The mastermind behind high-profile hacks into companies such as Microsoft, Okta and Nvidia is an autistic teen living at home with his mom, investigators claim.
A team of researchers digging into the recent string of cyber security breaches by the hacker group known as Lapsus$ told Bloomberg News that one of its leaders is a 16-year-old boy from Oxford, England.
The major minor hacker, who goes by the online aliases "White" and "Breachbase", has not been publicly accused of any wrongdoing by law enforcement; City of London Police confirmed to BBC that they have arrested seven people aged between 16 and 21 in connection with the crimes, but did not specify if the teen was among them, for legal reasons.
"They have all been released under investigation. Our inquiries remain ongoing," police said.
The researchers admitted to Bloomberg that the boy is so skilled and so fast, that they initially thought they were tracking an automated program rather than a human being.
The group's modus operandi is to hack into major internet companies, steal their data, and then demand a ransom not to leak it; their primary motive appears to be money and notoriety. According to the outlet, members of Lapsus$ have even gone online to taunt their victims — as well as their pursuers.
According to the BBC, the boy, who they said has autism, was doxxed by former associates after a falling out: they posted his name, social media details and address online.... or rather, his mom's address.
Speaking to Bloomberg for ten minutes through the doorbell intercom of her "modest terraced house" a woman who identified herself as the boy's mother said she was unaware of the allegations against her son, and refused to let the outlet speak to him. She said she was upset that both her and the boy's father's addresses had been posted online.
She said the boy was being harassed since the doxxing, and that it was a matter for law enforcement and that police were being contacted.
The boy's dad meanwhile told BBC he thought he was just playing video games.
"I had never heard about any of this until recently. He's never talked about any hacking, but he is very good on computers and spends a lot of time on the computer," he said. "I always thought he was playing games."
"We're going to try to stop him from going on computers."
The group that outed the teen claim he has amassed over 300 bitcoin in his short criminal career — close to $14million worth.
The team hunting him claimed they had his name since the middle of last year, before the doxxing. They said that while he is excellent at hacking, he was not so good at covering up his tracks afterwards.
On Tuesday, Lapsus$ announced on its Telegram channel: "A few of our members has a vacation until 30/3/2022. We might be quiet for some times."
"Thanks for understand us. - we will try to leak stuff ASAP."