A pair of British teens have been found guilty of working within the notorious Lapsus$ hacking crew.
A UK court found 18 year-old Arion Kurtaj and an unnamed 17 year-old (UK law protects the identity of minors) broke the law by participating in the network breaches of multiple companies including Uber, Rockstar Games, and Revolut.
The pair are apparently small players in a Lapsus$ operation that runs across borders and includes several members based in Brazil.
Lapsus made headlines in 2021 and 2022 for a series of high-profile network breaches, most notably the leak of internal communications and code from Microsoft and Rock Star's development title Grand Theft Auto VI.
Lapsus$ was known for being a proliferate hacking group that also seemed to be loosely organized and experienced infighting at a level that most professional hacking groups had long since grown out of.
As a result, multiple members of the group in Western Europe were quickly apprehended and charged. The two defendants in question were reportedly released initially but later recharged.
Sentencing for both Kurtaj and the unnamed minor have yet to be decided.
Not all hope is lost for the two young people, however. The infosec world has a number of leaders who came from less than noble backgrounds. Least we doubt the ability of teenage hackers to play a role in the cybersecurity industry, we should look back on history.
Reformed script kiddie Marcus Hutchins averted a global IT catastrophe by solving the WannaCry malware, while George "GeoHot" Hotz made a name for himself by breaking iPhone and Playstation copy protection and later pursued a career in AI and briefly lead development at Twitter.
Even more famously, there is Peter 'Mudge' Zatko, whose teen hacking hijinks with the L0pht group would eventually lead to a congressional testimony and a top role at DARPA. The late Kevin Mitnick managed to turn a notoriously harsh federal hacking rap into a career consulting in enterprise IT security before his untimely demise.
