15-year-old revealed as key player in Scattered LAPSUS$ Hunters

Hacker concept image showing young man with hood covering face typing on a keyboard in a dark room.

(Image credit: Getty Images)

Security researcher Brian Krebs has unmasked one of the apparent culprits behind the Jaguar Land Rover and M&S cyber attacks as a Jordanian teenager.

Krebs approached the 15-year-old, who had been using the pseudonym ‘Rey’ on Telegram and confirmed his real identity.

The teenager said he has been in contact with various international law enforcement agencies, such as Europol, and hasn’t carried out any hacking activities since September.

“I’m already cooperating with law enforcement,” he said. “In fact, I have been talking to them since at least June,” he told Krebs.

Krebs noted that he was unable to confirm these details following contact with the individual.

Scattered LAPSUS$ Hunters, of which 'Rey' is just one of three administrators, has been behind numerous extortion attempts. According to Krebs, he was previously an administrator of the data leak website for Hellcat, a ransomware group involved in attacks on Schneider Electric, Telefonica, and Orange Romania.

The teenager was also an administrator of the latest incarnation of English-language leak site, BreachForums.

While cyber crime groups like this are often portrayed as being part of organized crime, 'Rey' is one of a growing number of hackers who turn out to be normal teenagers.

How Krebs snared ‘Rey’

According to Krebs, a series of mistakes enabled him to track him down. While operating under the Telegram username @wristmug, Rey accidentally revealed his password in a screenshot - a password that Krebs was able to link to the email address cybero5tdev@proton.me.

Data from Spycloud then indicated that Rey’s computer was a shared Microsoft Windows device located in Amman, Jordan, and also used by other family members.

It's not clear what will happen now. But, Alon Gal, co-founder and CTO at Hudson Rock questioned why “no apparent action” had been taken by law enforcement.

“Rey is one of the most prolific threat actors of the past few years,” he wrote in a post on LinkedIn. “I genuinely don’t understand how they let him continue if the dox proves to be accurate."

In any case, Rey told Krebs: "I don’t really care, I just want to move on from all this stuff even if its going to be prison time or whatever they gonna say.”

The rise of teen hackers

It's not unusual for hackers - especially in the various groups associated with Scattered Spider - to turn out to be extremely young. In September, for example, 19-year-old Thalha Jubair and Owen Flowers, 18, were charged in the UK for their involvement in an attack on TfL last year.

Speaking to ITPro at the time, security experts said the uptick in youth-related cyber crime is a serious cause for concern and requires swift action from industry, academia, and law enforcement.

Anna Chung, principal researcher for EMEA at Palo Alto Networks, said the trend should be a “wake up call” for authorities and called for efforts to encourage tech-savvy teens toward legitimate careers in cybersecurity.

According to the UK's Information Commissioner’s Office (ICO), the biggest cybersecurity risk faced by schools comes from the pupils themselves, with around 5% of all 14-year-old boys and girls admitting to ‘hacking’ in some capacity.

William Wright, CEO of Closed Door Security, said the group boasts close ties to Russian threat actors, which has enabled it to wreak widespread havoc.

"There will be a lot of concern among the general public around how a 15-year-old could cause so much damage to some of the biggest organisations in the UK. But in reality, it's not so simple. Rey was collaborating with Russian threat actors, using their infrastructure to execute highly sophisticated attacks," he said.

"Rey claims to be working with law enforcement now, which is causing trouble across the Scattered Lapsus$ Hunter Telegram channel. This could lead to other members of the gang being identified, but Rey may get off lightly if he supports law enforcement enough."

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

MORE FROM ITPRO

TOPICS

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.