Tag Archive for: charged

Two teenagers charged in relation to LAPSUS$ hacking group investigation • Graham Cluley

/in


Two teenagers charged in relation to LAPSUS$ hacking group investigation

City of London Police have charged two teenagers in relation to the ongoing investigation into the LAPSUS$ hacking group.

The teenagers, aged 16 and 17, were scheduled to appear at Highbury Corner Magistrates Court in Islington this morning.

The pair have been charged with three counts of unauthorised access to a computer with intent to impair the reliability of data, one count of fraud by false representation, and one count of unauthorised access to a computer with intent to hinder access to data.

Sign up to our newsletter
Security news, advice, and tips.

The 16-year-old has also been charged with one count of causing a computer to perform a function to secure unauthorised access to a program.

Last week, British police announced that they had arrested seven people between the ages of 16 and 21 in relation to their investigation into the LAPSUS$ group which has stolen and leaked data from the likes of Microsoft, NVIDIA, Ubisoft, Samsung, Globant, and Okta.

The FBI recently requested the public’s assistance in identifying anybody connected with the LAPSUS$ group.

The two charged teenagers cannot be named for legal reasons.

As yet, there has been no comment about the charges against the teenagers on LAPSUS$’s normally garrulous Telegram channel.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.

Follow him on Twitter at @gcluley, or drop him an email.

Source…

Lapsus$ Cracked? Two Teens Charged In Hacking Group Probe

/in


Police in London Friday said they have charged a pair of teenagers in connection with an investigation of the Lapsus$ hacker group.

This is the second arrest of people related to the activities of the Lapsus$ hacker group which has been lined to multiple hacks of some of the top tech companies in the world. Police in the city of London last week unveiled the arrest of seven people between the ages of 16 and 21.

London police Friday said that two teenagers, aged 16 and 17, are now in police custody after being charged in connection to what it termed the “hacking group” investigation without mentioning the “Lapsus$” name.

[Related: ‘Two Months Is Too Long’: Tenable CEO Slams Okta’s Breach Response]

However, the investigation is related to the Lapsus$ gang, according to the BBC.

“Both teenagers have been charged with: three counts of unauthorised access to a computer with intent to impair the reliability of data; one count of fraud by false representation and one count of unauthorised access to a computer with intent to hinder access to data. The 16-year-old has also been charged with one count of causing a computer to perform a function to secure unauthorised access to a program,” Detective Inspector Michael O‘Sullivan of the City of London Police said in a statement.

The Lapsus$ hacking group this year has been very active. Despite its activity, however, little is known about it, including where it is based or if it has ties to other ransomware gangs.

Global software services firm Globant Wednesday said the source code and documents of some of its customers were hacked, a hack which other media attributed to Lapsus$

Lapsus$ on March 22 claimed via a Telegram post to have stolen data from identity security giant Octa.

Two days before boasting about hitting Okta, Lapsus$ claimed via a Telegram post that it breached internal source code repositories for Microsoft Azure DevOps, and showed images related to Bing and Cortana projects.

Lapsus$ in early March claimed to have stolen Samsung’s source code and biometric unlocking algorithms for its Galaxy devices.

In late February, Nvidia allegedly launched a retaliatory strike against Lapsus$ to prevent…

Source…

CPS Security Guard Charged with Sexually Assaulting Teenage Student – NBC Chicago

/in


A Chicago Public Schools security guard has been charged with sexually assaulting a student on multiple occasions last year at a South Side high school.

Tywain Carter, 29, was held in lieu of posting $20,000 bond at a hearing Wednesday. Judge Mary Marubio noted that Carter was in a “position of trust or authority” over the alleged victim, the Chicago Sun-Times is reporting.

“You were a school security guard, this child was new to that school, and you used your position, as a security guard, as a way to have access to this child,” Marubio said.

Prosecutors said Carter had approached the student and the student’s mother, told them he was a security guard and promised to look after the teenager, who was newly enrolled.

Carter would sometimes be required to remove students from classrooms during the school day, and he told a teacher that he needed to remove the student to help “acclimate” the student to the new school, prosecutors said.

On “multiple occasions” last November and December, Carter took the student to a computer lab where the student was assaulted, prosecutors said.

In December, the student told their parents that Carter had been suspended from the school after another student made abuse allegations against Carter, prosecutors said. The teen then allegedly said they had also been the victim of abuse.

The student’s parents reported the allegations to police and school officials on Dec. 23, and Carter was suspended Jan. 6 after a disciplinary meeting with school personnel, according to prosecutors.

Carter was suspended in December while the district investigated, according to a CPS spokesman, who declined to say if the district had been notified of any other allegations against Carter.

“Chicago Public Schools (CPS) strives to foster safe and secure learning environments for our students, families, and colleagues. Our schools and the District investigate and address all complaints and allegations of wrongdoing in accordance with District policies and procedures,” the spokesman said.

The student was interviewed at the Chicago Children’s Advocacy Center the next day and identified Carter, who was placed into custody on…

Source…

Man charged with Ubiquiti data breach and extortion was employee assigned to investigate hack

/in


A former employee of Ubiquiti Networks has been arrested and charged in connection with a hack that stole gigabytes of data and attempted to extort US $2 million from the firm.

36-year-old Nickolas Sharp, of Portland, Oregon, who was employed by networking manufacturer Ubiquiti as a software engineer in its cloud division between August 2018 and March 2021, is accused of stealing gigabytes of confidential data from the firm’s AWS servers and GitHub repositories in December 2020.

The first the world knew of the security breach was in January 2021, when Ubiquiti advised users to change their account passwords and enable two-factor authentication (2FA).

According to an unsealed Department of Justice indictment against Sharp, the software engineer is said to have used a Surfshark VPN account to hide his IP address when logging into Ubiquiti’s AWS and GitHib accounts in order to steal confidential data.

After the breach, Sharp is said to have posed as an anonymous hacker, demanding a ransom of 50 Bitcoin (approximately worth US $1.9 million at the time) in exchange for the return of the stolen data and details of the vulnerability he allegedly claimed to have exploited to access the company’s systems.

When Ubiquiti refused to pay the ransom, Sharp is alleged to have published a portion of the stolen files online, and attempted to damage the firm’s reputation by contacting the media posing as a whistleblower, maligning its security and causing the business’s share price to fall 20% – a loss in market capitalisation of over US $4 billion.

In short, the US Department of Justice claims that:

  • Sharp took advantage of his privileged access as an employee of Ubiquiti to steal gigabytes of data, and delete logs that could have exposed his identity in a subsequent investigation.
  • Sharp posed as an anonymous hacker to demand a ransom worth almost US $2 million be paid.
  • Sharp anonymously contacted media outlets with damaging news stories about how Ubiquiti had handled the data breach, claiming a vulnerability was present in its systems.

In perhaps the ultimate irony, Sharp was assigned to the company’s incident response team investigating the hack – Ubiquiti clearly unaware at the time of his alleged…

Source…