Optimistic father of LAPSUS$ hacking suspect says he’s going to try to stop him using computers

Graham Cluley
@gcluley

Optimistic father of LAPSUS$ hacking suspect says he's going to try to stop him using computers

British police arrested seven people earlier this week in relation to a wave of attacks launched by the LAPSUS$ hacking group, against firms such as Microsoft, NVIDIA, Ubisoft, Samsung, and Okta.

LAPSUS$ has become notorious not only for its successful breaches, but also the brazen way it has attempted to recruit rogue employees inside businesses to help them breach defences.

Amongst those arrested was a 16-year-old boy from Oxford, who has been described as being the group’s “mastermind”. According to online claims, the boy may have amassed a 300 Bitcoin fortune worth approximately US $14 million.

Sign up to our newsletter
Security news, advice, and tips.

Inevitably, it is this youngster who has captured the media’s attention. The boy’s father spoke to the BBC:

“He’s never talked about any hacking, but he is very good on computers and spends a lot of time on the computer. I always thought he was playing games. We’re going to try to stop him from going on computers.”

Hmm.. you might want to take a slightly stronger line than that, mate.

Although the Oxford teenager is not being named due to his age, researchers believe he goes by the online handles “White”, “Breachbase”, and “Oklaqq.”

According to cybersecurity investigator Brian Krebs, a hacker using the name “Oklaqq” was offering employees at AT&T, T-Mobile, and Verizon up to US $20,000 a week to perform “inside jobs.”

A BBC News report described the boy as autistic, and said he attended a special needs education school in Oxford.

Detective Inspector Michael O’Sullivan said that the police has released all seven people, pending further investigation:

“Seven people between the ages of 16 and 21 have been arrested in connection with an investigation into a hacking group. They have all been released under investigation. Our inquiries remain ongoing.”

I don’t know if those arrested are members of the LAPSUS$ gang or have any connection with cybercrime, and we have to assume their innocence unless they are found guilty at some later date.

But I really hope we don’t see the media fall into its familiar pattern of glamourising the criminal acts of malicious teenage hackers, portraying them as geniuses who don’t really do any harm.

Many of the elements in the LAPSUS$ case remind me of the notorious LulzSec hacking group, some of whose members tried to exploit their notoriety by starting a new career on the speaking circuit.

It’s never cool, or funny, or admirable, to hack into companies and expose the private information of the public.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

What do you think? Leave a comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.