Cybercrime , Fraud Management & Cybercrime , Ransomware

Teenagers Behind Uber, Revolut Hacks to Face Criminal Trial

Suspects Accused of Committing Computer Misuse, Blackmail and Fraud
Teenagers Behind Uber, Revolut Hacks to Face Criminal Trial
Image: Shutterstock

British prosecutors have accused two teenagers of several high-profile hacks while being part of the now-inactive, teenager-dominated Lapsus$ hacking group.

See Also: 2024 Report: Mapping Cyber Risks from the Outside

Arion Kurtaj, 18, and a 17-year-old boy whose identity has been withheld hacked into financial technology company Revolut and Uber and game developer Rockstar in September 2022, prosecutors told London's Southwark Crown Court last week.

The incident led to the hackers exposing personal details of nearly 50,000 Revolut users and leaking footage from RockStar's unreleased game. Immediately after the incident, City of London Police arrested then-17-year-old Kurtaj from Oxfordshire on suspicion of hacking.

Prior to that, authorities arrested seven members of the Lapsus$ group, including the 17-year-old suspect, for their role in 2022 hacks on Microsoft, Nvidia Corp. and Okta.

In the hearing last week, British prosecutor Kevin Barry argued the two hackers were "key players" in the Lapsus$ group, Bloomberg reported Tuesday. He accused Kurtaj of hacking into Revolut, Uber and threatening to leak the Rockstar game.

The unidentified 17-year-old also hacked into London police servers while out on bail after his arrest in April 2022, Barry said.

Together, the duo hacked into Nvidia Corp. in February 2022 to steal nearly 1 terabyte of sensitive data, which included sensitive source code related to the company's software application, which the pair then threatened to release in exchange for a ransom, Bloomberg reported.

The pair also targeted British broadband service's EE network between July and November 2021 and conducted cryptocurrency scams using fraudulent SIM cards, according to prosecutors.

The teenagers, who boasted of their hacks online, were identified based on their IP address collected from their online activities, the prosecutors said.

Kurtaj has been charged with three counts of blackmail, two counts of fraud and six charges under the Computer Misuse Act, Reuters reported Tuesday. Kurtaj was assessed by a psychiatrist as being unfit to stand trial, so the jury will decide if he has committed the alleged crime.

The second, unidentified suspect has been found guilty of seven charges related to blackmail, fraud and Computer Misuse Act violations, according to a Reuters report.

Lapsus$, formed in 2019, largely operates through a Telegram account.

The group has been inactive since the arrests of members in London and Brazil.


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.