Child hackers tricked Apple and Meta into handing over subscriber data

Child hackers from gang dubbed ‘Recursion Team’ impersonated cops to trick Apple and Meta into handing over subscriber data and used the information ‘to harass victims and commit financial crimes’

  • Child hackers posed as cops to file data requests with Apple and Meta
  • In some cases they used compromised law enforcement email accounts
  • Hackers used account information to harass victims or commit financial crimes 
  • Gang called Recursion Team is believed to include teen mastermind of Lapsus$
  • The autistic 16-year-old from Britain is a prime suspect in major hacks

Child hackers posing as law enforcement officials were able to dupe Meta and Apple into handing over customer information, according to a new report.

The now-defunct hacker gang dubbed Recursion Team is believed to consist of minors in the US and UK, including the suspected teen mastermind behind the Lapsus$ cybercrime group, Bloomberg reported Wednesday.

Using compromised email accounts from law enforcement organizations, the hackers sent ’emergency data requests’ for subscriber information to Apple and Facebook’s parent company.

Though such request normally require a court order, that standard doesn’t apply to so-called ’emergency’ requests and in several cases the companies handed over customer information, people familiar with the matter told Bloomberg.

The website of defunct hacker gang Recursion Team, also known as Infinity Recursion, is seen above. The group impersonated cops to make data requests to Apple and Facebook

This profile photo from a Telegram account shows a rendering of a 16-year-old boy from England who is believed to be the mastermind behind the hacking group LAPSUS$. He is also said to have been involved in the earlier hijinks by Recursion Team

The hackers ran the scam last year and were able to obtain subscriber addresses, phone numbers and IP addresses, according to the report.

Cybersecurity experts believe the information was used to harass victims and carry out financial crimes through identity theft.

In a statement to, Facebook spokesman Andy Stone said: ‘We review every data request for legal sufficiency and use advanced systems and processes to validate law enforcement requests and detect abuse.’ 

‘We block known compromised accounts from making requests and work with law enforcement to respond to incidents involving suspected fraudulent requests, as we have done in this case,’ the statement added.

An Apple spokesman referred a request for comment to the company’s law enforcement guidelines, which state that the supervisor of an agent submitting a request ‘may be contacted and asked to confirm to Apple that the emergency request was legitimate.’

Most major tech companies operate a dedicated law enforcement portal for data requests, but many still also accept requests through email, if the emails are from official government accounts.

Facebook CEO Mark Zuckerberg. The company says that it is working with law enforcement on the incident and blocks requests from known fake accounts

Apple CEO Tim Cook. The company has guidelines for responding to law enforcement requests and says it may check the requests with a supervisor

Such accounts are easily compromised and credentials are sold on the dark web for as little as $10, cybersecurity experts say. 

Recursion Team, also known as Infinity Recursion, is believed to be defunct, but many former members are thought to continue their activities with the infamous Lapsus$ gang, responsible for breaches of tech heavyweights Microsoft and Nvidia.

One of the minors involved in Recursion is believed to be the British teenager suspected of masterminding Lapsus$, Bloomberg reported.

Cybersecurity experts hired by victim companies said that they have been able to trace the breaches to a teen living near Oxford, who goes by the online monikers ‘White’ and ‘breachbase.’ 

Bloomberg, which first reported on these revelations, did not identify the 16-year-old because he is a minor.

BBC described the suspect as autistic and attending a special education school in Oxford, and reported that he was alleged to have earned a jaw-dropping $14million through his hacking activities. 

Lapsus$ has stunned and baffled cybersecurity experts in equal measure with its combination of juvenile antics and high-level access to some of the biggest companies in the world. 

Microsoft confirmed last week that LAPSUS$ hackers had gained ‘limited access’ to its source code and compromised one account. LAPSUS$ previously claimed responsibility for hacking Nvidia, which designs graphics processing units for the gaming industry

The group uses a variety of methods, including bluffing, trickery, and bribes to steal passwords, Microsoft said in a blog post last week. 

British authorities recently announced that seven people – aged 16 to 21 – had been arrested at some unspecified point in the past and then later released. 

The authorities gave few other details but it was around that time that Lapsus$ told its fans “a few of our members” were going on holiday. 

Nevertheless, the gang of hackers bounced back and claimed late Tuesday that it broke into software services firm Globant SA and stole 70 gigabytes of source code from the company’s customers. 

On its Telegram channel, Lapsus$ posted a screenshot of more than two dozen folders containing what it said was customer source code, including from well-known tech companies. 

The authenticity of the screenshot could not immediately be ascertained. 

‘We are officially back from a vacation,’ the group said as it announced the Globant breach.  

Source: Read Full Article