UK police arrested 7 alleged members of Lapsus$ extortion gang

UK police suspect that a 16-year-old from Oxford is one of the leaders of the popular Lapsus$ extortion group.

The City of London Police announced to have arrested seven teenagers suspected of being members of the notorious Lapsus$ extortion gang, which is believed to be based in South America.

“Four researchers investigating the hacking group Lapsus$, on behalf of companies that were attacked, said they believe the teenager is the mastermind.” states Bloomberg that first reported the news. “Lapsus$ has befuddled cybersecurity experts as it has embarked on a rampage of high-profile hacks.”

Over the last months, the Lapsus$ gang compromised many prominent companies such as NVIDIA, Samsung, Ubisoft, Mercado Libre, Vodafone. This week the group announced the hack of Microsoft and Okta.

The father of a 16-year-old from Oxford that was identified by law enforcement told the BBC his family was concerned and was trying to keep him away from his computers. “I had never heard about any of this until recently. He’s never talked about any hacking, but he is very good on computers and spends a lot of time on the computer. I always thought he was playing games.” The boy’s father told the BBC. “We’re going to try to stop him from going on computers.”

The youngster that goes online with the moniker “White” or “Breachbase” has autism, for this reason he attends a special educational school in Oxford

The teenager, who can’t be named for legal reasons, attends a special educational school in Oxford.

“Seven people between the ages of 16 and 21 have been arrested in connection with an investigation into a hacking group. They have all been released under investigation. Our inquiries remain ongoing.” City of London Police said.

The teenager was identified after his identity was revealed (“doxxed”) on a hacker forum after an apparent falling out with business partners.

Security investigator Brian Krebs reported that the teenager purchased Doxbin last year, a platform used for doing activities. Then he gave up control of the site in January and leaked the entire Doxbin archive to Telegram. Clearly the hacking community behind Doxbin retaliated by releasing White’s personal information, including his home address, social media photos and details about his parents.

“Nixon said that in January 2022, WhiteDoxbin reluctantly agreed to relinquish control over Doxbin, selling the forum back to its previous owner at a considerable loss. However, just before giving up the forum, WhiteDoxbin leaked the entire Doxbin data set (including private doxes that had remained unpublished on the site as drafts) to the public via Telegram.” states Krebs who cited the investigation conducted by Allison Nixon, chief research officer at Unit 221B. “The Doxbin community responded ferociously, posting on WhiteDoxbin perhaps the most thorough dox the community had ever produced, including videos supposedly shot at night outside his home in the United Kingdom.”

According to the post, White amassed 300BTC during his cybercrime career.

“After a few years his net worth accumulated to well over 300BTC [close to $14m]… [he is] now is affiliated with a wannabe ransomware group known as ‘Lapsus$’, who has been extorting & ‘hacking’ several organisations.” states the post.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Lapsus$)

[adrotate banner=”5″]

[adrotate banner=”13″]