UK Teens Charged With Hacking After Lapsus$ Arrests

Two British teenagers have been charged with computer crimes, following the arrests of several alleged members of the Lapsus$ hacking gang in the UK late last month.

The teenagers, aged 16 and 17, appeared in Highbury Corner Magistrates Court on Friday morning and remain in police custody.

Both were charged with three counts of unauthorised access to a computer with intent to impair the reliability of data and one count of fraud by false representation and one count of unauthorised access to a computer with intent to hinder access to data.

The 16-year-old was also charged with one count of causing a computer to perform a function to secure unauthorised access to a program, according to Detective Inspector Michael O’Sullivan of the City of London Police.

High-profile targets

The teenagers were not named due to age restrictions.

The Lapsus$ gang appeared only recently, but has attracted attention after attacking high-profile targets such as Microsoft and authentication software company Okta.

The gang claimed to have downloaded 37GB of source code for key Microsoft products such as Bing and Cortana, as well as mobile apps.

Both companies have acknowledged their systems were subjected to unauthorised access.

At the time of the arrests last month British police said they had detained seven alleged members of the gang, aged 16 to 21.

At around the same time, the group told its 45,000 followers on Telegram that some of its members would be taking “a vacation”.

Oxford teen ‘mastermind’

On Wednesday the group began posting again, releasing material stolen from a software development company headquartered in Argentina.

Lapsus$ is believed to be based in South America.

One of the teens arrested last month was reportedly a 16-year-old Oxford resident known online as “breachbase” or “White”.

Reports said this individual was one of the gang’s leaders and was in possession of the equivalent of $14 million (£11m) in Bitcoin. Reports claimed the hacker’s colleagues had publicly disclosed his identity following a dispute.

Security researchers had been tracking the person for almost a year after he made multiple mistakes that allowed him to be detected, according to Bloomberg.