The article is dedicated to the memory of Kevin Mitnick, one of the most famous hackers in history, who hacked the systems of the FBI, NSA and Silicon Valley corporations.
160 
Unlike many 10-year-old hackers, he did not spend the stolen millions on expensive purchases or designer clothes, which is why Ariane’s story is surprising. On the contrary, he decided to spend this money on buying exploits to carry out increasingly large-scale hacking attacks. He wanted access to information that companies tried their best to keep from the public, but he didn’t care at all about the consequences. So, at the age of 17, for the purpose of personal safety, he stayed in a cheap hotel room while awaiting trial and was arrested.
On the 18th, in the issue of “Bottle Uber hacker”, Arion posted a message on the Grand Theft Auto fan site “Hello, 90 moves from GTA6. You may be able to leak more data, including the source code, soon. Using a hacked employee account, Arion asked someone to contact him or leak the source code to Rockstar’s Slack channel.But Arion never became a particularly wanted hacker for the FBI.
Like most cybercriminals born in 2005, he first tried his hand at hacking Minecraft PvP servers. In 2017, it became known that he was actively playing Minecraft, mainly using 3 accounts. His character was brought to attention by a video called “Dog Iz”, in which he was accused of using cheat software in Minecraft to gain an advantage in PvP. Immediately after that, he posted on the server’s forum, trying to get his account unblocked, so apparently the complaint was sincere.
At first glance, these events may seem childish, but they are the key to understanding how he successively progressed to more serious crimes. Minecraft hacking forums have a section dedicated to hacking and cyberbullying on a larger scale. Like many children, he gradually began to show interest in these topics.
By mid-2018, he had shifted his focus to more complex forms of Minecraft hacking. Reports from the server administrator show how he used the exploit to log into the game as an administrator and thus hack the server. This required more effort than just downloading the cheat client. He discovered a bug in the server’s code that gave him access to privileges he shouldn’t have. And it was a conscious move, as he then approached Hypixel with a proposal to introduce a bug bounty program to reward the discovery of such vulnerabilities. His proposal was rejected.
Everything was simple. Many WNT hackers went to bucket.org and read error messages in popular server plugins and then used them before the developers could fix them. It seems that something switched in his mind and this method of hacking became the basis of how Arion would later attack many of the largest companies in the world.
Fast forward to December 2019, and he’s almost 15 years old, and he’s gone from Minecraft to experimenting with hacking websites. They hacked the nasa.gov page and put all their names on it, because that kind of thing was really the best advertisement to show off to the hacking community. If you google some of the names, you can see that these guys have a reputation. One of them was previously arrested in connection with hacking the YouTube channel VEVO and changing the thumbnails and descriptions of popular music videos such as “Despacito”. In addition, some members of the group are involved in several high-profile data leaks.
It was clear that this was how Aaron made new friends, but he may not have been successful in real life. Apparently, he had a difficult childhood. According to his pediatrician, Nicholas Henry, he left formal education at the age of 10 and was transferred to a school for children with special needs. In addition, he was temporarily removed from his home and placed in social care after physically abusing his mother. But after he was attacked by a staff member, Arion’s mother turned him back. On top of all these problems, his parents seemed to have split up and, according to Henry, Arion was diagnosed with autism, ADHD and other complex medical diagnoses. He “does it at the level of 1% of his peers.” But despite the diagnosis, it did not stop him from becoming a hacker.
Arion wanted recognition from a new group of friends who clearly enjoyed this kind of online vandalism. The problem is that it’s a vicious circle: break something, brag, and do it again on a bigger scale, until 1 or more members are caught. For Arion, this cycle will begin in 2021. 16-year-old Arion, who goes by the name Peter, has teamed up with another hacker named Everlin to create a new group called Infinity Recursion.
A message posted on the crack.to forum. This resource is widely known as a discussion center and platform for illegal activities on the network, naturally they advertise their services there. Using a hacked law enforcement email, they sent fake legal requests to companies demanding data on specific individuals. And not only your real name, address and phone number, but possibly every message you send.
