Today, supply chain attacks, AI-enabled advanced persistent threats (APTs), and insecure IoT have
            taken what I imagined and made it worse. Recent issues at social media sites, media & communications
            sites, and critical infrastructure & services repeatedly demonstrate how fragile online infrastructure is. In
            May 2022, the entire country of Costa Rica was shut down, and a state of emergency was declared due
            to a ransomware attack.

            So, we know it is possible to bring down countries. But who will be able to do that?

            CyberDefense Magazine has a list of the Top 100 Cybersecurity Hackers. Most of the people on the list
            are reformed, incarcerated, or dead. All were very successful in their cyberattacks, but none were as
            driven or as dangerous as someone not on the list.

            History is full of famous criminals: Adolf Hitler, Bonnie & Clyde, Pablo Escobar, Julian Assange, and now,
            Arion Kurtaj. Now 18, Kurtaj was an underage teenage hacker from Oxford, UK, and a member of the
            Lapsus$ group, a mostly teenage threat actor group that attacked dozens of well-known companies and
            government agencies around the world in 2021 and 2022.

























            Lapsus$ came to public attention in December 2021 after attacking Brazil’s Ministry of Health, stealing
            50TB  of  data,  and  demanding  a  ransom  to  not  publish  any  of  the  data.  They  were  responsible  for
            breaching Okta, Microsoft, and Samsung, among others, stealing data and again extorting ransom to not
            post the data online. The attacker group was so brazen, they maintained a Telegram channel where they
            announced when and where they would publish stolen data drops and conducted polls to determine what
            targets to attack. In 2022, the Lapsus$ channel had over 45,000 subscribers.

            Kurtaj is thought to be the founder of Lapsus$ at age 16 with another teen hacker from Brazil. At the age
            of 17, he was arrested in March 2022 with other teen hackers for attacking and stealing data from NVIDIA
            and UK phone company BT/EE. They had leaked some sensitive data as an incentive for NVIDIA to pay
            a ransom. After his arrest, Kurtaj was “doxxed” by a rival cybergang who posted his family’s personal
            information online. While out on bail in September 2022 and with his laptop confiscated, Kurtaj was
            moved to a budget hotel for his safety. There, he quickly hacked both Uber and Rockstar Games, stealing
            video clips of the unreleased Grand Theft Auto 6 games using only a smartphone, an Amazon firestick,







                                                                                                              41