A Thursday night arrest of a 17-year-old in the UK may have led to the arrest of one of the biggest video game-related leakers in recent memory.
London police confirmed their arrest of an Oxford suspect on a social media channel used regularly for updates of police arrests, and it clarified the suspect’s age, a vague allegation of “suspected hacking”, and that the investigation was coordinated with the UK’s National Crime Agency (NCA) and in particular the National Cyber Crime Unit.
That charge was followed hours later by: a report by the American freelance journalist Matthew Keys claimed the arrest revolved entirely around the recent theft and distribution of undisclosed assets from British video game studio Rockstar North. This report cites “sources” who claim the FBI was involved in this investigation and that the seized data also contained parts of a massive Uber-related breach. Keys’s report has not been confirmed by major newsrooms in the US or UK at press time.
lapsus$ suspicions
The gaming leak in question was one of the most notable in recent memory, as it essentially featured the world premiere of a highly anticipated video game Grand Theft Auto VI. Until this week’s leak, series fans have been getting rumors and rumors about the possible setting (a Miami-esque city resembling the series Vice City) and the main protagonists (a “Bonnie and Clyde” pair of protagonists, including the first playable woman in a mainline GTA game). Both rumors were confirmed by the leak, which Rockstar eventually confirmed was legit and came from a 3-year-old version of the game.
Before Thursday’s arrest, GTA VI gameplay leaker also originally claimed to be involved in a recent massive breach of Uber’s data – and Uber publicly blamed the hacking collective Lapsus$ for that breach. Earlier, at least one Oxford teenager had been linked to Lapsus$ hacking efforts by a BBC report. British authorities at the time did not confirm the truth of that report due to privacy rules about underage suspects. So, while the GTA VI The leak could be linked to efforts by Lapsus$, which connection has not yet been confirmed at the time of writing.
Dan Goodin of Ars Technica previously reported on Lapsus$ hacking attempts, as recorded by members on their official Telegram chat channels. Many of the group’s methods, at least as publicly disclosed, exploited vulnerabilities in standard “two-factor” multi-factor authentication systems — which typically revolve around less secure backup login options that an attacker can exploit. The GTA VI leaker previously suggested that they gained unauthorized access to Rockstar’s source code through access to the company’s Slack chat interface, but as of this writing, it’s unclear if this was also a matter of “MFA bombing” in order to trick employee into unwittingly accepting something like a phone call prompt.
Should this week’s Oxford arrest be related to the… GTA VI leak, that timeline would go much faster than we saw with another memorable European source code leak. German hacker Axel Gembe finally told the story of his arrest after hacking into Valve’s computer systems to download the source code to Half-life 2. That raid and subsequent arrest took place about eight months after the leak was originally reported.