Skip to main content

Hacker who hit Microsoft, Samsung and Nvidia could be this 16-year-old

Hacker in hoodie
(Image credit: Shutterstock)

One of the Lapsus$ hackers who have stolen data the internal systems of Microsoft, Samsung, Nvidia and other companies in the past few months may be a 16-year-old living with his mother near Oxford, England.

So says Bloomberg News (opens in new tab) in an unconfirmed (and paywalled) report that cites unnamed sources. Another member of Lapsus$ is believed to be a teenager in Brazil, Bloomberg said, and there may be as many as five other individuals involved. No individuals were named and no arrests have been made.

Bloomberg's William Turton and Jordan Robertson said personal information about the Oxford teen and his parents, including street addresses, had been posted online by rival hackers. 

The group cajoles tech-support workers into resetting passwords, pays insiders to provide access, and even joins in internal chatroom discussions when companies strategize about how to react to Lapsus$'s intrusions.

On Twitter, Turton said Robertson had rung the doorbell at the teen's mother's house and spoken to the mother through the intercom. The mother said she was unaware of the allegations against her son.

See more

The Bloomberg report said the Brazilian teenager was so fast at breaking into systems that investigators initially thought they were witnessing an automated attack. 

If Lapsus$ are indeed a group of bored teenagers, that would make sense. The group seems more interested in notoriety than in money, and while it does make extortion demands tied to stolen data, it does not use ransomware or indeed much malware of any kind. 

Rather, the group breaks into corporate networks using bribery and trickery, a Microsoft report (opens in new tab) Tuesday (March 22) noted. It cajoles tech-support workers into resetting passwords, pays insiders to provide access, and even joins in internal chatroom discussions when companies strategize about how to react to Lapsus$'s intrusions.

The group has asked for payoffs in exchange for not publicly posting stolen data, but has also demanded, for example, that Nvidia release open-source drivers for its high-end graphics cards. 

Over this past weekend, Lapsus$ posted source code for several Microsoft online projects, including Bing, Bing Maps and the Cortana digital assistant. Microsoft insisted that the posting of the source code did not pose a security risk.

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.