麻豆精品

Updated, Oct. 10

Sterling, Massachusetts聽

Matthew Lane peeked his head through a window at his parents鈥� house on a wooded, winding road, and, with apprehension, opened the front door. 

The chime of the doorbell at the gray, two-story house, which sent the family dog into a fit, wasn鈥檛 expected 鈥� or welcomed. 

尝补苍别鈥檚 had been the subject of speculation and intrigue since May when federal prosecutors announced the rail-thin, shaggy-haired 19-year-old college freshman had confessed to a ransomware attack on education technology behemoth PowerSchool. 

Federal prosecutors accused Lane of collaborating with at least one unnamed co-conspirator to steal the sensitive records of more than 60 million students and 10 million educators. Claiming to be part of a “notorious hacking group,鈥� he used the stolen data to extort nearly $3 million from California-based PowerSchool. Though charging documents describe the education technology company as 鈥淰ictim 2,鈥� extensive details released by the government align with the company鈥檚 disclosure about the breach. 

Lane pleaded guilty to the breach 鈥� widely considered the largest exposure of private student data in history 鈥� in June and is scheduled to be sentenced in federal court on Tuesday. 

“Money and greed” motivated his actions, released on Wednesday that states Lane wanted 鈥渢o buy designer clothes, diamond jewelry and luxury vehicles鈥� while spending funds on “extravagant rental apartments and near daily fast-food delivery.鈥� Lane returned about $160,000 to the government, but roughly $3 million remains unaccounted for, according to the sentencing report.

Federal prosecutors, who charged him with computer fraud and aggravated identity theft, are seeking a seven-year prison sentence and more than $14 million in restitution.

His 鈥渃rimes were not a mistake resulting from an isolated lapse in judgment,鈥� the memo alleges, but rather part of a pattern of criminal cyber activity that dates back to at least 2021, when he was still in high school. His targets include at least eight victims total, 鈥渞anging from a school athletic association to private companies to foreign governments.鈥� 

Open-source reporting and a threat intelligence report obtained by 麻豆精品 from cybersecurity firm Cyble reveal details of what that past cyber crime life looked like. They provide evidence that , who was known on the Worcester, Massachusetts, campus for being socially reserved, took on flamboyant, meme-inspired personas in online cybercrime communities that were highly active for years. 

In the physical world, Lane appeared to keep a low profile around town 鈥� and he hoped to keep it that way. 

鈥淧lease leave鈥� Lane told a reporter who traveled to his hometown in August to learn more about the teenager described by federal prosecutors as 鈥渉iding behind his keyboard鈥� to carry out 鈥済et rich quick鈥� cyberattacks.

尝补苍别鈥檚 attorney, Sean Smith, didn鈥檛 respond to requests for comment.

Prosecutors said Lane “grew up in a safe, small town鈥� with what the teenager himself described as “loving and nurturing parents” and close relationships with all his family members. It was here in Sterling 鈥� a middle-class enclave of fewer than 8,000 residents 鈥� where neighbors watched a parade of Federal Bureau of Investigation agents park outside the Lane residence and conduct an early-morning raid this spring.

For cybersecurity professionals following the PowerSchool case, 尝补苍别鈥檚 indictment, which was publicized by federal law enforcement as a major score in their crackdown on cybercrime rings, . Among them, to a network of young, for and

Cyble leverages open-source intelligence techniques and proprietary tools to track the online behaviors of threat actors and help businesses manage their cyber risks. The firm provided threat intelligence research exclusively to 麻豆精品 that aligns with prosecutors鈥� assertions in 尝补苍别鈥檚 sentencing report. 

Cyble researchers identified digital personas it connected to Lane and tracked their account behaviors on a cybercrime forum and across the web. These threat-actor accounts 鈥渟ystematically targeted educational institutions, government agencies and corporate networks since 2021,鈥� citing the same year as federal prosecutors. 

These earlier hacks and data breaches, Cyble said, affected an alcoholic beverage company, a major U.S. supermarket chain, an Indonesian telecommunications company and the Colombian armed forces. 

