Arion Kurtaj and anon minor: Part of group that hacked Uber, Nvidia,
Microsoft, Rockstar Games and many more.
Two teenage hackers have had their day in a UK court. The jury decided
they committed their crimes using a combo of social engineering, insider
bribery and SIM swapping—holding huge companies to crypto-ransom.
Frankly, it all sounded a bit too easy. In today’s SB Blogwatch, we put
the kettle on.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not
to mention: ももいろの鍵.
‘teapotuberhacker’ is not Guilty but not ‘Not Guilty’
What’s the craic Aunty’s Joe Tidy reports—”Court finds teenagers carried
out hacking”:
“` Offensive messages`”
A court has found an 18-year-old … was a part of an international cyber-crime
gang responsible for a hacking spree against major tech firms. Arion Kurtaj
was a key member of the Lapsus$ group which hacked the likes of Uber, Nvidia …
Microsoft … telecoms company BT … and digital banking group Revolut. [Also a]
17-year-old [was] convicted for his involvement in the activities of the
Lapsus$ gang but cannot be named because of his age.
…
The audacious attacks by Lapsus$ in 2021 and 2022 shocked the cyber security
world. … The group from the UK, and allegedly Brazil, was described in court
as “digital bandits” … Once inside a company’s computer network, the hackers
often left offensive messages on Slack and Microsoft Teams as they attempted
to blackmail staff.
Not just internal messages, it seems. As Alexander Martin
recalls—”British court convicts two teen Lapsus$ members”:
“` Links to Brazil`”
At the time of the Revolut incident, some users … reported seeing messages
with inappropriate language on the app’s support chat. Revolut replied that it
was aware of those messages and “taking steps to ensure this does not happen
again” … The hacking incidents were linked to the teens by investigators who
found their IP addresses through a number of email and Telegram accounts which
the pair allegedly used to boast about their antics.
…
The Lapsus$ gang gained notoriety for its erratic behavior, its public boasts
of successful attacks and because several of its members appeared to be
teenagers. It had purported links to Brazil, where Federal Police last year
announced the arrest of another alleged member.
Anything else It’s Ionut Ilascu—”Teen hackers convicted of high-profile
cyberattacks”:
“` Mostly teenagers`”
Believed to be one of the leaders of the group, [Kurtaj] was arrested twice in
2022, first in January and then again in March, in connection with Lapsus$
hacking activity. … Using the handle ‘teapotuberhacker’ and while on bail …
Kurtaj leaked gameplay videos from the unreleased Grand Theft Auto 6, obtained
after breaching [Rockstar Games’] Slack server and Confluence wiki.
…
High-profile organizations impacted by Lapsus$ also include … Cisco, Okta …
T-Mobile, Samsung, Vodafone, Ubisoft, 2K … Globant [and] mobile operator EE. …
Despite being a loosely organized group of mostly teenagers, Lapsus$ managed
to breach organizations with a strong sense of security.
So he’s been found “guilty” Not exactly , as Jessica Lyons Hardcastle
notes—”Pair were on a total tear”:
“` Computer intrusion`”
This was an unusual case—in that the jury was told not to find Kurtaj … guilty
or not guilty as psychiatrists had earlier assessed that he was unfit to stand
trial. Instead, the panel was asked to decided whether or not he did the
things he was accused of.
…
After a two-month process, jurors determined Kurtaj committed 12 offenses,
including computer intrusion, blackmail, and fraud. … The 17-year-old was
convicted of fraud, blackmail, and carrying out an unauthorized act to impair
the operation of a computer.
Next step is sentencing. Which makes rknop wonder:
Which gets worse punishment: Committing actual grand theft auto, or hacking
Grand Theft Auto I’m sure that the lawyers will make a powerful argument that
the economic harm is orders of magnitude larger in the latter case.
Do the victims share any blame Yet Another Hierachial Anonynmous Coward
[sic] thinks so:
If a couple of 16-year-olds can access … multinational tech companies, and
help themselves to secure data, then surely someone else should be in the
dock Exactly who is in charge of security
Teenagers, you say Steven Murdoch wants them off his lawn:
A helpful reminder that when a company announces it has been compromised by a
“highly sophisticated attacker” it could be a government unit of PhD-level
intelligence experts, but sometimes it is a teenager in a hotel with a Fire TV
stick. … I’m sure some class-action lawyers are paying close attention.
Meanwhile, u/bernpfenn probably means GCHQ , rather than NSA—but still:
They are toast and probably will get to choose between long jail times and a
job at the NSA.
And Finally:
Iyowa wishes to apologize for his weak stomach
VIDEO
Previously in And Finally
You have been reading SB Blogwatch by Richi Jennings. Richi curates the
best bloggy bits, finest forums, and weirdest websites … so you don’t have to.
Hate mail may be directed to @RiCHi, @richij or [email protected]. Ask your
doctor before reading. Your mileage may vary. Past performance is no guarantee
of future results. Do not stare into laser with remaining eye. E&OE. 30.
Image sauce: Hector Falcon (via Unsplash; leveled and cropped)
Recent Articles By Author
[ももいろの鍵]: The Peachy Key
コメント