FBI suspects UK teen cyber extortion gang leader behind Uber and GTA hacks

The FBI and US Department of Justice (DOJ) are investigating the consecutive Uber and Rockstar Games security breach incidents this week.

The leader of the Lapsus$ crime group, a 16-year-old British teenager, has been named by online hacker forums as the prime suspect.

According to Forbes, Uber was the first company impacted in what appears to be two attacks from the same threat actor. The successful hack led to an extensive compromise of internal systems, although Uber has stated that there is no evidence of the hacker gaining access to "sensitive user data" such as trip histories.

Days later, Rockstar Games had also been hacked, which had resulted in a total of 90 video clips leaked online. Among these were many showing early development stages of Grand Theft Auto 6, the latest in the massively popular GTA series of games.

============

Lapsus$ has gained notoriety for breaches involving Cisco, Microsoft, Nvidia, Okta and Samsung so far this year. According to Davey Winder, co-founder of Straight Talking Cyber, the Lapsus$ modus operandi fits nicely with his "understanding of both breaches, and that Rockstar Games were claimed to be held to ransom over the publication of GTA 5 and GTA 6 source code adds fuel to this particular fire".

In a statement, Uber attributes the attack to Lapsus$ crime group. The Uber team published the lengthy statement on 19 September, which outlined the context and detail about the breach which involved technical details confirming that an external contractor's account was compromised, and an "MFA fatigue" technique used to gain access to the Uber network. The ride-share platform believes the attacker is "affiliated with a hacking group called Lapsus$, which has been increasingly active over the last year or so".

A popular gaming expert known as LegacyKillerHD, or just "Michael" on Twitter, has found more information that backs up the notion that the hacker Forbes has reported. Michael references Doxbin, a site used to nefariously share personal information about people, called doxing, which claims that the Lapsus$ leader was responsible. The owner of the BreachForums criminal data breach discussion and sales site has also pointed the finger at the same teenage hacker.

The City of London Police arrested the 16-year-old hacker who lives in England in March in relation to activities involving the Lapsus$ group.

The BBC reported at the time that the boy, who could not be named for legal reasons, was alleged to have amassed $14 million from his crimes. Then, as now, it was a criminal forum that identified the hacker.