By Sam Tobin
LONDON (Reuters) – A teenage member of the Lapsus$ hacking group hacked Uber and fintech firm Revolut then blackmailed the developers of best-selling videogame Grand Theft Auto, prosecutors have told a London court.
Arion Kurtaj, 18, is said to have targeted Revolut and Uber in September 2022, accessing around 5,000 Revolut customers’ information and causing nearly $3 million of damage to Uber.
Prosecutors allege he hacked Rockstar Games days later and threatened to release the planned Grand Theft Auto sequel’s source code in a Slack message sent to all Rockstar staff.
He is also accused alongside a 17-year-old, who cannot be named, of blackmailing Britain’s biggest broadband provider BT Group and mobile operator EE between July and November 2021, demanding a $4 million ransom.
The pair, who prosecutors say were “key players” in Lapsus$, are alleged to have hacked chip maker Nvidia Corp in February 2022 and demanded payment not to publish its data.
Prosecutor Kevin Barry told jurors at London’s Southwark Crown Court last week that the 17-year-old hacked City of London Police’s cloud storage weeks after the force arrested him in connection with the attack on BT and EE.
Kurtaj later embarked on a solo cyber crime spree, Barry said, first targeting Revolut then Uber two days later before hacking Rockstar Games.
Kurtaj has been assessed by psychiatrists as not fit to stand trial, so the jury will determine whether he committed the acts alleged rather than deliver a guilty or not guilty verdict.
He has been charged with 12 offences, including three counts of blackmail, two counts of fraud and six charges under the Computer Misuse Act.
The 17-year-old is standing trial on two counts of blackmail, two counts of fraud and three charges under the Computer Misuse Act relating to the hacking of BT and Nvidia, which he denies.
He has previously pleaded guilty to two offences under the Computer Misuse Act and one count of fraud.
(Reporting by Sam Tobin; Editing by Nick Macfie)