If a photo you shared with a friend falls into the hands of the wrong person, can it be used against you? It’s amazing that they decided to start selling privacy-infringing services and offer them for a very modest fee. The amount of $250 seems quite ridiculous compared to what they themselves have received from this kind of activity. The main activity of the group was the replacement of SIM cards. This technique allows an attacker to gain access to the phone number, reset the password and open access to the account for hacking. Large holders of cryptocurrencies, who kept their assets on online exchanges, often became victims of such attacks. But the hardest part of the process has always been finding the victim’s email address and phone number. Using a fake subpoena is the perfect way to get this valuable information, and Arion is already known to have been involved in a massive financial scam with this group.
The danger is that victims always seek justice. Therefore, changing the track requires a special trick.
By the end of 2021, Arion and the rest of the company decided to create a new organization called Lapsis. It is very likely that our hero was disappointed that infinite recursion did not gain much popularity in the media. Apparently, he dreamed of recognition, sought to create a legendary story, to become one of the most famous hackers. Now their targets have become much more serious companies.
Arion and his company were forced to turn to Google to learn the names of potential victims and extract personal information. Today’s search engines have become a kind of modern analogue of the phone book, and the course for novice hackers has always been about how to identify people’s personal data with the help of these tools. Often it is revealed without their knowledge. Your phone number may change, or your family or business partner may become the target of a phishing attack. This list can be continued indefinitely. But it is no less important to understand that these search brokers are doomed by selling your personal data to experts at the call of robots.
Companies are required by law to delete your information if you ask them to, but it’s very difficult. Arion likes to hack companies and leak their databases online. Passwords are often among such leaks. There are a lot of illegal sites where you can pay money to find your email.
A few weeks before Christmas, Lapsis enters the market with great success. The website of the Brazilian Ministry of Health with all important medical data and services was replaced with a page demanding the return of more than 50 terabytes of stolen data. This event caused a wide resonance, especially given the importance of choice as a goal of the most important health services. New hacks happen every day and the Lapsis group didn’t look like anything special. Typically, these attacks require you to encrypt your data with ransomware and simply delete it. It looks a bit amateurish. Furthermore, it is unclear whether they benefited from these actions. As a result, after several weeks of downtime, the Ministry was able to independently restore access to the website and restore data from an intact backup.
Their new group wasted no time. Before the New Year, they attacked the largest Brazilian media concerns. And three days later, they attacked a car rental company in Brazil. Only this time, they didn’t try to extort money from them, but simply placed a redirect on the site to an adult video site. And for the first time among all the news, their Telegram channel starts flashing. They used it to publicly share information about hacking, and the number of followers grew rapidly every time one of these stories appeared1.
Arion felt that the attention paid to him brought him pleasure. Authorities launched a major investigation after Lapsis members began posting screenshots on Telegram that clearly demonstrated the hacking of their first U.S. target, OKTA, which specializes in providing business solutions in the field of cyber security, and the screenshots featured proprietary applications, applications and Add-ons for applications. Slack’s Jira error logging system is shown. This event became a kind of shame for OKTA. In this case, Lapsis did not steal data, but said that their target was OKTA’s valuable customer base. Consciously or not, this served as a signal that security companies could be hacked with such attacks. The headlines became even more serious after OKTA came under fire for failing to notify customers of the breach in a timely manner.
No one could figure out who was behind Lapsis, but one fine day everything changed. Only a month after the first hack, Arion’s name and address became known to Doc Spin. You wake up one morning and see all your personal information posted on various forums and websites for all to see, strangers ordering all kinds of deliveries to your home address and sending threatening voicemails. You have just been blocked. Doc Spin is a popular and well-known website for sharing such personal information.
How was this seemingly intelligent hacker right? In fact, Arion purchased the site from the owner of KT just a few weeks before launching this Lapsis hack series. Unfortunately for Arion, he didn’t know or care about managing the site at this point, leaving him in a sorry state. Things got so bad on May 1 that he agreed to sell doc Spin to KT for just 20% of the price he originally paid. Now, having effectively lost $775,000, he was unhappy with himself.
