Cybersecurity researchers investigating a string of hacks against technology companies, including Microsoft Corp. and Nvidia Corp., have traced the attacks to a 16-year-old living at his mother’s house near Oxford, England, Bloomberg reports.
“Four researchers investigating the hacking group Lapsus$, on behalf of companies that were attacked, said they believe the teenager is the mastermind,” Bloomberg said. However, the teenager, who apparently uses the online aliases “White” and “breachbase,” has not been accused by law enforcement, and the researchers “haven’t been able to conclusively tie him to every hack Lapsus$ has claimed,” Bloomberg said.
The teenager is apparently based about five miles outside of Oxford University, and Bloomberg says it was able to speak to his mother for ten minutes through a “doorbell intercom system” at the home. The teenager’s mother told the publication she did not know of allegations against him. “She declined to discuss her son in any way or make him available for an interview, and said the issue was a matter for law enforcement and that she was contacting the police,” Bloomberg said.
Another member of Lapsus$ is suspected to be a teenager residing in Brazil, according to the investigators. One person investigating the group said security researchers have identified seven unique accounts associated with the hacking group, indicating that there are likely others involved in the group’s operations.
The teen is so skilled at hacking — and so fast– that researchers initially thought the activity they were observing was automated, another person involved in the research said.
Lapsus$ has publicly taunted their victims, leaking their source code and internal documents. When Lapsus$ revealed it had breached Okta Inc., it sent the company into a public-relations crisis. In multiple blog posts, Okta disclosed that an engineer at a third-party vendor was breached and that 2.5% of its customers may have been impacted.
Lapsus$ has even gone as far as to join the Zoom calls of companies they’ve breached, where they have taunted employees and consultants who are trying to clean up their hack, according to three of the people who responded to the hacks.
Microsoft, which itself confirmed it was hacked by Lapsus$, said in a blog post that the group has embarked on a “large-scale social engineering and extortion campaign against multiple organizations.” The group’s primary modus operandi is to hack companies, steal their data and demand a ransom in order to not release it. Microsoft tracks Lapsus$ as “DEV-0537,” and said that the group has successfully recruited insiders at victimized companies in order to assist in their hacks.
The group suffers from poor operational security, according to two of the researchers, allowing cybersecurity companies to gain intimate knowledge about the teenage hackers.
“Unlike most activity groups that stay under the radar, DEV-0537 doesn’t seem to cover its tracks,” Microsoft said in a blog post. “They go as far as announcing their attacks on social media or advertising their intent to buy credentials from employees of target organizations. DEV-0537 started targeting organizations in the United Kingdom and South America but expanded to global targets, including organizations in government, technology, telecom, media, retail and health-care sectors.”
The teenage hacker in England has had his personal information, including his address and information about his parents, posted online by rival hackers. Sponsored Content Building a Smarter Planet Yokogawa
At an address listed in the leaked materials as the teen’s home near Oxford, a woman who identified herself as the boy’s mother talked with a Bloomberg reporter for about 10 minutes through a doorbell intercom system. The home is a modest terraced house on a quiet side street about five miles from Oxford University.
The woman said she was unaware of the allegations against her son or the leaked materials. She said she was disturbed that videos and pictures of her home and the teen’s father’s home were included. The mother said the teenager lives at that address and had been harassed by others, but many of the other leaked details couldn’t be confirmed.
She declined to discuss her son in any way or make him available for an interview, and said the issue was a matter for law enforcement and that she was contacting the police.
The Thames Valley Police, and the National Crime Agency, which investigates hacking in the U.K., didn’t immediately respond to messages about the alleged teen hacker. The FBI’s San Francisco field office, which is investigating at least one of the Lapsus$ intrusions, declined to comment.
Lapsus$ has also claimed to have breached Samsung Electronics Co., Vodaphone and Ubisoft. After breaching Nvidia, Lapsus$ posted stolen source code from the company on their Telegram channel.
After its claim of hacking Okta generated a wave of headlines Tuesday, Lapsus$ suggested it would be taking some time off from hacking the world’s biggest companies.
“A few of our members has a vacation until 30/3/2022. We might be quiet for some times,” the hackers wrote in its Telegram channel. “Thanks for understand us. – we will try to leak stuff ASAP.”
