back to article More charged in UK Lapsus$ investigation

British police have charged two teenagers as part of an international investigation into the Lapsus$ cyber extortion gang. The boys, aged 16 and 17, are set to appear at Highbury Corner Magistrates' Court on Friday, according to the City of London Police, the force responsible for the capital's financial district. Detective …

  1. Doctor Syntax Silver badge

    "which this week was said to be back at work"

    As I recall it there was nothing in that report to suggest that the break-in took place after the arrests as opposed to being an earlier one newly reported.

  2. chivo243 Silver badge
    Facepalm

    I shudder

    To think what my 11 year old will be doing at 16-21... Hopefully, it won't be 5-10 in the klink for crap like this!

    On the serious side, I'm interested if these guys had much knowledge, or just bought the systems from the darker reaches of the web? If that's a thing? Isn't the web like the moon? All dark really?

    1. Doctor Syntax Silver badge

      Re: I shudder

      This appears to have been social engineering.

    2. Necrohamster Silver badge

      Re: I shudder

      I'm interested if these guys had much knowledge, or just bought the systems from the darker reaches of the web?

      I seem to recall some discussion of the Okta break-in referring to cookies bought on some forum or other

  3. jvf

    It all makes sense now

    Couldn’t understand why Micros~t, aka ‘King of Holey Code’ started issuing in depth security warnings to the world a while back. Where did THAT come from? From its buggy software team it seems. Being hacked by the NORKS? the Russians? China? Nah, just a handful of teenagers.

    1. IGotOut Silver badge

      Re: It all makes sense now

      Haven't the last two big "Holy Shit" compromises be in open source software?

      Bugs and security flaws affect every bit of major software. Just choose your poison and enjoy the trip.

  4. sanmigueelbeer
    Happy

    I have a question: Law enforcement arrested them because they were part of a syndicate of hackers, right? The hackers extort money from their victims, right?

    What if someone just "defaces" a website (as proof of "lax IT practice")? What penalty/penalties apply to that?

    I mean, hacking just to demonstrate the lack of IT security is one thing but to hack in and demand several million if "penalty" does not go down well with everyone.

    1. Cuddles

      "What if someone just "defaces" a website (as proof of "lax IT practice")? What penalty/penalties apply to that?"

      From the article:

      "charged with one count of causing a computer to perform a function to secure unauthorised access to a program"

      Simply accessing something you're not supposed to is a crime, without any need to deface anything. Given that a website displays data, defacing it to show something else would presumably also fall foul of:

      "unauthorised access to a computer with intent to impair the reliability of data" and "unauthorised access to a computer with intent to hinder access to data".

      White hats already face enough issues when they engage in entirely responsible investigations. The moment you actively deface anything, even if only in a relatively mild way for what you consider educational purposes, you've very definitely crossed the line. The police may put less resources into finding you if you're not trying to extort millions from large companies, but you'll still have the book thrown at you if you do get caught. And you'll deserve it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like