One of two British teens in the Lapsus$ hacking gang has been sent to a secure hospital indefinitely by a judge, while another was given a youth rehabilitation order.
According to Bloomberg News, Judge Patricia Lees ruled an 18-year old accused of computer crimes should be placed in a secure hospital until a mental health tribunal decides he can leave in the future. The teen was still fixated with hacking and likely to offend again, the judge ruled. He was previously found unfit to stand a traditional trial because of his complex autistic-spectrum disorder.
According to the BBC, the court was told the 18-year old had been violent while in custody, with dozens of reports of injury or property damage.
The court was told that while on bail for hacking Nvidia and communications provider BT/EE — and in police protection at a Travelodge hotel — the 18-year-old continued hacking and carried out his most infamous hack.
Despite having his laptop confiscated, he managed to breach Rockstar Games, the company behind GTA, using an Amazon Firestick, his hotel TV and a mobile phone.
He stole 90 clips of the unreleased and hugely anticipated game Grand Theft Auto 6.
A 17-year-old was sentenced to a youth rehabilitation order with an 18-month supervision requirement, Bloomberg News said. His sentence took into account crimes he pleaded guilty to at a separate youth court, including stalking and harassment.
The two were found guilty of serious computer misuse, blackmail and fraud against BT Group Plc.’s EE network and Nvidia in August, after a seven-week criminal trial. The 18-year old was also found to have hacked into Uber Technologies Inc., fintech firm Revolut Ltd., and Rockstar Games.
Lapsus$ was described by the U.S. Cyber Safety Review Board in a report earlier this year as a loosely organized group that conducted extortion-focused attacks against a wide range of targets. Members were based mainly in the United Kingdom and Brazil. As of April, 2022, experts thought there were no more than 10 known members. It claimed to have hacked Microsoft, Samsung, Okta, T-Mobile and others, stealing data including source code.
In a detailed analysis of the gang’s success, the safety review board noted the gang seemingly had no problem convincing telecommunications or identity management providers to give them control over the access accounts of their targets.
“If richly resourced cybersecurity programs [of corporations] were so easily breached
by a loosely organized threat actor group, which included several juveniles, how can organizations expect their programs to perform against well-resourced cybercrime syndicates and nation-state actors”, the report asked.