CyberSecurityBoard
Sponsor Register Login

Lapsus$ teen sentenced to indefinite detention in hospital The Register

Two British teens who were members of the Lapsus$ gang have been sentenced for their roles in a cyber-crime spree that included compromising Uber, Nvidia, and fintech firm Revolut, and also blackmailing Grand Theft Auto maker Rockstar Games.
Arion Kurtaj, 18, of Oxfordshire, was sentenced Thursday to detention at a hospital in the UK for an indefinite amount of time.
Kurtaj, who has autism, was assessed by psychiatrists as not fit to stand trial.
He will remain hospitalized until a mental health tribunal says he can leave.
A 17-year-old member of the chaotic crime gang, who cannot be named for legal reasons, was given a youth rehabilitation order.
Kurtaj had reportedly been violent while in custody, and the court heard dozens of reports of injury or property damage.
Previously, Kurtaj was found guilty of 12 offenses, including computer intrusion, blackmail, and fraud.
The 17-year-old was convicted of fraud, blackmail, and carrying out an unauthorized act to impair the operation of a computer.
The two teenagers and other Lapsus$ members broke into and attempted to extort Brit telecoms giant BT, Microsoft, Samsung, Vodafone, Revolut, and Okta between August 2020 and September 2022.
Among other things, Kurtaj, while under police protection at a Travelodge hotel while out on bail and with his laptop confiscated, broke into Rockstar Games using an Amazon Firestick, his room's TV, and a phone, stole and leaked some internal videos and source code, and told the biz it had 24 hours to contact him or he would leak the lot.
He also swiped 1TB of corporate material from Nvidia and shared 80GB of it publicly while threatening to dump the rest online.
In March 2022, London cops arrested and then released seven people, aged 16 to 21, for their alleged roles in the digital intrusions and extortion attempts.
They then re-arrested and charged Kurtaj and the 17-year-old later that month.
The crew's tactics included phone-based social engineering, SIM swapping, and even paying employees of target organizations for access to credentials and multi-factor authentication codes.
Following their string of high-profile attacks, the US government in August issued a report on Lapsus$ [PDF] and urged organizations to move away from voice- and SMS-based MFA and instead use a hardware-backed FIDO key or biometric authentication.
It also called on the Federal Communications Commission and Federal Trade Commission to strengthen their oversight and enforcement activities of telecommunications providers related to SIM swapping.


This Cyber News was published on go.theregister.com. Publication date: Thu, 21 Dec 2023 22:43:12 +0000


Cyber News related to Lapsus$ teen sentenced to indefinite detention in hospital The Register

