[BreachExchange] Optimistic father of LAPSUS$ hacking suspect says he’s going to try to stop him using computers

Fri Mar 25 15:25:02 EDT 2022

https://grahamcluley.com/optimistic-father-of-lapsus-hacking-suspect-says-hes-going-to-try-to-stop-him-using-computers/

British police arrested seven people earlier this week in relation to a
wave of attacks launched by the LAPSUS$ hacking group, against firms such
as Microsoft, NVIDIA, Ubisoft, Samsung, and Okta.

LAPSUS$ has become notorious not only for its successful breaches, but also
the brazen way it has attempted to recruit rogue employees inside
businesses to help them breach defences.

Amongst those arrested was a 16-year-old boy from Oxford, who has been
described as being the group’s “mastermind”. According to online claims,
the boy may have amassed a 300 Bitcoin fortune worth approximately US $14
million.

Inevitably, it is this youngster who has captured the media’s attention.
The boy’s father spoke to the BBC:

“He’s never talked about any hacking, but he is very good on computers and
spends a lot of time on the computer. I always thought he was playing
games. We’re going to try to stop him from going on computers.”

Hmm.. you might want to take a slightly stronger line than that, mate.

Although the Oxford teenager is not being named due to his age, researchers
believe he goes by the online handles “White”, “Breachbase”, and “Oklaqq.”

According to cybersecurity investigator Brian Krebs, a hacker using the
name “Oklaqq” was offering employees at AT&T, T-Mobile, and Verizon up to
US $20,000 a week to perform “inside jobs.”

A BBC News report described the boy as autistic, and said he attended a
special needs education school in Oxford.

Detective Inspector Michael O’Sullivan said that the police has released
all seven people, pending further investigation:

“Seven people between the ages of 16 and 21 have been arrested in
connection with an investigation into a hacking group. They have all been
released under investigation. Our inquiries remain ongoing.”

I don’t know if those arrested are members of the LAPSUS$ gang or have any
connection with cybercrime, and we have to assume their innocence unless
they are found guilty at some later date.

But I really hope we don’t see the media fall into its familiar pattern of
glamourising the criminal acts of malicious teenage hackers, portraying
them as geniuses who don’t really do any harm.

Many of the elements in the LAPSUS$ case remind me of the notorious LulzSec
hacking group, some of whose members tried to exploit their notoriety by
starting a new career on the speaking circuit.

It’s never cool, or funny, or admirable, to hack into companies and expose
the private information of the public.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220325/999f4199/attachment.html>