The FBI is investigating hacks of Uber and Rockstar Games
After a week that saw both Uber and Rockstar Games hacked, the FBI and Department of Justice are investigating: A British teenager, just 16 and leader of the notorious Lapsus$ crime group, and leader of the Lapsus$ crime group, has been named by online hacker forums as the prime suspect.
The Uber and Rockstar Games breaches
Uber was first to fall in what appears to be two attacks from the same threat actor. The successful hack led to an extensive compromise of internal systems, although Uber has stated that there is no evidence of the hacker gaining access to “sensitive user data” such as trip histories. This was followed, just a matter of days later, by the bombshell Rockstar Games hack, which has seen a total of 90 video clips published online. Among these were many showing early development stages of Grand Theft Auto 6, the latest in the hugely popular GTA series of games.
Uber statement attributes attack to Lapsus$ crime group
A lengthy statement published by the Uber Team on September 19, provides more context and detail about the breach. While the technical detail confirms that an external contractor’s account was compromised and an ‘MFA fatigue’ technique used to gain access to the Uber network, the most interesting to me was the attribution section.
Here, Uber says that it believes the attacker is “affiliated with a hacking group called Lapsus$, which has been increasingly active over the last year or so.” Indeed, Lapsus$ has gained notoriety for breaches involving Cisco, Microsoft, Nvidia, Okta and Samsung so far this year.
MORE FOR YOU
The rumors of Lapsus$ involvement have been strong all week
I have been gearing rumors within the online criminal fraternity all week that Lapsus$ was involved in the Uber hack, and following the weekend’s Rockstar Games breach, the GTA 6 leak as well. I had also come to the conclusion, early on, that the threat actor was likely British, based upon the use of slang and ‘TeaPots’ in online handles.
Now, a popular gaming expert known as LegacyKillerHD, or just Michael’ on Twitter, has found more that backs up this notion. Michael references Doxbin, a site used to nefariously share personal information about people, called doxing, with claims that the Lapsus$ leader was responsible. The owner of the BreachForums criminal data breach discussion and sales site has also pointed the finger at the same teenage hacker.
Who is the 16-year-old threat actor suspected of being behind Uber and GTA 6 hacks?
The 16-year-old, who lives in Oxford, England, was arrested in March by the City of London Police in relation to activities involving the Lapsus$ group. The BBC reported at the time that the boy, who could not be named for legal reasons, was alleged to have amassed $14 million from his crimes. Then, as now, it was a criminal forum that doxed the hacker known as Breachbase or White.
The Lapsus$ modus operandi fits nicely with my understanding of both breaches, and that Rockstar Games were claimed to be held to ransom over the publication of GTA 5 and GTA 6 source code adds fuel to this particular fire.
I will update this article with any new developments.