To bring down targets without detection, the threat actor behind the accounts leveraged the techniques of 鈥渆xperienced hackers,鈥� Cyble Chief Product Officer Kaustubh Medhe said. The PowerSchool hack was 鈥渁 predictable escalation rather than an isolated incident,鈥� Cyble analysts concluded, and was not the work of a 鈥渇irst-time offender鈥� but rather 鈥渁 seasoned cybercriminal.鈥� 

鈥淲e wouldn鈥檛 treat him like an amateur,鈥� Medhe said. 鈥淚n no way can we say that he was just a young kid who struck rich.鈥�

The sentencing report similarly describes 尝补苍别鈥檚 conduct as 鈥渟ophisticated, involving virtual private networks, eSIMs (a digital, more secure version of a physical card), anonymized email addresses and phone numbers, stolen credentials and foreign servers.鈥�

Federal prosecutors accused Lane of working with a co-conspirator to extort $200,000 from a U.S.-based wireless telecommunications company before discussing the “need to hack another shitty company that[鈥橾ll pay.” 

PowerSchool became that next victim, prosecutors say.

The extortion pipeline

Online fingerprints that Cyble used to connect the digital aliases 鈥�,鈥� 鈥渘etsaosa,鈥� 鈥渇uckmarykill鈥� and others to Lane show they have been exploiting vulnerabilities since the defendant was barely old enough to drive. Then the hacker bragged about it. 

On a now-defunct online cybercrime marketplace, that security researchers pegged to Lane, in part from an exposed IP address,  appeared to boast of attention-grabbing exploits: 鈥渋ve been on news sites a few times,鈥� g0re wrote in a signature line. 

As news of 尝补苍别鈥檚 connection to the PowerSchool case circulated around Sterling, neighbors said they were thankful  he wasn鈥檛 arrested for dealing drugs. But few people knew the young man accused of carrying out the crime. 

鈥淚鈥檝e never heard of him, but he can go to hell,鈥� said one patron at B-Man鈥檚 140 Tavern, a biker bar on the outskirts of town that鈥檚 known as a hub for local gossip. A police department dispatcher said she didn鈥檛 know anything about the case beyond the highlights that made the local news and the executive director of the local public access television station said he was similarly out of the loop. 

To people who knew Lane, the indictment was a shock. Neighbors, former classmates and a college professor described him as a soft-spoken gamer and a skilled computer programmer. 

One former classmate, Quinton Brien, said Lane didn鈥檛 鈥渟eem interested in school鈥� and recalled the high schooler selling nicotine vapes to his underage classmates. His class portraits appear in the regional high school yearbook, but he doesn鈥檛 show up as participating in any sports teams or extracurricular clubs. 

High school friend Pia Bogieczyk said Lane is 鈥渒ind of goofy鈥� and introverted. The two bonded over the video games Minecraft and Fortnite, Bogieczyk said, and although her friend was a computer wiz, she didn鈥檛 expect him to get caught up in cybercrime. 

鈥淚 figured he would be good enough at computer stuff to do that, if that makes sense,鈥� she told 麻豆精品, but 鈥淚 didn’t think he would be using his skills for malicious purposes.鈥�

On X, attributed to Lane offers insights into his personality 鈥� and his connections. The profile features a hatred of Hallmark Christmas movies, a disclosure of being 鈥渕entally ill,鈥� a love for video games and a deep interest in anime 鈥� especially a dystopian Japanese cartoon about a lonely girl who immerses herself in an interconnected and increasingly strange digital world. 

The account also for Conor Fitzpatrick, who was a New York teenager when he , an online community where hackers sold stolen data and hacking tools. Fitzpatrick was and in September was for launching what federal officials called 鈥渙ne of the world鈥檚 largest English language hacking forums.鈥� BreachForums, which has suffered several data breaches itself, has been  

Cyble analysts found these online aliases鈥� forays into hacking began with benign efforts to identify and report computer security flaws before progressing over several years to leaking original data breaches 鈥渁nd ultimately to extortion.鈥� 

鈥楢 notch in his hacking belt鈥�

When federal officials announced , the Department of Justice accused the teenager of using stolen credentials in September 2024 to hack into PowerSchool鈥檚 computer network and transfer sensitive files to a leased server in Ukraine. On the night he leased the server, Lane told his girlfriend he was 鈥済onna be on the laptop鈥� because 鈥淚 just need to actually make $ for a second,鈥� according to the sentencing report.

