In an unexpected turn of events in the Lapsus$ saga, Bloomberg reports that the mastermind behind the ransomware hacking of powerhouses NVIDIA, Samsung, and Microsoft might just be a 16-year-old teenager still living under his mother's roof.
The teen mastermind's identity remains unknown. The only available physical information on the suspected Lapsus$ leader is that he lives near Oxford, England.
Lapsus$ Suspected Teen Mastermind aka 'White'
Cyber researchers investigating on behalf of tech companies Lapsus$ previously targetted like NVIDIA and Microsoft believe that the ransomware gang's leader is a 16-year-old.
They were able to come up with the suspect's identity through the forensic investigation of Lapsus$'s previous hacks. The researchers also utilized publicly available information.
Only a few details were disclosed by Bloomberg on the suspected mastermind's identity.
For one, the teenage suspect has online aliases "breachbase" and "White."
An online search of these aliases led iTech Post to a comment on the now-defunct hacking forum Raid Forums which said, "white / breachbase is such a chad, I will miss him." These words can only be found in the Raid Forum snippet in Google Search. The other contents of the comment cannot be accessed.
Another interesting fact is that the suspected mastermind still lives with his mother near Oxford. Bloomberg was even able to talk to the mother through an intercom, but she refused to discuss details about her son and the illegal activities linked to him.
As of now, the cyber researchers' investigation on the teen remains inconclusive and formal charges are yet to be filed.
Lapsus$ Teenagers Reckless in Covering Tracks
The researchers were able to trace the Lapsus$ cyberattacks to the teenager from Oxford because the cyberattackers were not able to ensure that they left no evidence behind.
According to two of the private cyber researchers, Lapsus$ suffers from "poor operational security." This was corroborated by Microsoft's blog post which revealed that "Unlike most activity groups that stay under the radar, DEV-0537 doesn't seem to cover its tracks." DEV-0537 is Microsoft's tracking term for Lapsus$.
This recklessness may be due to the hackers' maturity level. The researchers revealed that they believe there might be another Lapsus$ hacker in Brazil who is also a teenager. The Brazilian's identity and exact age are undisclosed.
But poor post-crime planning aside, Lapsus$'s hacking capabilities remain elite. The researchers said that the hacking was so fast, they thought they were dealing with a machine and not a human being.
They might also be more of them. Brian Krebs reported that Lapsus$ was hiring associates as early as November 2021 by posting in social media platforms including Reddit. But it was not the suspected mastermind "White" doing the recruiting.
These new hires would not be hackers but were insiders for big tech companies like T-Mobile and Verizon. They would be paid $20,000 weekly for turning over vital information from their employers.
Why Are More Teenagers Becoming Hackers?
Cybersecurity experts from all over the world were baffled by the high-profile attacks perpetrated by Lapsus$ recently. No one knows the reason why the ransomware gang does what it does. Experts point to the most obvious motivations, wealth and fame — or notoriety in this case.
But slightly on the contrary, a study by the National Crime Agency revealed that teenage hackers are actually motivated by morality and not by money. It was found that teenagers see hacking as more of a "moral crusade" than as a means to generate income.
"Conquering the challenge, proving oneself to the group and intellectual satisfaction are more important motivations than financial gain," said the report.
This morality theory behind Lapsus$ may be correct based on the ransomware gang's posts. In its NVIDIA hack, Lapsus$ were making demands not to make money but to "help the mining and gaming community."
Related Article: Microsoft Confirms Lapsus$ Hack, Details Steps To Enhance Security