DHS Board Starts Investigating Lapsus$ Teen Hacker Group (axios.com) 9
A group of federal cyber advisers is putting a suspected teen hacking group under the microscope in the second investigation ever conducted by the Cyber Safety Review Board. From a report: The Department of Homeland Security review board -- a group of 15 federal government and private-sector cyber experts -- announced Friday morning that it will study and provide recommendations to fend off the hacking techniques behind the Lapsus$ data extortion group. The Cyber Safety Review Board first investigated and released a report with security recommendations in July about the Log4j open-source software vulnerability that affected millions of devices last year.
Lapsus$, which has been outed as a teenage hacking group, is believed to be behind data breaches at Uber, Rockstar Games, Microsoft, Okta and other major companies earlier this year. Data extortion groups break into a company's systems, steal prized information like source codes, and then demand a payment from the company to stop them from leaking the stolen information. Specifically, Lapsus$ targets companies through MFA fatigue, where they use stolen login credentials to log in to a network and then spam account owners with two-factor authentication requests on their phones until they accept one. Suspected members of the gang are believed to be based in the U.K. and have been arrested several times throughout the year.
Lapsus$, which has been outed as a teenage hacking group, is believed to be behind data breaches at Uber, Rockstar Games, Microsoft, Okta and other major companies earlier this year. Data extortion groups break into a company's systems, steal prized information like source codes, and then demand a payment from the company to stop them from leaking the stolen information. Specifically, Lapsus$ targets companies through MFA fatigue, where they use stolen login credentials to log in to a network and then spam account owners with two-factor authentication requests on their phones until they accept one. Suspected members of the gang are believed to be based in the U.K. and have been arrested several times throughout the year.
Re: (Score:2)
No need to "understand" (Score:2)
No need for empathy. Do the crime do the time and crushing such vermin is righteous.
There is no moral duty to such social saboteurs and woe betide such if I'm on their jury. Crushing the worthless gives them some worth as deterrent examples, and when crime is so premeditated there is zero reason to pretend the offenders will repent.
Re: (Score:3)
Boomers wouldn't understand
It's like boomers have never been teens themselves.
Re: for the lolz (Score:2)
Boomers (pronounced to rhyme with "They Will Doom Us") were already 30 years old when digital watches came out. They were 40 when the Walkman came out. They were 50 when their grandchildren first got online. They were 60 when they, begrudgingly went online.
What was your point again?
Re: (Score:2)
So before the advent of technology, teens were just perfectly well behaved citizens who never got into trouble, never set fire to anything, never dropped large blocks of ice from the top of an overpass on passing cars below, never shot bb guns through the neihbor's windows, etc, all just for the "lulz" ?
Are you really that dumb or are you trolling ? Don't answer that, I already know the answer.
Both.
Always the weakest link (Score:2)
MFA fatigue, where they use stolen login credentials to log in to a network and then spam account owners with two-factor authentication requests on their phones until they accept one.
..."until they accept one"? I am honestly surprised and disturbed. If a homeless person keeps pestering me for money, and I finally throw a $20 bill at them, I shouldn't be surprised when my wallet has $20 less in it, later. That's not a great analogy, but....there's better ways! Like, change your password. :-(