In a recent trial held at Southwark Crown Court in London, an 18-year-old from Oxford named Arion Kurtaj has been found guilty of being a part of the notorious cybercrime gang LAPSUS$. This international hacking group was responsible for carrying out a series of cyberattacks against major tech firms such as Uber, Nvidia, and Rockstar Games. Along with Kurtaj, a 17-year-old was also convicted for his involvement in the activities of the gang. However, due to his age, his identity cannot be revealed.
The charges against the pair include three counts of unauthorized access to a computer with the intent to impair the reliability of data, among other offenses. These charges were filed against them in April 2022. The LAPSUS$ group is infamous for its involvement in various high-profile cyberattacks, including the data breach of the internal systems of cloud-based authentication software provider Okta.
During the trial, it was revealed that Kurtaj and his co-conspirators, driven by a “juvenile desire to stick two fingers up to those they are attacking,” often left offensive messages on platforms like Slack and Microsoft Teams as they attempted to blackmail the victims. The motive behind their actions seemed to vary from seeking notoriety to financial gain or simply for their own amusement. The gang’s behavior was characterized as erratic and unpredictable.
It is still unclear how much money the LAPSUS$ group has made from their cybercrimes, and it is believed that other members of the gang are still at large. Both teenagers will be sentenced at a later date. While Kurtaj is currently remanded in custody, the 17-year-old defendant remains on bail.
The hacking spree carried out by LAPSUS$ has caught the attention of US cyber authorities, prompting them to conduct a major review of the situation. In their report, they warned that there is a pressing need to improve cyber defenses to counter the rising threat posed by teenage hackers. They highlighted the fact that the juvenile status of certain threat actors can limit the role of federal law enforcement and result in lighter penalties under their home countries’ legal frameworks. It was emphasized that the consequences for juvenile offenders may not be severe enough to deter them, and there is a lack of specialized intervention programs that can redirect potential offenders towards legitimate cybersecurity activities.
As the sentencing of the convicted individuals approaches, law enforcement agencies and cybersecurity experts are closely monitoring the situation to assess the impact of this trial on the overall fight against cybercrime. It serves as a reminder of the ever-present threat posed by cybercriminals, even those who are relatively young but possess advanced hacking skills. The need for robust cybersecurity measures and international collaboration to tackle such criminal activities has never been more critical.