molotov-coctails at buildings and then cheers when one with bad fire-protection goes up in flames.
I
Re: (Score:2)
They do little if any hacking. They openly advertise for insiders who will let them into systems for pay. And apparently some people go for it.
Re: (Score:2)
They do little if any hacking. They openly advertise for insiders who will let them into systems for pay. And apparently some people go for it.
Interesting. So basically social engineers only. Makes sense. That way you can get into any company that does not make sure their employees are satisfied with their situation and hence loyal. I like to say that employees satisfied with their situation are a major component of IT security, but "management" typically does not want to hear that.
This does not pass the sniff test. (Score:2)
Usual bunch of aspies and social inadequates (Score:2)
no doubt. Mod me to hell but I'll be proved right.
Here is the Microsoft blog (Score:2)
it's somewhat interesting. [microsoft.com]
For those who discount kids, they have a lot of advantages over you.
1.) Lots more free time.
2.) No bills.
3.) No fear of repercussions, or muted at least, due to lack of foresight.
4.) Their IQs can be just as high if not higher than yours, what they lack in experience they can make up for with speed and ingenuity.