Angered by the lost money and possibly his own ego, Arion took advantage of Discord’s vanity to block the domain and regain control of the site. But his sneaky attempt failed as a CT scan restored access in just a few hours. Even more enraged at being outwitted so easily, Arion hacked Doc Spin’s Twitter account and offered CAD$100,000 to anyone who would provide full documentation and information on who CT was. After 5 hours, CT regained access to the Twitter account and began taunting Arion in his second pathetic attempt to overtake him. At this point, Arion decided to make the entire doc Spin database publicly available via Telegram and then brought the CT site back. Needless to say, the entire Doc Spin community was furious that he leaked their data online. And this is not a group of people to be angry with.
Over the course of two days, a strategic retaliation plan was developed. The CT team sent their best followers to shoot some videos and photos of his house for intimidation. Then they knocked on the door and asked if he could come out to them. His mother said he wasn’t home, so they went to Arion’s father’s house, a 20-minute walk away. But she alerted her ex-husband on the phone, and by the time the thugs arrived, a police car was already parked outside the house. Seeing this, they quickly fled in an Uber.
The next day, the most detailed docs appeared on the website, revealing not only Arion’s identity, but also, what’s worse, his involvement with Lapsis. The name associated with this group of hackers appeared for the first time. In addition to this – a large number of accusations with exposure. They alleged that Arion stole more than 300 bitcoins worth $14 million during various cybercriminal operations.
This message appeared on September 8, and it became known that he was arrested on December 22. Just 17 months before her 1st birthday, Olena was detained with an unknown 16-year-old accomplice. 5 months ago, the British telecommunications giant BT was attacked by hackers and extortionists who demanded 1400 million pounds. The money was never paid, but the company was accused of using unauthorized access to replace the sim cards of 5 customers, resulting in a total of $1,100,000 stolen from the bitcoin account. Orion pleaded guilty to several counts. He admitted his involvement in the exchange of SIM cards, but denied allegations of extortion. However, both Farion and his accomplices were released pending further investigation. In most cases, the authorities did not have sufficient evidence that a crime had been committed.
Arion usually conducted all his intrigues on a virtual private server. Therefore, even if they confiscated his computer, there would be nothing in it. But even if his name was now publicly associated with Lapsis, this encounter with the law made him feel invulnerable like never before. He could do whatever he wanted — turn a mistake into a media sensation and go unpunished. Or so he thought. Less than a month later, the fracture started again. This time, increasingly large companies became the victims. Telegram bragged that it stole terabytes of data from Nvidia. But instead of the usual monetary demands, they wanted Nvidia to make its drivers publicly available. At the time, limiting the hash rate was a controversial topic. Nvidia planned to implement this feature to limit the effectiveness of cryptocurrency mining. Video cards were in short supply, Miners have long been buying them en masse to use in their activities for profit.
This feature was supposed to solve this problem by increasing access for people who need a graphics card for video games. Of course, the miners were furious because no one liked the idea of limiting non-free software to hardware resources. Because open source not only provides more transparency, but also modifies the software to completely bypass this limited hashing feature, which has made people wonder about Lapsis’ true motives. What are these hackers who act so selflessly? They could ask Nvidia for millions of dollars. Instead, it felt like a blatant attempt to poke fun at companies and become a kind of modern-day Robin Hood helping people.
But after 3 days there was bad news. Look at this message posted on their telegram. According to them, Nvidia launched its own counterattack against the computer it was using to steal the data, rendering it virtually unusable. The hackers claimed they had backups, but many didn’t believe them. In response to the criticism, the group released the credentials of more than 71,000 Nvidia employees, proving that they had indeed hacked the server. But the actual 1TB leak never happened, and maybe they didn’t have a backup as claimed. But this was the beginning of their greatest madness.
