A teenage boy from the Lapsus$ hacking group arrested on charges of breaching Uber and other companies was assessed as not fit for trial.
The Uber hacker’s court proceedings will not deliver a guilty or not guilty verdict on Arion Kurtaj, one among the two key players arrested for several high-profile cyber attacks.
After the psychiatrists’ assessment of the teen’s mental health, it was decided that the jury will only conclude whether the teen committed the crime or not.
Uber hacker’s court proceedings
The teenager, Arion Kurtaj, 18, was arrested for the Uber cyber attack, Revolut security breach, Rockstar Games security incident, and Nvidia Corp hacking. Kurtaj was accused along with another 17-year-old hacker from the Lapsus$ hacker group, who could not be named.
The Uber hacker’s court proceedings are going on in a London court as Kurtaj was from the UK. He along with the fellow accused was charged on counts of blackmail, fraud, and Computer Misuse Act.
Last week, prosecutors told jurors at London’s Southwark Crown Court that the 17-year-old accessed City of London Police’s cloud storage weeks after the police detained him in connection with the BT and EE attacks.
Kurtaj thereafter went on a single cybercrime binge, first hitting Revolut and then Uber two days later before hacking Rockstar Games.
The 17-year-old is on trial on two counts of blackmail, two counts of fraud, and three Computer Misuse Act allegations pertaining to the hacking of BT and Nvidia, all of which he denies.
He previously pled guilty to two Computer Misuse Act charges and one count of fraud.
Arion Kurtaj’s court proceedings and arrest
Arion Kurtaj has been reported to recruit office insiders to gain access to systems to extort money. Also named WhiteDoxbin on the cybercrime forums, Arion bought the Doxbin website in 2019 to gain access to all the dumped personal information of users.
He bought the site from the owner named ‘kt,’ however, when he found he could not sustain the popularity of the site, he sold it back to kt. This time, the young hacker stole the doxed data from the site and leaked it on the Lapsus$ Telegram channel.
This infuriated the community of the website who then took to hacking Kurtaj himself. They hacked his personal information, including his school information, the IP address of every device he owned, and his mother’s address.
Arion was arrested in Spain because he fled to the country when doxxers from the website reached his mother’s home asking for him. He was arrested with seven other Lapsus$ hackers.
Uber hacker trial and Lapsus$ activities
First found in 2021, the Lapsus$ hackers started off targeting the Brazilian government. They stole millions of COVID-19 patient records. They targeted Nvidia in 2022 and stole a terabyte of company data along with all the GPU designs.
They later launched several cyber attacks usually targeting office employees to either cause MFA fatigue and gain login access or bribe insiders. The group has been reported to flaunt recruitment advertisements for company employees.
They were found adding a description of the responsibilities showing that it was a low-risk profile. “AT&T, T-Mobile, and Verizon insiders were offered over $20,000 a week,” according to a Technology HQ report.
They would ask one of their native English speakers to call the customer service posing as their service provider or client. With the information gained from the insider, they would answer all the security questions on the call and get the information they would need to leverage it for further access.
Lapsus$ hackers launched the Uber cyber attack in a similar fashion by sending repeated login requests and causing MFA fatigue. The hacker posing as the IT staff for Uber on Slack sent several multi-factor authentication notifications to the user in an hour.
