Site icon Wonderful Engineering

This Hacker Gang’s Alleged Members Are in Jail – But It Is Still Stealing Data

 London police announced Friday that two teenagers had been charged with hacking crimes in connection to LAPSUS$, a cybercriminal gang that has managed to breach some of the biggest tech companies in the world over the past few months.

The unnamed teens, a 16-year-old and a 17-year-old boy are facing multiple charges including “three counts of unauthorized access to a computer with intent to impair the reliability of data; one count of fraud by false representation and one count of unauthorized access to a computer with intent to hinder access to data,” Scotland Yard said. The two, who remain in custody, were scheduled to appear in Highbury Corner Magistrates’ Court on Friday. A total of seven people were recently arrested in connection to the gang. The oldest of them is 21.

The group has hacked a new company earlier this week.

In a matter of months, LAPSUS$ has managed to conduct a series of remarkably successful cyberattacks on companies like Microsoft, Samsung, Nvidia, and other big-name firms. The gang has leaked much of its victims’ data to the web and has often seemed motivated less by money than by a desire for fame.

On Tuesday, LAPSUS$ updated its Telegram “leak” page with the following: “For anyone who is interested in the poor security practices in use at Globant.com. I will expose the admin credentials for ALL there [sic] devops platforms below.” According to the gang, this tranche included some internal source code for several of Globant’s biggest clients, including Facebook and Apple.

“The leaked archive contains a number of repositories, totaling some 70GBs worth of source code. We found that the repositories contain very sensitive information (beyond the Intellectual property of the source code itself),” said Amir Hadzipasic, CEO of cybersecurity firm SOS Intelligence.

It was found out that the hackers were using compromised law enforcement email accounts to submit phony data requests to tech companies to steal user information.

The senator says that he has already “authored legislation to stamp out forged warrants and subpoenas.”

“I’m particularly troubled by the prospect that forged emergency orders may be coming from compromised foreign law enforcement agencies, and then used to target vulnerable individuals,” said Sen. Wyden.

Another area of ongoing concern in the LAPSUS$ story involves the customer service giant Sitel, whose hacking led to the compromise of other companies’ data

“In full transparency, we are cooperating with law enforcement on this ongoing investigation and are unable to comment publicly on some of the details of the incident,” the statement reads.