A Thursday night time arrest of a 17-year-old within the UK might have led to the seize of one of many largest video game-related leakers in latest historical past.
London police forces confirmed their apprehension of an Oxford suspect on a social media channel repeatedly used for police arrest updates, and it clarified the suspect’s age, a imprecise cost of “suspicion of hacking,” and that the investigation was coordinated with the UK’s Nationwide Crime Company (NCA) and particularly its Nationwide Cyber Crime Unit.
That cost was adopted hours later by a report from American freelance journalist Matthew Keys alleging that the arrest revolved squarely round the latest theft and distribution of unreleased property from British online game studio Rockstar North. This report cites “sources” to assert that the FBI was concerned on this investigation and that the info seized additionally included parts of an enormous Uber-related breach. Keys’ report, as of press time, has not been corroborated by bigger newsrooms in both the US or UK.
The gaming leak in query was among the many highest profile in latest historical past, because it basically contained the world premiere of extremely anticipated online game Grand Theft Auto VI. Up till this week’s leak, collection followers have been left with rumors and rumour about its potential setting (a Miami-like metropolis that resembles the collection’ Vice Metropolis) and its protagonists (a “Bonnie and Clyde” pair of protagonists, together with the primary playable girl in a mainline GTA sport). Each of these rumors have been confirmed by the leak, which Rockstar ultimately confirmed was professional and sourced from a 3-year-old model of the sport.
Earlier than Thursday’s arrest, the GTA VI gameplay leaker initially claimed involvement in a latest huge breach of Uber’s knowledge, as properly—and Uber publicly blamed the hacking collective Lapsus$ for that intrusion. Beforehand, at the least one teenage boy from Oxford had been linked to the hacking efforts of Lapsus$ by a BBC report. UK authorities didn’t affirm that report’s veracity on the time, because of privateness guidelines about underage suspects. Thus, whereas the GTA VI leak may very well be related to efforts by Lapsus$, that connection stays unconfirmed as of press time.
Ars Technica’s Dan Goodin beforehand reported on Lapsus$’s hacking efforts as they have been chronicled by members on their official Telegram chat channels. Most of the group’s strategies, at the least as publicly revealed, took benefit of vulnerabilities in normal “two-factor” multifactor authentication techniques—which often revolve round much less safe backup login choices that an attacker can exploit. The GTA VI leaker beforehand recommended that they gained unauthorized entry to Rockstar’s supply code by way of accessing the corporate’s Slack chat interface, however as of press time, it is unclear whether or not this too was a matter of “MFA bombing” to trick an worker into unwittingly accepting one thing like a telephone name immediate.
Ought to this week’s Oxford arrest be related to the GTA VI leak, that timeline can be way more accelerated than we noticed in one other memorable European supply code leak. German hacker Axel Gembe ultimately recounted the story of his apprehension after he breached Valve’s laptop techniques to obtain the supply code to Half-Life 2. That raid and subsequent arrest came about roughly eight months after the leak was initially reported.