More charged in UK Lapsus$ investigation

Two teenagers arrested as part of police probe into extortion group


British police have charged two teenagers as part of an international investigation into the Lapsus$ cyber extortion gang.

The boys, aged 16 and 17, are set to appear at Highbury Corner Magistrates' Court on Friday, according to the City of London Police, the force responsible for the capital's financial district.

Detective Inspector Michael O'Sullivan said the pair remained in custody.

"Both teenagers have been charged with: three counts of unauthorised access to a computer with intent to impair the reliability of data; one count of fraud by false representation and one count of unauthorised access to a computer with intent to hinder access to data. The 16-year-old has also been charged with one count of causing a computer to perform a function to secure unauthorised access to a program," he said.

The arrests are part of an international police investigation into the Lapsus$ gang, which this week was said to be back at work, despite the previous arrest of seven alleged operatives.

Earlier this week, VX-Underground – an organization that analyzes malware samples and trends – shared evidence it says was sourced from security researcher Dominic Alvieri, detailing an intrusion of Luxembourg-based software development consultancy Globant.

Identity management platform Okta says the Lapsus$ extortion gang may have gained unauthorized access to some of its customers' data, and Microsoft has confirmed the crew accessed source code.

In an updated post detailing Okta's response to claims of an intrusion, chief security officer David Bradbury revealed that "a small percentage of customers – approximately 2.5 percent – have potentially been impacted and whose data may have been viewed or acted upon."

Bradbury has not described the data that may have been viewed, but as Okta's core service is single sign-on for thousands of cloud services, the possibility that customers' credentials have leaked to unknown parties cannot be discounted.

Last week, City of London Police detained and released seven people aged 16 to 21 in connection with the investigation. Among them is a 16-year-old boy from Oxford was accused of being one of the crew's leaders, the BBC reported.

Reporting has been restricted for legal reasons owing to the individuals' age. ®


Other stories you might like

  • Cisco warns of security holes in its security appliances
    Bugs potentially useful for rogue insiders, admin account hijackers

    Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

    The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

    This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

    Continue reading
  • Info on 1.5m people stolen from US bank in cyberattack
    Time to rethink that cybersecurity strategy?

    A US bank has said at least the names and social security numbers of more than 1.5 million of its customers were stolen from its computers in December.

    In a statement to the office of Maine's Attorney General this month, Flagstar Bank said it was compromised between December and April 2021. The organization's sysadmins, however, said they hadn't fully figured out whose data had been stolen, and what had been taken, until now. On June 2, they concluded criminals "accessed and/or acquired" files containing personal information on 1,547,169 people.

    "Flagstar experienced a cyber incident that involved unauthorized access to our network," the bank said in a statement emailed to The Register.

    Continue reading
  • Halfords suffers a puncture in the customer details department
    I like driving in my car, hope my data's not gone far

    UK automobile service and parts seller Halfords has shared the details of its customers a little too freely, according to the findings of a security researcher.

    Like many, cyber security consultant Chris Hatton used Halfords to keep his car in tip-top condition, from tires through to the annual safety checks required for many UK cars.

    In January, Hatton replaced a tire on his car using a service from Halfords. It's a simple enough process – pick a tire online, select a date, then wait. A helpful confirmation email arrived with a link for order tracking. A curious soul, Hatton looked at what was happening behind the scenes when clicking the link and "noticed some API calls that seemed ripe for an IDOR" [Insecure Direct Object Reference].

    Continue reading

Biting the hand that feeds IT © 1998–2022