They torrented 190GB of Samsung’s internal data, including the Galaxy phone’s source code. This is what many tech enthusiasts have been trying to achieve from the company for years. While Lapsis was hailed by many as anonymous’s cool new game, it was only the tip of the iceberg. Over the next few days, Arion and his friends were hacked by Ubisoft and T-Mobile. Anyone could answer that question as soon as they liked the attention, but the cybersecurity world wondered how they managed to hack the world’s biggest tech companies so easily, because Orion said on September 20 that it could have gone unnoticed by hacking Microsoft. Because I thought so. But Microsoft had other plans.
First, Lapsi posted a screenshot of the Azure DevOps server and uploaded a 37GB zip file containing the source code from Microsoft’s server. This incident immediately forced Microsoft to use all resources to find hackers. Just a day later, they were added to the FBI’s most wanted list. It must have scared Arion, after all he had done to make life difficult and destroy Doxpin, that he was now asking for help. He wanted a CT scan to delete the file and reveal the false information that it was not related to Lapsis. The idea failed miserably. Just 2 days after the publication of the FBI message, CT published an updated version of the document and told about all this. The situation was very tense.
That same day, Microsoft released a detailed security report detailing exactly how the group works. The results of Microsoft’s report surprised everyone. It turned out that the main focus of hacking corporate networks was the use of social engineering, referring to Microsoft’s 10 permanent laws of security, rather than the use of complex code or any kind of bug. Lapsis used the first number. This is the 6th point that if an attacker can convince you to run his program on your computer, then not only is your computer, but the computer is as secure as its administrator can trust .
Ariona knew that the easiest form of hacking for any corporation is its employees. One would assume that they use cutting-edge social engineering tactics and tools to pull off such spectacular hacks. But the reality turned out to be quite harsh. In fact, their hacks become much less impressive when you look at their Telegram, where they literally posted bribes for corrupt employees willing to sell their access for $20,000 a week, in most cases credentials and VPN access.
Despite all this, Arion and the company clearly did not take their own security too seriously. On 04/24/2014, it became known that the British police detained 7 people after the hacking of Microsoft. The youngest of them is 15 years old, and the oldest is 21. He is suspected of being involved with Lapsis. Since Lapsi’s Telegram channel was still active, you might have thought it was over, but it wasn’t. They managed to catch not all of them. Less than a month later, they released an image showing they had hacked into Globant, a 23,000-employee IT company that works with every major tech company. Attacking company employees was a common tactic of Lapsis, and the images they posted included folders such as Apple Health App, Facebook and DHL.
But before the stolen data could be used, on 4/1, Arion and another teenager were finally arrested. He had just turned 17 and was charged under multiple laws, a serious offense requiring a lengthy trial. Sentencing is not a quick process. Fortunately, he did not have to wait in the cell. He was released on bail the next day. The court imposed a month-long restriction on Internet access. He was due back in court on the 29th and was sentenced to prison. The fact is that most of the details of Arion’s case were never revealed, since he was a minor at the time of his arrest. The defense says he is mentally unfit to stand trial, a thorough medical examination is needed, and sentencing has been known to be delayed for months. And at some point, due to constant harassment, media attention and the desire to protect him from the Internet, the police decided to leave him in the hotel.
But one evening, early on May 9, Arion walked into a nearby Argos store and made an unusual purchase: an Amazon Fire flash drive, which is commonly used to watch TV shows and movies. After leaving the store and returning to his hotel room, he plugged the fire stick into the TV and paired it with a Bluetooth keyboard and mouse. Arion built himself a makeshift computer, presumably by downloading a web browser from the App Store and using it to remotely access a private virtual server used by his group.
On September 15, it became known that a lone cybercriminal hacked Uber. The breach exposed sensitive customer information and internal tools, and millions of Uber customers were reportedly exposed to various security threats. But none of this was published online.
Lapsis’s Telegram channel has been inactive since the Globant leak, which was published days before his arrest. Apparently, he lost access when his equipment was confiscated, and now he no longer wants to hack Uber, the platform that brought attention to his personality is an attempt to gain media attention. And it worked. The case severely damaged Uber’s reputation and undermined public confidence in the company’s ability to protect personal information.
