Dangerous Teenagers At Hack

Even though Nvidia is one of the largest technology companies in the world, its senior officials woke up on February 26 to announce that what Bloomberg had revealed about the video game industry giant is true: Over the previous two days, the graphics chipmaking behemoth had been subjected to a devastating cyberattack that “totally penetrated” the company’s internal systems.

On the dark web, Lapsus$, a ransomware gang, had attacked Forbes’ 2017 Company of the Year and leaked the password hashes of Nvidia employees. The group also says it has other data including source code and information related to RTX GPUs — one of Nvidia’s finest products.

Earlier in the year, the group also attacked Portugal’s largest TV channel, defacing all of its sites with a ransom note. This group has gone on a rampage targeting even bigger companies including Electronic Arts (EA). Lapsus$ stole the source code for Samsung’s Galaxy devices. Last week, it posted a file that it claimed contains partial source code for Bing and Cortana. This archive holds nearly 37GB of data. After initially keeping mum, Microsoft had to admit that an account had been compromised by the group and that parts of the source code for some of its products had been stolen.

Lapsus$’s goals were simple: Hack a company, steal its data, and threaten to leak the data until the company paid up.

Interestingly, cybersecurity experts have now unveiled the team behind this dreaded group: They are made up of at least seven teenagers. Its ring leader is a 16-year-old, who has reportedly amassed $14 million from this side gig. Researchers have said that ‘White’ is so proficient at hacking — and so quick — that they initially thought the activity they were seeing was automated. The boy’s father was shocked at the revelation: “I had never heard about any of this. He’s never talked about any hacking, but he is very good at computers and spends a lot of time on the computer. I always thought he was playing games.”

While these kids have sophisticated hacking skills, a term you can’t use for teenagers is ‘modest’. Unlike other groups, Lapsus$’s boys hack-join the Zoom calls of companies they’ve breached and proceed to taunt employees and consultants who are trying to clean up their hacks. They announce their attacks on social media with reckless abandon and even advertise their intent to buy credentials from employees of target organizations.

This, among other petty squabbles with rival groups, led to their downfall. With a trail of activities all over the internet, their tracking by experts became easier. Even then it would take nearly a year for them to be nabbed.

(References: Bloomberg, Computer Weekly, The Verge, BBC)