Oxford Teenager Arrested In Lapsus$ Crackdown

City of London police arrest seven people, including a 16 year old from Oxford, over suspected connections to Lapsus$ hacking group

The City of London Police have arrested seven people over suspected connections to the notorious Lapsus$ hacking group.

The Lapsus$ group is thought to be Brazilian, and it has made headlines after carrying out a string of attacks against high profile organisations including Microsoft, Samsung and Nvidia.

But according to Bloomberg, four researchers who are investigating Lapsus$ on behalf of companies that were attacked, have traced the attacks to a 16-year-old living at his mother’s house near Oxford, England.

Teenager ringleader?

The researchers reportedly believe the teenager is the mastermind, but they haven’t been able to conclusively tie him to every hack Lapsus$ has claimed.

The researchers apparerntly used forensic evidence from the hacks as well as publicly available information to tie the teen to the hacking group.

Bloomberg News did not name the alleged hacker, who goes by the online alias “White” and “breachbase”.

Another member of Lapsus$ is suspected to be a teenager residing in Brazil, according to the investigators.

The group suffers from poor operational security, according to two of the researchers, allowing cybersecurity companies to gain intimate knowledge about the teenage hackers.

The teenage hacker in England has had his personal information, including his address and information about his parents, posted online by rival hackers.

Police arrests

British police have moved quickly to make a number of arrests, although they would not confirm a 16 year old teenager was among those arrested.

“The City of London Police has been conducting an investigation with its partners into members of a hacking group,” Detective Inspector Michael O’Sullivan from the City of London Police told the BBC in a statement.

“Seven people between the ages of 16 and 21 have been arrested in connection with this investigation and have all been released under investigation,” said DI O’Sullivan. “Our enquiries remain ongoing.”

City of London Police made the arrests as that force primarily focuses on financial crimes.

Meanwhile security reporter Brian Krebs, said the Oxford teenager in question purchased Doxbin last year, a site where people can share or find personal information on others, before giving up control of the website in January and leaking the entire Doxbin data set to Telegram.

The Doxbin community retaliated by releasing personal information on him, including his home address, social media photos and details about his parents.

The BBC reported that the teenager attends a special educational school in Oxford.

The boy’s father told the BBC his family was concerned and was trying to keep him away from his computers.

The boy’s father told the BBC: “I had never heard about any of this until recently. He’s never talked about any hacking, but he is very good on computers and spends a lot of time on the computer. I always thought he was playing games.”

“We’re going to try to stop him from going on computers,” the father reportedly said.

Lapsus$ hacks

Earlier this week authentication specialist Okta conceded that hundreds of its customers have been impacted in a hack by Lapsus$.

The San Francisco-based firm provides authentication services for corporates including Fedex and Moody’s to provide access to their networks.

Microsoft this week admitted it was hacked after Lapsus$ leaked 37GB of Redmond source code.

In February Lapsus$ hacked GPU powerhouse Nvidia and released a 20GB document archive of 1TB of data stolen from the GPU designer. Nvidia confirmed that a cyber attacker had leaked employee credentials and some company proprietary information online after their systems were breached.

In February, Vodafone’s Portuguese unit was hit with a cyberattack that disrupted its services. Vodafone said at the time that customers’ personal data had not been compromised.

But that attack was so serious that Vodafone Portugal’s 4G/5G mobile networks were taken down, as was SMS texts, television services, answering services, and even fixed-line voice.

This month Vodafone revealed it was working with law enforcement to investigate hacking claims made by Lapsus$.

Lapsus$ also claimed responsibility earlier this month for the data breach of South Korean electronics giant Samsung, which resulted in the theft of 190GB of data.

The group also seemingly took credit for breaching Ubisoft this month.