But Arion still wanted more. And within 24 hours, he committed his most famous crime, which sent the internet crazy. After receiving a list of Rockstar Games employees, including phone numbers and email addresses, he pretended to be an employee who couldn’t remember his password. It worked, but the account didn’t have the required internal access. And he tried again. This time he managed to gain control over the account of one of the employees. Now, on the company’s Slack channel, he was able to get the logins of company employees who have access to channels related to game development. Among them were various confidential files, video recordings and even the long-awaited source code of Grand Theft Auto 6.
The game was developed for almost 10 years, and its cost was estimated at a billion dollars. 2 days after gaining access, under the pseudonym “teapot Uber hacker”, he posts on the Grand Theft Auto fan site. “Hey, here’s 90 cutscenes from Grand Theft Auto 6. Maybe I’ll post more data soon, including the source code.” Millions of fans were waiting for this moment. But at first no one believed him. They thought the download link was a virus. Eventually, after convincing people, they realized that it was a reality.
Aron has done the impossible by making sure that GTA actually comes out. The Internet is buzzing. The video of the game quickly went viral on YouTube, Twitter and Reddit, and the News appeared one after another. Many praised the hacker, others made guesses about who he is and what his motives are. Now, Rockstar has been desperately trying to enforce copyright to remove all kinds of leaked information. The advertising campaigns were destroyed from the inside, and they had another problem. Orion used the compromised employee’s account to request his Slack channel to contact him. Otherwise, he would have leaked the source code. Instead, they contacted the FBI.
For four days at 9:00 p.m., a group of London police officers waited outside room M15 for the right moment to break in. Arion’s luck ran out. After seizing his home-made computer, the police found an iPhone 13 Max under his bed. Arion refused to share the PIN, but later they were able to find out that the same model phone was used to log into the hacked Rockstar accounts. Because he had breached his bail conditions, he was immediately committed to Feltham Juvenile Offenders Center to await trial.
The doctors officially stated that he was very upset, he was lashing out at the guards. In August 2023, 11 months after the hotel raid, he will finally get the chance to leave the centre, but only to appear in a London court in a 7-week trial, charged alongside the same unnamed hacker involved in the BT case. They were charged with 12 counts of blackmail, fraud and burglary.
Defense lawyers argued that the evidence was not strong enough and that there was no way to prove that Arion was responsible for the break-ins. The jury decided otherwise, finding Arion guilty on all counts, while his colleague was found guilty on only three. But Arion’s complex autism spectrum disorder led to the court declaring him unfit to stand trial, despite his central role in the crimes. Thus, he cannot be found guilty of criminal intent, and only community service or psychiatric treatment remain as punishment options.
Judge Patricia Le had to make the final decision, and she had a lot to think about. Lapsis caused multimillion-dollar losses, but none of the companies admitted to paying the ransom, and police were unable to access cryptocurrency accounts linked to the teenagers. Apparently, the group wanted fame, money and just chaos. Prosecutors said the police investigation and experts were able to link Arion and his comrades to various incidents through IP addresses, emails, Telegram chat groups.
A Rockstar representative estimated the company spent more than $3.5 million on legal advice and vendor fees due to the hack. The GTA 6 trailer was officially released on December 4th, and since then, Arion has been hospitalized for 12 weeks, where he was diagnosed with a mental disorder due to his behavior in a juvenile delinquent institution. Psychiatrist Dr. Claudia Camden Smith testified at the Dec. 8 hearing that Arion had made it clear that he planned to return to a life of cybercrime after his release. During the examination, it became clear that little could be done to rehabilitate Arion. Most likely, the future awaits him in a psychiatric clinic, and not in prison.
A decision on his sentence remains uncertain, has been repeatedly delayed, and there are no precise interim measures indicating a date for a final decision. Lapsis is currently inactive following the Globant leak. The circumstances surrounding the other arrested members of the group remain unclear. It is likely that many of them continue their activities under new aliases, but already take more sophisticated operational security measures and show increased caution.
160 
1141 
405