Skip links

British cops arrest seven in Lapsus$ crime gang probe

British cops investigating a cyber-crime group have made a string of arrests.

Though the City of London Police gave few details on Thursday, the officers are said to be probing the notorious extortionware gang Lapsus$, and have detained and released seven people aged 16 to 21.

In a statement, the force said: “Seven people between the ages of 16 and 21 have been arrested in connection with an investigation into a hacking group. They have all been released under investigation. Our inquiries remain ongoing.”

Among them is a 16-year-old boy from Oxford, who is allegedly one of the crew’s leaders, the BBC reported. He cannot be identified for legal reasons.

“I had never heard about any of this until recently,” the boy’s father was quoted as saying by the broadcaster. “He’s never talked about any hacking, but he is very good on computers and spends a lot of time on the computer. I always thought he was playing games.

“We’re going to try to stop him from going on computers.”

Palo Alto Networks and infosec outfit Unit 221b, which have been tracking the Lapsus$ crew, believe the teen is the mastermind behind the devil-may-care team of miscreants that have broken into major firms including Microsoft, Samsung, Okta, and others.

Bloomberg first reported the boy’s alleged involvement with the extortion gang on Wednesday. He reportedly netted about $14m in Bitcoin from online crime before being doxxed after a falling out with his business partners.

“We’ve had his name since the middle of last year and we identified him before the doxxing,” Allison Nixon, chief research officer at cyber-security investigation company Unit 221B, told the BBC, noting that her firm worked with Palo Alto Networks’ Unit 42 to monitor the teen.

“Unit 42, together with researchers at Unit 221b, identified the primary actor behind the Lapsus$ Group moniker in 2021, and have been assisting law enforcement in their efforts to prosecute this group,” Palo Alto Networks confirmed.

Lapsus$ rise and fall

The cyber-crime ring rose to fame in recent months for its brash tactics and its propensity to brag about its exploits on Telegram. Its standard operating procedure is to infiltrate a big target’s network, steal sensitive internal data, make demands to prevent the public release of this material – and usually release some of it anyway.

Lapsus$ was believed to be based in Brazil as its earliest victims included that country’s Ministry of Health and Portuguese media outlets SIC Noticias and Expresso. 

In February, however, the criminals sneaked into Nvidia‘s networks and stole one terabyte of data including employee credentials and proprietary information, and dumped some of it online.

Days later Lapsus$ said it had raided Samsung and stole 190GB of internal files including some Galaxy device source code. 

The criminal group followed that up by claiming it was responsible for a cybersecurity incident at gaming giant Ubisoft.

‘Motivated by theft and destruction’

Microsoft, in its days-late confirmation that Lapsus$, which the Windows giant calls DEV-0537, did indeed steal some of its source code, and said the crime group seems to be “motivated by theft and destruction.” Microsoft added:

In an email to The Register, endpoint security vendor Cybereason’s Director of Security Strategy Ken Westin said he wouldn’t be surprised if the notorious cyber-crime ring’s bosses do turn out to be teenagers.

“The security community underestimates the younger generation,” he wrote. “We forget teens today have not only grown up with computers, but also have access to an unprecedented number of educational resources on programming and offensive security.”

Like others, Westin said he suspected the group was young “based on their modus operandi, or lack thereof.”

“It was as if they were surprised by their success and were not sure what to do with it,” he noted. 

Today’s teens can see how much money cyber-criminals make from ransomware and other destructive attacks. “They are the new rockstars,” Westin said. “You pair this with the fact kids have been cooped up for years often with nothing but the internet to entertain themselves and we shouldn’t be surprised we have skilled hackers.” ®