In an unexpected twist of events in the Lapsus$ saga, Bloomberg reports that the mastermind behind the ransomware hack of powerhouses NVIDIA, Samsung and Microsoft may well be a 16-year-old boy still living under his mother’s roof.
The identity of the teenage brain remains unknown. The only physical information available on the alleged leader of Lapsus$ is that he lives near Oxford, England.
$ Slip Suspected Teen Mastermind aka ‘White’
Cyber researchers investigating for previously targeted Lapsus$ tech companies like NVIDIA and Microsoft believe the leader of the ransomware gang is a 16-year-old.
They were able to discover the identity of the suspect thanks to the forensic investigation into previous Lapsus$ hacks. The researchers also used publicly available information.
Only a few details were leaked by Bloomberg about the identity of the alleged mastermind.
For one thing, the teenage suspect has online handles “breachbase” and “White.”
An online search for these aliases led iTech Post to a comment on the now defunct hacking forum Raid Forums, which stated that “white/breachbase is such a chad, I will miss it”. These words can only be found in the Raid Forum snippet in Google search. The other contents of the comment are not accessible.
Another interesting fact is that the alleged mastermind still lives with his mother near Oxford. Bloomberg was even able to speak to the mother via an intercom, but she declined to discuss details of her son and any illegal activities related to him.
At this time, cyber researchers’ investigation of the teenager remains inconclusive and formal charges have yet to be filed.
Read more: Lapsus$ group leaks alleged confidential Samsung data
Lapsus$ teens reckless in runway coverage
Researchers were able to trace the Lapsus$ cyberattacks back to the Oxford teenager because the cyberattackers could not ensure they had left no evidence behind.
According to two of the private cyber researchers, Lapsus$ suffers from “poor operational security”. This was corroborated by Microsoft’s blog post which revealed that “unlike most activity groups that stay under the radar, DEV-0537 doesn’t seem to cover its tracks.” DEV-0537 is Microsoft’s tracking term for Lapsus$.
This recklessness may be due to the maturity of the hackers. The researchers revealed that they believe there may be another Lapsus$ hacker in Brazil who is also a teenager. The identity and exact age of the Brazilian are not disclosed.
But poor post-crime planning aside, Lapsus$’s hacking capabilities remain elite. The researchers said the hack was so fast they thought it was a machine, not a human.
They could also be more numerous. Brian Krebs reported that Lapsus$ was hiring associates as early as November 2021 by posting on social media platforms including Reddit. But it wasn’t the alleged “White” mastermind doing the recruiting.
These new recruits would not be hackers but insiders for big tech companies like T-Mobile and Verizon. They would be paid $20,000 a week for passing vital information to their employers.
Why are more and more teenagers becoming hackers?
Cybersecurity experts around the world have been baffled by recent high-profile attacks by Lapsus$. Nobody knows why the ransomware gang does what it does. Experts point to the most obvious motivations, wealth and fame – or notoriety in this case.
But somewhat on the contrary, a National Crime Agency study found that teenage hackers are actually motivated by morality, not money. It has been found that teenagers see piracy more as a “moral crusade” than a way to generate income.
“Rising to the challenge, proving yourself to the group, and intellectual satisfaction are more important motivators than financial gain,” the report says.
This morality theory behind Lapsus$ may be correct based on the ransomware gang’s posts. In its NVIDIA hack, Lapsus$ asked not to make money but to “help the mining and gaming community”.
Related article: Microsoft confirms Lapsus$ hack and details steps to improve security