The Lapsus$ hacking gang caused havoc in 2021 and 2022 with a series of high-profile security breaches and ransom demands. Yet things have been very quiet since then, and two alleged members of the group have just been convicted in the U.K., potentially bringing an end to one of the most notable hacking sprees in recent times.
According to Bloomberg and the BBC, two people accused of being members of the gang were convicted in the U.K. of a number of crimes, including serious computer misuse, blackmail and fraud. The defendants included Arion Kurtaj, 18, and a 17-year-old male who could not be named due to his age. Both defendants are autistic and psychiatrists deemed that Kurtaj was not fit to stand trial, so he did not give evidence. They will both be sentenced at a later date.
The charges related to a spate of hacking incidents, including breaches targeting Nvidia, BT Group, Uber, the EE cell network, and Rockstar Games. The latter resulted in gameplay footage and files from the company’s unreleased game Grand Theft Auto 6 being released onto the internet.
Interestingly, Kurtaj allegedly carried out the Rockstar hack after the police had moved him to a hotel for his own safety. He had reportedly been “doxxed” by rival hackers, meaning his personal information had been leaked, and the police sequestered him in a hotel under bail conditions, which included an internet ban.
Yet this did not seem to stop Kurtaj from continuing his hacking. He breached the Rockstar systems, downloaded unreleased game footage, and threatened to post it online if the company did not contact him within 24 hours. When the police then searched his room, he was “caught red handed” with devices that could connect to the internet, in breach of his bail conditions.
Lapsus$ breaches would usually involve the theft of company data. The gang would subsequently demand a ransom and threaten companies with the release of their sensitive files and information if the ransom was not paid. Lapsus$ heists were defined by their attention-seeking nature, with members frequently bragging online about their exploits.
However, the law eventually caught up to Lapsus$, with reports of arrests being made across the world over the course of 2022. Now, it seems that two members have been punished for their involvement.
Some members of the group are thought to still be at large, but it’s clear that the gang that shocked the security world has been largely dismantled. Whether the remaining members make a comeback is anyone’s guess.