Whatever you were doing at 16 years old, it probably didn’t involve masterminding a string of data breaches against some of the world’s most well-known electronics manufacturers. A Bloomberg report outlined that four cybersecurity researchers have tied a series of attacks from the hacker group Lapsus$ to several teenagers, one of whom is a 16 years old and living under his mother’s roof in Oxford, England.
The attacks in question have become public fodder after Lapsus$ leaked source code(s) for some of Microsoft’s services like Bing, Cortana, and a range of internal projects. In late January, the group also targeted San Francisco-based identity management company, Okta, posting alleged screenshots of the company’s internal systems.
While the team of researchers traced these attacks to seven different accounts, they claim that a British teen was the mastermind. However, they could not definitely tie the 16-year-old to all of the hacks that Lapsus$ has claimed, which includes breaches against NVIDIA, Samsung, Vodaphone, and Ubisoft.
Another suspect in the hacks is supposedly a teenager living in Brazil, suggesting that there were multiple parties involved with the hacking group’s efforts. As far as motives go, the researchers investigating the situation believe the primary motivation is “money and notoriety.”
The kids are alright— The identity of this particular 16-year-old is being withheld, but they go by the online alias(es) of “White” and “breachbase.” Rival hackers have targeted the English teenager by posting his personal information, including his address, online. A Bloomberg reporter spoke with a woman who identified as the suspect’s mother — she was both upset about the doxxing and declined to discuss her son, claiming it was a matter for law enforcement.
The teen in question was apparently so skilled at his craft that researchers initially thought the attacks were automated. Lapsus$ has also been pretty open about their activity, announcing their hacks over social media and even joining Zoom calls for the companies they had allegedly breached, to taunt the employees tasked with cleaning up the mess.
As mentioned previously, researchers believe the group’s motives are related to clout, in part due to the lack of effort towards covering their tracks. Microsoft has echoed these sentiments in a blog post about the attacks:
Unlike most activity groups that stay under the radar, DEV-0537 doesn’t seem to cover its tracks. They go as far as announcing their attacks on social media or advertising their intent to buy credentials from employees of target organizations. DEV-0537 started targeting organizations in the United Kingdom and South America but expanded to global targets, including organizations in government, technology, telecom, media, retail and health-care sectors.