View all newsletters
Receive our newsletter – data, insights and analysis delivered to you

UK police arrest seven teenagers in connection to Lapsus$

Arrests follow the reported outing of a British 16-year-old as the group's mastermind.

By Pete Swabey

The City of London police force has revealed the arrest of seven teenagers in connection to the hacking group Lapsus$ that has successfully breached tech companies including Microsoft, Samsung and Nvidia in recent weeks, the BBC has reported.

The news comes after a 16-year-old boy was accused of being the mastermind behind the group by researchers and other hackers, as first reported by Bloomberg.

Lapsus$ arrest
The City of London Police has not confirmed whether the arrested youths include the 16-year-old accused of being Lapsus$’s mastermind. (Photo by HieronymusUkkel)

Cybersecurity research teams at Unit 221B and Palo Alto have been tracking the individual since the middle of last year, Allison Nixon, Unit 221B’s chief research officer told the BBC. They had “watched him on his exploits throughout 2021, periodically sending law enforcement a heads-up about the latest crimes”.

Police have not confirmed whether the individual is among the seven arrested today.

Lapsus$ had confused cybersecurity experts with its combination of sophistication and naivety. Although apparently adept at recruiting insiders and stealing credentials, the group is “notoriously brazen about its activities and has previously announced its plans for insiders at specified companies,” Chris Morgan, senior threat intelligence analyst at Digital Shadows, told Tech Monitor yesterday.

This public visibility put the group at risk of arrest, said a security researcher speaking on the condition of anonymity. “They’re not thinking about the consequences that maybe a more experienced cybercrime actor would be wary of,” they said.

This behaviour led researchers to compare Lapsus$ to the hacktivist groups of the 2010s. “Lapsus$ do not necessarily represent a new threat, but a re-emergence of the days of Anonymous and Lulzsec from the mid-2010s, where hacking was used more for notoriety and political statements than financial gain,” said Toby Lewis, global head of threat analysis at Darktrace. 

Content from our partners
Harnessing the power of low code and no code development
Signs your accounting software is no longer fit for your growing business
Incumbent banks must transform at speed, or miss the benefits of open banking

A number of British teenagers were arrested in connection to Lulzsec, whose victims include the PlayStation Network.

Last year, Tech Monitor documented the return of the hacktivists. Experts described a new generation of hackers who had been radicalised by the Black Lives Matter protest movement and who targeted online services connected to the ‘alt-right’.

Since then, the war in Ukraine has attracted a new wave of ‘cyber partisans’, volunteer hackers lending support to either side of the conflict. Earlier today, Anonymous claimed it had hacked the Central Bank of Russia.

Read more: The biggest cryptocurrency hacks of all time

Topics in this article: ,
Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU