Mastermind Behind Okta And Other Hacks is An Autistic 16-Year-Old Boy

Investigation into a string of hacks that have hit technology companies like Microsoft, Nvidia Corp and most recently Okta has traced these hacks to an autistic 16-year-old boy who goes by the online monikers ‘White’ and ‘breachbase,’ living at his mother’s house near Oxford, England. 

Reports have failed to identify the 16-year-old because he is a minor. Reports only described the suspect as autistic and attending a special education school in Oxford. The teen lives with his mother in a modest home located about 5 miles away from the world-renowned Oxford University.  He was also reported to have alleged earned a jaw-dropping $14million through his hacking activities.

About 4 Cyber security experts and researchers who were hired to investigate the hacking group Lapsus$, on behalf of the attacked companies, have said they believe the 16-year-old teenager is the mastermind. Lapsus$ is a hacking group that has been responsible for a number of high-profile hack incidents that has puzzled cyber security experts. Although the motivation behind the hackers still remains unclear, however many wonder what the motivation might be if not money.

For now, the researchers believe the 16-year-old may be behind some of the biggest hacks carried out by hacking group Lapsus$, the researchers are yet to conclusively tie him to every hacking incident Lapsus$ has claimed. The cyber researchers have only been able to link teens to the hacking group based on forensic evidence pertaining to the hack as well as information scrabble here and there from the public.

According to the investigations, another suspected member of the hacking group Lapsus$ is a teenager who currently resides in Brazil. Reports say that seven unique accounts have been identified by the cyber security researchers to be associated with the hacking group. This however brings us to a conclusion that several others are most likely involved in the group’s operations. One of the researchers has disclosed that the teen is so fast and skilled at hacking that even researchers initially pictured there were automated. The London police have announced that seven people have been arrested, between ages 16-21, in connection with the Lapsus$ hacks, but the agency did not say whether the alleged mastermind was among those detained. Police have also stated that all seven suspects have been released pending the outcome of the investigation. 

Severally Lapsus$ have ridiculed their victims by publicly leaking their source code and internal documents. The most recent Lapsus$ practice surfaced when the group revealed to the public proofs of the Okta breach. This move by the group has ultimately sent the company into a public-relations crisis. With approximately 2.5 per cent of her customer base data viewed and potentially been impacted the company. In a statement by Okta, an engineer at a third-party vendor was breached. Okta is a company that has more than 15,000 customers globally—including multinational companies, universities and governments—who rely on Okta’s software to securely manage access to their systems and verify users’ identities.

In a blog post, Microsoft also confirms to have been hacked by Lapsus$. The company discloses that the group choose to embark on a “large-scale social engineering and extortion campaign against multiple organizations.” The group’s primary style and practice are to hack companies, steal their data and make a ransom demand for it. Microsoft tracks Lapsus$ as “DEV-0537,” and further disclosed that the group wasn’t acting alone, but depends on insiders within the victimized companies to assist in their hacks. According to two of the researchers, the Lapsus$ hacking group lacked proper operational security which allowed the cyber security companies to gain Intel knowledge about the teenage hackers.

Lapsus$, which is believed to be based in South America, has not been shy about its illegal online exploits. The group started targeting organizations in the UK and South America before setting its sights on international targets, including governments, tech companies, media, retail and healthcare sectors.