A Thursday night time arrest of a 17-year-old within the UK could have led to the seize of one of many largest video game-related leakers in latest historical past.
London police forces confirmed their apprehension of an Oxford suspect on a social media channel usually used for police arrest updates, and it clarified the suspect’s age, a obscure cost of “suspicion of hacking,” and that the investigation was coordinated with the UK’s Nationwide Crime Company (NCA) and particularly its Nationwide Cyber Crime Unit.
That cost was adopted hours later by a report from American freelance journalist Matthew Keys alleging that the arrest revolved squarely round the latest theft and distribution of unreleased belongings from British online game studio Rockstar North. This report cites “sources” to assert that the FBI was concerned on this investigation and that the info seized additionally included parts of a large Uber-related breach. Keys’ report, as of press time, has not been corroborated by bigger newsrooms in both the US or UK.
The gaming leak in query was among the many highest profile in latest historical past, because it basically contained the world premiere of extremely anticipated online game Grand Theft Auto VI. Up till this week’s leak, collection followers had been left with rumors and rumour about its potential setting (a Miami-like metropolis that resembles the collection’ Vice Metropolis) and its protagonists (a “Bonnie and Clyde” pair of protagonists, together with the primary playable lady in a mainline GTA sport). Each of these rumors had been confirmed by the leak, which Rockstar ultimately confirmed was official and sourced from a 3-year-old model of the sport.
Earlier than Thursday’s arrest, the GTA VI gameplay leaker initially claimed involvement in a latest huge breach of Uber’s knowledge, as nicely—and Uber publicly blamed the hacking collective Lapsus$ for that intrusion. Beforehand, at the very least one teenage boy from Oxford had been linked to the hacking efforts of Lapsus$ by a BBC report. UK authorities didn’t verify that report’s veracity on the time, because of privateness guidelines about underage suspects. Thus, whereas the GTA VI leak may very well be related to efforts by Lapsus$, that connection stays unconfirmed as of press time.
Ars Technica’s Dan Goodin beforehand reported on Lapsus$’s hacking efforts as they had been chronicled by members on their official Telegram chat channels. Lots of the group’s strategies, at the very least as publicly revealed, took benefit of vulnerabilities in normal “two-factor” multifactor authentication techniques—which often revolve round much less safe backup login choices that an attacker can exploit. The GTA VI leaker beforehand urged that they gained unauthorized entry to Rockstar’s supply code through accessing the corporate’s Slack chat interface, however as of press time, it is unclear whether or not this too was a matter of “MFA bombing” to trick an worker into unwittingly accepting one thing like a cellphone name immediate.
Ought to this week’s Oxford arrest be related to the GTA VI leak, that timeline could be much more accelerated than we noticed in one other memorable European supply code leak. German hacker Axel Gembe ultimately recounted the story of his apprehension after he breached Valve’s laptop techniques to obtain the supply code to Half-Life 2. That raid and subsequent arrest occurred roughly eight months after the leak was initially reported.