A 17-year old teenager, living with his mother near UK city Oxford, is believed to be the mastermind of a notorious hacker gang, Lapsus$. He can’t be named because he’s a minor and it’s illegal to identify him.

That said, the City of London police said seven people between the ages of 16 and 21 have been arrested in connection with the investigation and have all been released under investigation.

Security researchers, who have been on his tail, and that of Lapsus$, for some time, say they have had the Oxford teen’s name since the middle of last year and believe he heads up the Lapsus$ group.
  • Over the past few months, Lapsus$ has targeted Brazil’s Ministry of Health and the gaming giant Ubisoft, crippled the Portuguese media kingpin Impresa, and, in recent weeks, scammed tech giants including Samsung, Nvidia, Microsoft and Okta.
  • Only last week Lapsus$ posted stolen source code on its Telegram channel, including code stolen from Microsoft’s Azure DevOps server for the company’s Bing and Cortana products.
  • It has also posted screenshots of Okta’s Slack channels and the interface for Cloudflare, which is one of thousands of customers that use Okta’s technology to provide authentication for its employees.
  • Recently the group stole two of Nvidia’s code-signing certificates which were then then used to sign malware, enabling malicious programs to slip under security safeguards on Windows machines.

The teenager was outed by a hacking forum last year. He’d allegedly purchased the hacking forum and then made a mess of running it. He ended up selling the forum back to its previous owner, at a loss.

However, he also leaked the forum’s dataset online, so irate forum member turned around and leaked his personal details including his name, address, and social media pictures. Forum members also said he has earned 300 Bitcoin (near £10.5 million) from his hacking activities.

Blurred lines

The teen is also believed to be autistic. Dovetail this with kids who have been locked up and locked down for several years, because of the pandemic, and with nothing to do but use the internet its hardly surprising that some skilled hackers emerge. Teen brains are still developing and the line between fun and crime can easily get blurred.

However, such is the nature of online crime that Lapsus$ may well be a criminal gang rather than a bunch of cyber misfits headed up by teenager from Oxford. One thing is clear though, some of the world’s largest organizations have been left looking red-faced at the ease in which their defences have been penetrated.