English boy, 16, may be the mastermind behind Lapsus$ hacking group

‘Autistic’ English boy, 16, is thought to be mastermind behind LAPSUS$ hack of cyber security firm Okta, Microsoft and Nvidia – and now has a net worth of $14MILLION: Dad says ‘I just thought he was playing games’

  • Boy, 16, who lives near Oxford, England, with his mom identified by cybersecurity investigators as alleged mastermind of LAPSUS$ hacking group
  • Teen is autistic and is enrolled in special education school in Oxford 
  • His father told BBC his son is ‘very good on computers’ but he did not know about the hacking allegations until recently 
  • Police in London on Thursday arrested seven people, aged 16-21, in connection with hacking case, but they would not say if Oxford teen was among them 
  • LAPSUS$ has been tied to hacks of multiple major companies, including Microsoft, Nvidia, Samsung Electronics and Okta 

A 16-year-old special-needs boy living with his mother in England is suspected of being the multimillionaire mastermind behind the hacking group LAPSUS$, which has been blamed for a series of high-profile ransom attacks targeting Microsoft, Nvidia and the security authentication firm Okta.

Cybersecurity experts hired by the hacked companies said that they have been able to trace the breaches to a teen living near Oxford, who goes by the online monikers ‘White’ and ‘breachbase.’ 

Bloomberg, which first reported on these revelations, did not identify the 16-year-old because he is a minor.

BBC described the suspect as autistic and attending a special education school in Oxford, and reported that he was alleged to have earned a jaw-dropping $14million through his hacking activities. 

The hackers’ mode of operation is to steal data from a company and then demand a ransom to release the information.  

This profile photo from a Telegram account shows a rendering of a 16-year-old boy from England who is believed to be the mastermind behind the hacking group LAPSUS$

On Thursday, London police announced that they have arrested seven people, between ages 16-21, in connection with the LAPSUS$ hacks, but the agency did not say whether the alleged mastermind was among those detained.

Police stated that all seven suspects have been released pending the outcome of the investigation. 

BBC reported that it has spoken to the suspected LAPSUS$ leader’s father, who told the network that the family were concerned about his online activities and were trying to keep him away from the computer. 

‘I had never heard about any of this until recently,’ the father, who was no named, told BBC. ‘He’s never talked about any hacking, but he is very good on computers and spends a lot of time on the computer. I always thought he was playing games.’

He added: ‘we’re going to try to stop him from going on computers.’ 

Bloomberg reported that the teen lives with his mother in a modest home located about 5 miles away from the world-renowned Oxford University.  

Speaking to reporters through the intercom, the mother was said to have told Bloomberg that she was not aware of the allegations of cyber-hacking against her son.

Four researchers working on this case said they have been unable to ‘conclusively’ tie the 16-year-old every one of LAPSUS$’s hacks. 

Members of LAPSUS$ boasted this week that they had breached Okta, a San Francisco-based company that helps employees of more than 15,000 organizations securely access their networks and applications

Microsoft confirmed on Wednesday that LAPSUS$ hackers had gained ‘limited access’ to its source code and compromised one account 

The cybersecurity experts also have identified some of the other suspected members of the hacking collective, including another teenager living in Brazil.

LAPSUS$, which is believed to be based in South America, has not been shy about its illegal online exploits. 

In a series of posts on the messaging app Telegram, members of the shadowy group boasted that they had breached Okta, the San Francisco-based company that helps employees of more than 15,000 organizations securely access their networks and applications. 

Okta confirmed on Tuesday that hackers may have accessed data from hundreds of its after digitally breaking into the laptop of an engineer at a Miami-based contractor. 

Okta’s shares plummeted 11 percent amid criticism of the digital authentication firm’s slow response to the intrusion.

LAPSUS$ previously claimed responsibility for hacking Nvidia, Samsung Electronics and the gaming company Ubisoft Entertainment, the maker of Assassin’s Creed. 

LAPSUS$ also claimed to have snatched source code from Microsoft’s Bing search engine, Bing Maps and the Cortana digital assistant program. 

Microsoft confirmed the breach in a blog post on Wednesday, saying that the hackers gained ‘limited access’ to its source code, and that the attackers had compromised a single account.

‘No customer code or data was involved in the observed activities,’ the blog entry read. ‘Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity.’ 

LAPSUS$ previously claimed responsibility for hacking Nvidia, which designs graphics processing units for the gaming industry 

According to Microsoft, LAPSUS$ started targeting organizations in the UK and South America before setting its sights on international targets, including governments, tech companies, media, retail and healthcare sectors.  

Although cybersecurity experts said they have only recently identified the 16-year-old suspect, his name has been circulating on social media and in hacking circles for months, ever since his rivals had ‘doxxed’ him by revealing his real name and other personal information. 

DailyMail.com is not naming the teen at this time because police have not confirmed that he has been charged with a crime. 

Source: Read Full Article