tonkspace (a blog)

2

Well something funny happened. I spent yesterday afternoon putting together a story about this hacking group called LAPSUS$.

<a href=https://ia.acs.org.au/article/2022/microsoft–okta–samsung-hit-by-brazen-hacking-group.html>https://ia.acs.org.au/article/2022/microsoft–okta–samsung-hit-by-brazen-hacking-group.html</a>

They’re a pretty capable little operation by the look of things and the targets – IT infrastructure, tech companies, telcos, and so on – made it appear that LAPSUS$ was going to be a big threat, possibly even Russian! Shock-horror.

Prior to hitting these big game targets, LAPSUS$ was going after organisations in the UK and South America, Microsoft said in its write-up of the group after being hit.

So I wrote up a story along those lines and drew connections with ransomware gangs that have long operated out of Russia and Eastern Europe.

I was proud of the story. It came from a place of confidence with the subject matter. I spoke of the changing nature of ransomware groups, how they went from purely about locking things up to exfiltrating data and extorting companies – like what LAPSUS$ was doing.

Then this morning I see Bloomberg went to the home of a 16-year-old kid cyber security experts have tracked down as LAPSUS$’s mastermind.

<a href=https://www.bloomberg.com/news/articles/2022-03-23/teen-suspected-by-cyber-researchers-of-being-lapsus-mastermind>https://www.bloomberg.com/news/articles/2022-03-23/teen-suspected-by-cyber-researchers-of-being-lapsus-mastermind</a>

Nope, it’s not ransomware gangs now working for the Russian government in war-time – LAPSUS$ is a bunch of kids breaking into companies to steal crypto, become famous, and enjoy the thrill of the chase.

The teenage hacker cliché is alive and well.

So how come I was so quick to blame Russia and connect all these different dots?

Well, I wanted to tell an interesting story first and foremost.

Now the 16-year-old hacking mastermind is actually a very good story, arguably much more interesting than boring old Russian hackers but at the time I was writing mine, I didn’t know that there was evidence to suggest LAPSUS$ wasn’t Russians.

So I told the story I knew: of ransomware gangs, of Joe Biden’s recent warning that Russian hackers were coming, that LAPSUS$ was a super serious threat!

I also chose to ignore the fact that Microsoft said attacks happened in South America and the UK first which I read yesterday in Microsoft’s write-up. Why? Because it didn’t fit the story.

Well it turns out two of the people identified as being behind LAPSUS$ live in the England and Brazil so it turned out to be a pretty good clue.

It’s a shame because I was trying to do a little ‘thought leadership’ and include some analysis about the situation which turned out, at least as of writing, to be pretty far from the truth.

Okay, I didn’t go as far as to directly say RUSSIANS BEHIND LAPSUS$ or anything like that. Was heavily implied though, and I had a bias toward that particular outcome because, hey, that’s the story I was telling – a chilling tale of cyber espionage at the beginning of World War Three!

The storytelling part of journalism is what I like best. Need to improve some of my information gathering skills though and perhaps get back on infosec Twitter to not get caught out so badly in the future.