The Lapsus$ Gang: Teens or a Cyber Army?

March 28, 2022

I read “Who is LAPSUS$, the Big, Bad Cybercrime Gang Hacking Tech’s Biggest Companies?” The write up answers the question this way:

British authorities announced the arrest of seven people said to be connected to the gang. Authorities revealed that the unidentified suspects ranged in age from 16 to 21. The ringleader of the gang is reputed to be a 16-year-old British kid from Oxford.

True? The wheels of justice in the UK must turn.

I have another angle. I processed this news story and thought about the assorted explanations offered from some high profile bad actor behaviors; for example, SolarWinds, Microsoft Exchange, Colonial Pipeline, et al.

Here with is my imaginary recreation of the Lapsus$ actions, just explained by luminaries from companies I enjoy following:

A Microsoft-type outfit opined, “Lapsus$ is a gang of more than 1,000 programmers who have labored intensively to compromise our highly secure ecosystem. This is the work of a nation state.

A US government cyber official affiliated with the White House said, “The predatory and dangerous behavior of an unprincipled gang under the direct orders of what might be called the Axis of Evil is undermining the national security of the United States. A failure to follow the 15,000 page checklist for cyber protections will be mandated by a new Executive Order called The Definitive Checklist for Commercial, Governmental, Not-for-Profit, and Any Other Entity Including under Age Operated Fiscal Processes Such As Girl Scout Cookie Sales.

A founder of a smart cyber security firm said, “These recent breaches would have been prevented had each of the compromised firms licensed our Bayesian anchored cyber security platform. Our smart cyber platform proactively blocks the breach mechanisms developed by world class actors regardless of their geographical location.”

So what’s the present and somewhat amusing reality: Maybe no nation state? Maybe no Axis of Evil? Maybe no massive, organized gang of disaffected technical wizards? Maybe no compromised insiders?

What have we got. A teen whose father appears to be unaware of his progeny’s extracurricular activities?

Content creators: Is it time for a podcast, a Netflix documentary, a 60 minutes segment?

Stephen E Arnold, March 28, 2022


Comments are closed.

  • Archives

  • Recent Posts

  • Meta