CarderPlanet
Professional
One of them was mentally deranged.
A teenage hacker from the Lapsus$ group attacked Uber, Revolut and Rockstar Games, and then extorted money from the developers of the popular video game Grand Theft Auto, prosecutors said at a trial in London.
Arion Kurtay, 18, is accused of hacking Revolut and Uber in September 2022, gaining access to information about approximately 5,000 Revolut customers and causing almost $ 3 million in damage to Uber.
Prosecutors allege that he hacked Rockstar Games a few days later and threatened to publish the source code for the planned Grand Theft Auto sequel in a Slack message sent to all Rockstar employees.
He is also accused, along with a 17-year-old, whose name has not been released, of extorting the UK's largest broadband Internet provider BT Group and mobile operator EE between July and November 2021, demanding a ransom of $ 4 million.
The pair, described by prosecutors as” key players " in Lapsus$, are also accused of hacking into chipmaker Nvidia Corp in February 2022 and demanding payment for non-disclosure of its data.
Prosecutor Kevin Barry told jurors at the South London District Court last week that a 17-year-old hacker broke into the London Police's cloud storage system weeks after police arrested him in connection with the attack on BT and EE.
Kurtay later launched a solo cybercrime campaign, Barry said, first attacking Revolut, then Uber two days later, and then hacking Rockstar Games.
Kurtai was declared mentally insane by psychiatrists, so the jury will determine whether he committed the actions that are charged against him, and not reach a verdict of guilt or innocence. He will also avoid jail if found guilty.
He is charged with 12 offences, including three counts of extortion, two counts of fraud and six charges under the Computer Misuse Act.
The 17-year-old is facing trial on two charges of extortion, two charges of fraud and three charges under the Computer Misuse Act in connection with the BT and Nvidia hack, which he denies.
He previously pleaded guilty to two charges under the Computer Misuse Act and one charge of fraud.
Who is Lapsus$?
Lapsus$ is a hacker group that in recent months has claimed responsibility for high-profile attacks on a number of major technology companies, such as T-Mobile, Samsung, Ubisoft, Microsoft and Vodafone. In addition to these attacks, Lapsus$ also successfully conducted an attack on the Brazilian Ministry of Health.
Lapsus$ is unique because of several things. The organizer of the attacks and several other alleged accomplices were teenagers. Unlike more traditional hacker groups that distribute ransomware, Lapsus$ is extremely active in social networks. Attackers are very well known for their approach to data exfiltration. The group stole the source code, service information, and often leaked data to the network.
The Lapsus $ attacks allow us to draw two important conclusions that companies should pay attention to. The first important conclusion is that cybercriminal gangs are no longer content with ordinary cryptographers demanding ransom for decrypting data. Instead of traditional data encryption, Lapsus$ is more focused on cyber extortion, gaining access to the most valuable intellectual property of an organization and threatening to leak information if a ransom is not paid.
The second important conclusion is that weak passwords make companies much more vulnerable to attacks. Leaked Nvidia credentials revealed that many employees used very weak passwords. Some of these passwords were ordinary words (welcome, password, September, etc.) that are extremely susceptible to dictionary attacks. Many other passwords included the company name as part of the password (nvidia 3d, mynvidia3d, etc.). One employee even used the word Nvidia as the password!
A teenage hacker from the Lapsus$ group attacked Uber, Revolut and Rockstar Games, and then extorted money from the developers of the popular video game Grand Theft Auto, prosecutors said at a trial in London.
Arion Kurtay, 18, is accused of hacking Revolut and Uber in September 2022, gaining access to information about approximately 5,000 Revolut customers and causing almost $ 3 million in damage to Uber.
Prosecutors allege that he hacked Rockstar Games a few days later and threatened to publish the source code for the planned Grand Theft Auto sequel in a Slack message sent to all Rockstar employees.
He is also accused, along with a 17-year-old, whose name has not been released, of extorting the UK's largest broadband Internet provider BT Group and mobile operator EE between July and November 2021, demanding a ransom of $ 4 million.
The pair, described by prosecutors as” key players " in Lapsus$, are also accused of hacking into chipmaker Nvidia Corp in February 2022 and demanding payment for non-disclosure of its data.
Prosecutor Kevin Barry told jurors at the South London District Court last week that a 17-year-old hacker broke into the London Police's cloud storage system weeks after police arrested him in connection with the attack on BT and EE.
Kurtay later launched a solo cybercrime campaign, Barry said, first attacking Revolut, then Uber two days later, and then hacking Rockstar Games.
Kurtai was declared mentally insane by psychiatrists, so the jury will determine whether he committed the actions that are charged against him, and not reach a verdict of guilt or innocence. He will also avoid jail if found guilty.
He is charged with 12 offences, including three counts of extortion, two counts of fraud and six charges under the Computer Misuse Act.
The 17-year-old is facing trial on two charges of extortion, two charges of fraud and three charges under the Computer Misuse Act in connection with the BT and Nvidia hack, which he denies.
He previously pleaded guilty to two charges under the Computer Misuse Act and one charge of fraud.
Who is Lapsus$?
Lapsus$ is a hacker group that in recent months has claimed responsibility for high-profile attacks on a number of major technology companies, such as T-Mobile, Samsung, Ubisoft, Microsoft and Vodafone. In addition to these attacks, Lapsus$ also successfully conducted an attack on the Brazilian Ministry of Health.
Lapsus$ is unique because of several things. The organizer of the attacks and several other alleged accomplices were teenagers. Unlike more traditional hacker groups that distribute ransomware, Lapsus$ is extremely active in social networks. Attackers are very well known for their approach to data exfiltration. The group stole the source code, service information, and often leaked data to the network.
The Lapsus $ attacks allow us to draw two important conclusions that companies should pay attention to. The first important conclusion is that cybercriminal gangs are no longer content with ordinary cryptographers demanding ransom for decrypting data. Instead of traditional data encryption, Lapsus$ is more focused on cyber extortion, gaining access to the most valuable intellectual property of an organization and threatening to leak information if a ransom is not paid.
The second important conclusion is that weak passwords make companies much more vulnerable to attacks. Leaked Nvidia credentials revealed that many employees used very weak passwords. Some of these passwords were ordinary words (welcome, password, September, etc.) that are extremely susceptible to dictionary attacks. Many other passwords included the company name as part of the password (nvidia 3d, mynvidia3d, etc.). One employee even used the word Nvidia as the password!
