- “Ducktail” Hackers Target Facebook - September 28, 2023
- Okta Breach: Super Admin Hack - September 24, 2023
- Rackspace: $10.8M Cloud Shift - September 23, 2023
At a trial in London, the prosecution said that a young hacker from the Lapsus$ gang hacked Uber, Revolut, and Rockstar Games before extorting money from the creators of the well-known video game Grand Theft Auto. Arion Kurtai, 18, is suspected of hacking into Revolut and Uber in September 2022, obtaining data on almost 5,000 Revolut users, and inflicting damage to Uber of almost $3 million.
A few days later, according to the prosecution, he allegedly breached Rockstar Games and threatened to send all Rockstar staff members a Slack message containing the source code for the upcoming Grand Theft Auto sequel. Prosecutors refer to the couple as “key players” in Lapsus$ and accuse them of hacking semiconductor manufacturer Nvidia Corp. in February 2022 and extorting money in exchange for keeping the data private.
A 17-year-old hacker broke into the cloud storage of the London offices some weeks after officers had detained him in connection with the attack on BT and EE, according to prosecutor Kevin Barry, who testified in a South London trial last week.
Barry claimed that Kurtai later began a single cybercriminal campaign, attacking Revolut first, then Uber two days later, and finally Rockstar Games. Psychiatrists have determined that Kurtai is mentally ill, therefore rather than finding him guilty or innocent, the jury will decide whether he actually committed the crimes for which he is accused.
The Charges
He is accused of 12 offenses, including six under the Computer Misuse Act, two counts of fraud, and three counts of extortion. In connection with the BT and Nvidia attack, the 17-year-old is being tried on two counts of extortion, two counts of fraud, and three counts of violating the computer abuse act.
The teen denies all of the charges. In addition, earlier he entered pleas of guilty to two Computer Misuse Act offenses and one fraud charge.
Who are the Lapsus$?
The Brazilian Ministry of Health was also targeted by the hacking collective Lapsus$, along with well-known attacks on T-Mobile, Samsung, Ubisoft, Microsoft, and Vodafone. Particularly noteworthy are the attackers’ teen ages and social media use.
They target cyber extortion, collecting sensitive information and threatening to disclose it if a ransom is not paid. Because insufficient credentials were sometimes used in the attacks, it is important to use strong passwords.