The City of London police have arrested seven young people aged 16 to 21, accused of involvement in the Lapsus$ cybercrime group.
As SecurityLab previously reported, the leader of the group may be a 16-year-old teenager from Oxford hiding under the pseudonyms White and Breachbase. A teenager who allegedly “earned” $14 million from hacking was exposed by other cybercriminals and security researchers.
According to the BBC, the City of London Police arrested seven alleged participants of Lapsus$, but it is not specified whether the aforementioned boy is among them. All of them were released during the investigation. The investigation continues.
The teenager, whose real name cannot be disclosed because he is a minor, suffers from autism and has to attend a special school.
According to the boy’s father, until recently he knew nothing about his son’s occupation.
“He never said anything about any hacking, but he is well versed in computers and spends a lot of time behind them. I always thought he was playing games. We intend to restrict him from computers,” the father admitted.
White’s identity was revealed when other hackers docked him – posted his data on a hacker website when he allegedly quarreled with his “business partner”. In particular, the teenager’s real name, address and photos in social networks became known.
Cybercriminals also provided details about White’s hacking activities: “A few years later, his net worth exceeded more than 300 BTC (about $14 million – ed.) … now he is associated with a group known as Lapsus$, which is trying to become a cyber extortion group.”
Security researchers tracked the young hacker for almost a year, and they managed to link him to the activities of Lapsus$ and other hacks. According to the senior specialist of the information security company Unit 221B, Allison Nixon, her team managed to find out the boy’s real name in the middle of last year, even before his data was leaked to the Network by detractors.
Researchers tracked his activity by messages that the hacker published online in an almost continuous stream. Since the boy made mistakes in an attempt to cover his tracks, the specialists eventually managed to find him.
The Lapsus$ cyber-extortion group has been attracting a lot of public attention lately because of the high-profile hacks it has carried out. The list of its victims includes Nvidia, Samsung, Ubisoft, Okta and even Microsoft. However, the first victims of the group were several organizations in Brazil, which is why some researchers began to consider it South American.