We reached out to him and his parents with a raft of emails, and they didn’t respond to repeated requests for comment on this story.īut even without speaking to them directly, it is relatively easy to find out a lot about a hacker who goes by the screen name White.Īllison Nixon is the chief researcher at a cyber security company called Unit 221B and she’s been tracking White and some of his earlier exploits for quite a while now. Because he’s a minor, we’re not using his name. It isn’t hard to find the person who is the alleged leader of Lapsus$. Saying they had successfully hacked Okta provided exactly that. “And, a lot of folks had remarked that it reminded them of these kinds of groups that just almost love hacking for the notoriety more than anything else.” “They seemed to be crafty and resourceful and had a lot of time on their hands,” Winterford said. They began by stealing source code from NVIDIA, the computer chip maker, and then followed that up by targeting consumer electronics giant, Samsung. Then in February, the group shifted focus and set its sights on high-tech firms. That attack, according to the cyber security firm Flashpoint, was followed by 15 more mostly in Latin America and Portugal. Lapsus$ used its Telegram channel to boast about hacking the Ministry of Health in Brazil. "Contact us if you want the data back," the message said, helpfully including email and Telegram contact information. They stole and then deleted 50 terabytes of COVID-19 data stored on its servers and then posted a message to the Brazilian authorities saying that their internal data had been copied and deleted. They began by targeting Brazil’s Ministry of Health. In just a few short months – from December 2021 up until March of this year – Lapsus$ had launched a spectacular number of hacks. “Our threat intelligence team at Okta had been monitoring them,” Winterford said, adding, “we viewed them as the kind of adversary that you could come across just because of how prolific they were.” On Telegram, a hacking group called Lapsus$ posted a series of screenshots that it claims were taken from its access to “ Superuser/Admin and various other systems.” The post also stated, “BEFORE PEOPLE START ASKING: WE DID NOT ACCESS/STEAL ANY DATABASES FROM OKTA - our focus was ONLY on okta customers.” ![]() Less troubling because it appeared to be part of an attack that the Okta team had caught and contained two months earlier, in January 2022 and more troubling because the hackers behind it were known to be an unpredictable, hard-to-control, impulsive lot who seemed strangely unafraid of getting caught: they called themselves Lapsus$. One, figure out exactly what happened from a technical perspective, technical impact,” Winterford said, “and two, get in front of our customers and explain to them what had happened.”Īs Winterford and his investigators began to unwind the hack, the breach became both less and more troubling. “From the first moment that these screenshots were published, we had two things in mind. That’s why when screenshots suddenly appeared in a Telegram channel that suggested Okta had been compromised, the tech world gasped. In Okta’s case, the company sends a code or an email that requires a response before authorizing entry into a network. Typically, Okta users start by logging into their company website and then are required to pass through a series of authentication tests to prove they are who they say they are. Much of the important information we never want hacked is meant to be kept safely behind this kind of security wall and some of the world’s largest companies count on Okta to prevent unauthorized people from breaking into their networks. It offers single sign-on (or SSO) and multi-factor authentication to companies around the world. Okta is headquartered in San Francisco and has some 15,000 customers. When asked if he had managed to control his reaction as he digested this during a client meeting, Winterford laughed and said, “I don’t think I have that good a poker face.” The last screenshot ended with a smirking emoji. The Telegram messages suggested that the hackers had cracked into an Okta technical support engineer’s account and now had the ability to change passwords, authenticate accounts and put all of Okta’s customers at risk. The screenshots were annotated with helpful captions that read, among other things, “Photos from our access to .” “The screenshots” were pictures that a band of hackers had loaded onto a Telegram channel – an encrypted one-way messaging app that, in their case, has some 60,000 subscribers. “And the second message had the screenshots.” ![]() “The first message said, ‘It looks like you’re going to have a bad day,’” he recently recalled. ![]() One afternoon last month, the regional head of security for the identity management platform Okta, an Australian named Brett Winterford, was in the middle of a client meeting when his phone sprang to life.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |