A court in London has found two teenagers guilty of participating in a series of hacking activities targeting major technology companies. One of the convicted individuals, 18-year-old Arion Kurtaj, was identified as a key member of the Lapsus$ hacking group.
Acting independently, Kurtaj breached the computer systems of prominent entities such as Uber, Revolut, and Rockstar Games during a series of incidents in September 2022. The second defendant, a 17-year-old whose name remains undisclosed for legal reasons, was also found guilty of involvement in the hacking spree, including attempts to blackmail companies like BT and Nvidia as part of the Lapsus$ activities.
The Lapsus$ group garnered attention due to its erratic behavior, open claims of successful cyberattacks, and the notable presence of teenage members. The group was associated with Brazil, where authorities previously apprehended another alleged member.
Kurtaj, who has autism, was determined by psychiatrists to be unfit to stand trial. He managed to hack into Rockstar Games, the developer of Grand Theft Auto, while on bail using an Amazon Fire Stick connected to his hotel television.
The hacking incidents had widespread consequences. For instance, during the Uber hack, the attacker posted explicit material on an internal information page for employees.
A similar situation occurred with the Grand Theft Auto incident, where an individual claimed responsibility for hacking Uber on a fan forum and shared unreleased content from the game’s development. The defendants were linked to the cyberattacks through IP addresses traced from various email and Telegram accounts they reportedly used to brag about their exploits. This case underscores the growing challenges posed by young hackers and the need for stringent cybersecurity measures.