City of London police has recently arrested a teenager who is allegedly one of the leaders of the Lapsus$ cybercrime gang.
The teenager, who cannot be named due to legal concerns, is also joined by six others aged 16 to 21 in connection with an investigation spearheaded by London police, per the BBC.
The six other people arrested were released under investigation, and police inquiries are still ongoing.
Lapsus$ 16-year-old Leader Arrest Details
According to BBC’s report, the 16-year-old alleged to be a Lapsus$ group leader was outed by rival hackers and angry business partners, who revealed his name, address, and social media pictures to authorities on a hacker website.
The hackers then posted a timeline of the 16-year-old’s hacking career which stated that he accumulated more than $14 million in bitcoin (300BTC) as his net worth after a few years. The timeline also mentioned that he is affiliated with Lapsus$, which has been extorting and “hacking” several organizations.
The 16-year-old goes by the name “White” or “Breachbase” in the hacker website he frequented. Authorities also revealed that he has autism and attends a special education class in Oxford.
The boy’s father told BBC reporters that he never heard anything about any of the hacks until recently and that the boy never talked about any hacking.
The father did admit that his son is very good at computers and spends a lot of time on them.
“I always thought he was playing games,” the father said.
The father then added that he, along with his wife, is going to stop him from going on computers.
Authorities Previous Investigations of Lapsus$
The 16-year old was discovered by four researchers investigating the group and its attacks on behalf of the affected companies. According to Bloomberg’s report, these researchers believe that the 16-year-old is the mastermind of the attacks but can’t conclusively tie him to every hack the cybercrime group took responsibility for.
Allison Nixon, chief research officer at cyber-security investigation company Unit 221B, mentioned that they had the 16-year-old’s name since mid-2021 and that they identified him before he was doxxed.
Read More: Elden Ring Publisher Bandai Namco Patches Out ‘Endless Death Loop’ Bug
Unit 221B was working with another cyber-security company, Pal Alto at the time. After they identified the 16-year-old, both companies sent periodical heads-ups to law enforcement regarding the latest crimes.
Nixon mentioned that they were able to track the 16-year-old through “a trail of activity linked through a nearly unbroken stream of the boy’s online accounts.”
This trail was followed due to the 16-year-old failing to properly cover his tracks.
Lapsus$’ Hacking Spree
Lapsus$ recently targeted various tech companies over the past few weeks. The cybercrime group’s first target was NVIDIA in late February, with Samsung being its second victim in early March. For these incidents, Lapsus$ leaked NVIDIA’s documents to guide people on how to remov e the company’s restrictions on GPUs with Lite Hash Rates that limits Ethereum mining, per iTech Post. Samsung, meanwhile, had its confidential documents containing the company’s classified source codes, per a separate iTech Post article.
The group then attacked video game developer Ubisoft, which prompted users to reset their passwords after the attack. After which, it targeted Microsoft, leaking the company’s source codes for Bing, Bing Maps, and Cortana on Telegram. Then, in its latest attack, it targeted identity and access management company Okta, which affected the company’s users.
Related Article: Lapsus$ Mastermind Just a 16-Year-Old?