15-year-old revealed as key player in Scattered LAPSUS$ Hunters
'Rey' says he's trying to leave Scattered LAPSUS$ Hunters and is prepared to cooperate with law enforcement
Security researcher Brian Krebs has unmasked one of the apparent culprits behind the Jaguar Land Rover and M&S cyber attacks as a Jordanian teenager.
Krebs approached the 15-year-old, who had been using the pseudonym ‘Rey’ on Telegram and confirmed his real identity.
The teenager said he has been in contact with various international law enforcement agencies, such as Europol, and hasn’t carried out any hacking activities since September.
“I’m already cooperating with law enforcement,” he said. “In fact, I have been talking to them since at least June,” he told Krebs.
Krebs noted that he was unable to confirm these details following contact with the individual.
Scattered LAPSUS$ Hunters, of which 'Rey' is just one of three administrators, has been behind numerous extortion attempts. According to Krebs, he was previously an administrator of the data leak website for Hellcat, a ransomware group involved in attacks on Schneider Electric, Telefonica, and Orange Romania.
The teenager was also an administrator of the latest incarnation of English-language leak site, BreachForums.
While cyber crime groups like this are often portrayed as being part of organized crime, 'Rey' is one of a growing number of hackers who turn out to be normal teenagers.
How Krebs snared ‘Rey’
According to Krebs, a series of mistakes enabled him to track him down. While operating under the Telegram username @wristmug, Rey accidentally revealed his password in a screenshot - a password that Krebs was able to link to the email address cybero5tdev@proton.me.
Data from Spycloud then indicated that Rey’s computer was a shared Microsoft Windows device located in Amman, Jordan, and also used by other family members.
It's not clear what will happen now. But, Alon Gal, co-founder and CTO at Hudson Rock questioned why “no apparent action” had been taken by law enforcement.
“Rey is one of the most prolific threat actors of the past few years,” he wrote in a post on LinkedIn. “I genuinely don’t understand how they let him continue if the dox proves to be accurate."
In any case, Rey told Krebs: "I don’t really care, I just want to move on from all this stuff even if its going to be prison time or whatever they gonna say.”
The rise of teen hackers
It's not unusual for hackers - especially in the various groups associated with Scattered Spider - to turn out to be extremely young. In September, for example, 19-year-old Thalha Jubair and Owen Flowers, 18, were charged in the UK for their involvement in an attack on TfL last year.
Speaking to ITPro at the time, security experts said the uptick in youth-related cyber crime is a serious cause for concern and requires swift action from industry, academia, and law enforcement.
Anna Chung, principal researcher for EMEA at Palo Alto Networks, said the trend should be a “wake up call” for authorities and called for efforts to encourage tech-savvy teens toward legitimate careers in cybersecurity.
According to the UK's Information Commissioner’s Office (ICO), the biggest cybersecurity risk faced by schools comes from the pupils themselves, with around 5% of all 14-year-old boys and girls admitting to ‘hacking’ in some capacity.
William Wright, CEO of Closed Door Security, said the group boasts close ties to Russian threat actors, which has enabled it to wreak widespread havoc.
"There will be a lot of concern among the general public around how a 15-year-old could cause so much damage to some of the biggest organisations in the UK. But in reality, it's not so simple. Rey was collaborating with Russian threat actors, using their infrastructure to execute highly sophisticated attacks," he said.
"Rey claims to be working with law enforcement now, which is causing trouble across the Scattered Lapsus$ Hunter Telegram channel. This could lead to other members of the gang being identified, but Rey may get off lightly if he supports law enforcement enough."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- Former NCSC head says the Jaguar Land Rover attack was the 'single most financially damaging cyber event ever to hit the UK'
- M&S reveals massive financial hit from cyber attack
- Hackers behind Jaguar Land Rover announce their 'retirement' – should we believe them?
-
Instructure chose to a pay ransom following the Canvas cyber attack – research shows more than half of security leaders would follow suitAnalysis Opting to pay ransoms creates huge risks for enterprises – you’re relying on the word of criminals
-
Ransomware negotiator sentenced for role in major cyber crime groupNews Deniss Zolotarjovs was a key player in a group associated with Conti
-
Threat actors ditch ‘spray and pray’ attacks in shift to targeted exploitationNews A dip in ransomware volumes points to a more targeted approach focused on vulnerability exploitation
-
Brit pleads guilty amid Scattered Spider hacking spree claimsNews Tyler Robert Buchanan faces 10 years in jail if found guilty
-
Tycoon 2FA is down, but not out – researchers warn the phishing as a service operation is still a huge threat to businessesNews Millions of Tycoon 2FA attacks are still hitting businesses, according to research from Barracuda
-
Security leaders overconfident about ransomware recoveryNews Few manage to recover all their data, and many experience business disruption
-
German authorities want your help finding the hackers behind GandCrab and REvilNews Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk are believed to have made millions from ransomware as a service schemes
-
78% of UK manufacturers have experienced a cyber incident in the last year – and more than half have taken a revenue hitNews Last year's attack on Jaguar Land Rover shows the costs can be very significant indeed
