An 18-year-old hacker who leaked clips of a forthcoming Grand Theft Auto game has been sentenced to an indefinite hospital order.
Arion Kurtaj from Oxford, who is autistic, was a key member of international gang Lapsus$.
The gang's attacks on tech giants including Uber, Nvidia and Rockstar Games cost the firms nearly $10m. The judge said Kurtaj's skills and desire to commit cyber-crime meant he remained a high risk to the public.
The court heard that Kurtaj had been violent while in custody with dozens of reports of injury or property damage.
Doctors deemed Kurtaj unfit to stand trial due to his severe autism so the jury was asked to determine whether or not he committed the alleged acts - not if he did so with criminal intent.
The jury was told that while he was on bail for hacking Nvidia and BT/EE and in police protection at a Travelodge hotel, he continued hacking and carried out his most infamous hack.
Despite having his laptop confiscated, Kurtaj managed to breach Rockstar, the company behind GTA, using an Amazon Firestick, his hotel TV and a mobile phone.
Kurtaj stole 90 clips of the unreleased and hugely anticipated Grand Theft Auto 6.
In sentencing hearings, Kurtaj's defence team argued that the success of the game's trailer indicated that Kurtaj's hack had not caused serious harm to the game developer and asked that this be factored into the sentencing.
Her Honour Judge Lees said that there were real victims and real harm caused from his other multiple hacks on individuals and the companies he attacked with Lapsus$.
Rockstar Games alone told the court that the hack cost it $5m to recover from plus thousands of hours of staff time.
Another Lapsus$ member, who is 17 and cannot be named because of his age, was found guilty in the same trial, which lasted six weeks at Southwark Crown Court.
He worked with Kurtaj and other members of Lapsus$ to hack tech giant Nvidia and phone company BT/EE and steal data before demanding a four million dollar ransom, which was not paid.
The 17-year-old was sentenced to an 18 month long Youth Rehabilitation Order, including intense supervision and a ban on using VPNs online.
Kurtaj and the 17-year-old are the first members of the Lapsus$ group to be convicted but it is thought others are still at large.
The gang's audacious attacks in 2021 and 2022 shocked the cyber-security world.
The gang - thought to mostly be teenagers - used con-man like tricks as well as computer hacking to gain access to multinational corporations such as Microsoft, the technology giant and digital banking group Revolut.
During their spree, the hackers regularly celebrated their crimes publicly and taunted victims on the social network app Telegram in English and Portuguese.
It prompted US cyber-authorities to issue a lengthy report into Lapsus$ and other teen hacker gangs.
No companies publicly admitted paying the hackers and the hackers did not provide the passwords to seized cryptocurrency wallets.
This Cyber News was published on packetstormsecurity.com. Publication date: Fri, 22 Dec 2023 14:43:17 +0000