Lapsus$ hacker behind GTA 6 leak gets indefinite hospital sentence - Lapsus$ cybercrime and extortion group member, Arion Kurtaj has been sentenced to life in a 'secure hospital' by a UK judge. Kurtaj who is 18 years of age and autistic is among the primary Lapsus$ threat actors, and was involved in the leak of assets ...
6 months ago Bleepingcomputer.com
Lapsus$ hacker behind GTA 6 leak sentenced to life in a hospital - Lapsus$ cybercrime and extortion group member, Arion Kurtaj has been sentenced to life in a 'secure hospital' by a UK judge. Kurtaj who is 18 years of age and autistic is among the primary Lapsus$ threat actors, and was involved in the leak of assets ...
6 months ago Bleepingcomputer.com
Lapsus$ teen sentenced to indefinite detention in hospital The Register - Two British teens who were members of the Lapsus$ gang have been sentenced for their roles in a cyber-crime spree that included compromising Uber, Nvidia, and fintech firm Revolut, and also blackmailing Grand Theft Auto maker Rockstar Games. Arion ...
6 months ago Go.theregister.com
Lapsus$: GTA 6 hacker handed indefinite hospital order - An 18-year-old hacker who leaked clips of a forthcoming Grand Theft Auto game has been sentenced to an indefinite hospital order. Arion Kurtaj from Oxford, who is autistic, was a key member of international gang Lapsus$. The gang's attacks on tech ...
6 months ago Packetstormsecurity.com
GTA 5 source code reportedly leaked online a year after RockStar hack - The source code for Grand Theft Auto 5 was reportedly leaked on Christmas Eve, a little over a year after the Lapsus$ threat actors hacked Rockstar games and stole corporate data. Links to download the source code were shared on numerous channels, ...
6 months ago Bleepingcomputer.com
GTA 6 Hacker: Life in Secure Hospital for Cybercrime Intent - The teenage hacker who leaked details about Grand Theft Auto 6 is now facing a life sentence in a guarded institution, which is a surprise development. The person, identified as Lapsus, was placed under an indefinite hospital order because of worries ...
6 months ago Cysecurity.news
Autistic teen behind spate of Lapsus$ hacks sentenced to indefinite hospital stay - Arion Kurtaj, a teenager described as a key member of the Lapsus$ group, was sentenced to an indefinite hospital order on Thursday for a series of high-profile hacks last year. Kurtaj, who is 18 and has severe autism, was deemed unfit to stand trial ...
6 months ago Therecord.media
Teen GTA VI hacker sentenced to life in a secure hospital - The 18-year-old Lapsus$ hacker who played a critical role in leaking Grand Theft Auto VI footage has been sentenced to life inside a hospital prison, according to a report from the BBC. A British judge ruled on Thursday that Arion Kurtaj is a high ...
6 months ago Theverge.com
UK Teen Gets Indefinite Hospital Order For 'Grand Theft Auto' Hack - A British teenage hacker has been sentenced to an indefinite hospital stay to be treated for his inability to control himself online. A jury concluded that Kurtaj, whom psychiatrists deemed unfit to stand trial, had carried out numerous computer ...
6 months ago Securityweek.com
Kansas City-area hospital transfers patients, reschedules appointments after cyberattack - A hospital near Kansas City, Missouri, is struggling to provide care to patients this week after a cyberattack limited its systems. In an update on Wednesday, Liberty Hospital said it was still dealing with disruptions to its computer systems that ...
6 months ago Therecord.media
CVE-2013-0135 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) ...
6 years ago
The Evolving Threat Landscape: Where Out-of-Band Communications Fit - On August 10, 2023, the Cyber Safety Review Board publicly released a critical report detailing cyberattacks perpetrated by Lapsus$ and related threat groups. The report came approximately a year and a half after Microsoft first warned about the ...
5 months ago Securityboulevard.com
Kazakhstan to extradite Russian cyber expert to Moscow despite US requests - Kazakhstan will reportedly extradite a prominent Russian cybersecurity expert to Moscow after refusing to send him to the U.S. Nikita Kislitsin, who was detained in Kazakhstan earlier in June at the request of the U.S., will face hacking and ...
6 months ago Therecord.media
Cybersecurity firm executive pleads guilty to hacking hospitals - The former chief operating officer of a cybersecurity company has pleaded guilty to hacking two hospitals, part of the Gwinnett Medical Center, in June 2021 to boost his company's business. Vikas Singla, who worked for Securolytics, a network ...
7 months ago Bleepingcomputer.com
Chicago children's hospital says nearly 800,000 affected by January ransomware attack - A prominent children's hospital in Chicago confirmed that almost 800,000 people had sensitive health information leaked during a ransomware attack earlier this year. The Ann & Robert H. Lurie Children's Hospital of Chicago was attacked in January by ...
1 week ago Therecord.media
CVE-2017-17713 - Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp ...
6 years ago
CVE-2017-17714 - Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, ...
6 years ago
CVE-2023-52780 - In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to page_pool_get_stats Calling page_pool_get_stats in the mvneta driver without checks leads to kernel crashes. First the page pool is only available if the bm ...
1 month ago Tenable.com
Innovative Legal Move Restores Hospital's Stolen Information - There has been a handover of patient data stolen by the notorious LockBit gang from a cloud computing company to a New York hospital alliance that is partnered with that company. There was a lawsuit filed by the North Star Health Alliance - a group ...
5 months ago Cysecurity.news
Hundreds of Thousands Impacted in Children's Hospital Cyberattack - A full 791,000 of patients have had their personal information compromised in a cyberattack that resulted in Lurie Children's Hospital in Chicago taking its systems offline. Cybercriminals accessed the children's hospital's systems, disrupting its ...
1 week ago Darkreading.com
Cyberattacks on Hospitals Are Likely to Increase, Putting Lives at Risk, Experts Warn - Cybersecurity experts are warning that hospitals around the country are at risk for attacks like the one that is crippling operations at a premier Midwestern children's hospital, and that the U.S. government is doing too little prevent such breaches. ...
4 months ago Securityweek.com
Cyber Intrusion: Royal Family Braces for Potential Medical Data Release - A hacker with a history of releasing private information has threatened to do so unless it receives a ransom payment of $300,000 in bitcoins from members of the British Royal Family, including X-rays, letters from consultants, clinical notes, and ...
7 months ago Cysecurity.news
Malek Team: Iran-linked Hackers Claim to Leak Medical Records From Israeli Hospital - An alleged Iran-based hacker group has claimed responsibility for stealing thousands of medical records from an Israeli hospital and leaking them on online forums. The stolen data also includes medical information of Israeli soldiers. The hospital - ...
7 months ago Cysecurity.news
Trending Ransomware news headlines on Google - During the holiday season of Christmas 2023, a ransomware attack targeted the Ohio Lottery, causing disruptions to its operations. The gaming company is currently in the process of recovering its encrypted data and is consulting with security experts ...
6 months ago Cybersecurity-insiders.com
JFK Airport Taxi Hackers Sentenced to Prison - Two cab drivers accused of being involved in a hacking scheme targeting the taxi dispatch system at John F. Kennedy International Airport have been sentenced to prison, the US Justice Department announced on Monday. The individuals are Daniel Abayev, ...
4 months ago Packetstormsecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)