About three months later, in December, PowerSchool officials received a demand for about $2.85 million in Bitcoin to prevent sensitive student and teacher data 鈥� including the Social Security numbers of children as young as 5 鈥� from being leaked 鈥渨orldwide.鈥� 

鈥淔inal note, we fully intend to destroy your company and bankrupt it to the point of no absolute return if the ransom is not paid,鈥� the hacker warned PowerSchool, according to the sentencing memo. The attack cost the company more than $14 million, according to the court documents, including the ransom payment and identity theft services for the students and teachers who were victimized. 

The cybercrime was 鈥渁 serious attack,鈥� U.S. Attorney Leah Foley said in a press release, and that Lane 鈥渋nstilled fear in parents that their kids鈥� information had been leaked into the hands of criminals 鈥� all to put a notch in his hacking belt.鈥�  

In interviews with federal law enforcement after they searched his college dorm, Lane initially “fabricated a story about receiving packages of cash,” denied engaging in extortion “and only admitted his conduct when faced with his indisputable text messages,” according to charging documents. 

The PowerSchool data breach made international headlines earlier this year in part because it encompassed highly sensitive records about students, including their mental health and . The company, acquired by the Boston-based private equity firm Bain Capital for $5.6 billion last year, operates a digital platform that helps schools track students鈥� attendance, grades and other data. More than 18,000 educational institutions globally and 90 of the 100 largest U.S. school districts rely on PowerSchool software, the company claims. 

The company, which has faced criticism for delays in notifying affected students and educators about the ransomware attack, was hit with dozens of lawsuits over its failure to keep sensitive data secure. In September, Texas Attorney General Ken Paxton announced a lawsuit against the vendor, accusing it of about the strength of its cybersecurity features. 

PowerSchool is 鈥渃ommitted to protecting student data and ensuring the safety of our systems,鈥� a company spokesperson said this week in a statement to 麻豆精品.

鈥淔ollowing the 2024 security incident, we promptly notified our customers and provided ongoing updates as new information became available,鈥� the statement reads. 鈥淲e continue to work closely with affected districts and law enforcement to ensure transparency and accountability.鈥�

PowerSchool , but quickly backtracked to disclose it paid the cybercriminals an unspecified extortion demand to keep students鈥� sensitive records from spreading online. 

Then, local school leaders in several states . In May, district administrators reported receiving ransom demands for cryptocurrency payments to stop their stolen PowerSchool records from being exposed. In North Carolina, the state education department received a demand from a threat actor a cybercrime group that鈥檚 taken credit for .

That email, obtained by the cybersecurity blog , and CyberScoop, have raised questions about 尝补苍别鈥檚 , which at one point operated BreachForums. Cybersecurity analysts have 鈥渓oosely knit band of primarily English-speaking miscreants鈥� involved in hacking, extortion and 鈥渞eal-life violent crime for a price.鈥� 

Medhe of Cyble said his researchers have found no evidence that ShinyHunters had a role in the PowerSchool hack, noting that anybody can 鈥渃reate a fake email account鈥� and pretend an alliance with an international cybercrime syndicate. But the evidence makes clear that Lane 鈥渨asn鈥檛 acting alone,鈥� he said, theorizing that it鈥檚 only 鈥渁 matter of time鈥� before federal officials announce the indictment of his unnamed co-conspirator. 

After organizations fall prey to a data breach, it鈥檚 common for them to experience 鈥渟econdary victimization” where stolen records are leveraged multiple times by different hackers, said Yanna Papadodimitraki, a research associate at the . 

鈥淒ata can never be taken back in many ways,鈥� she said. 鈥淧robably, the students and the teachers will be having quite a lot to deal with in the years to come.鈥� 

鈥�Social relationships, albeit online, are key鈥�

The PowerSchool breach may be 尝补苍别鈥檚 biggest cyberattack, but the Cyble threat intelligence report indicates his entry into cybercrime began closer to home. 

The Lane-identified hacker aliases g0re and netsaosa for a cyberattack on the Massachusetts Interscholastic Athletic Association website, which stalled the release of the statewide brackets for upcoming  tournament games. The association that oversees high school sports was targeted, the threat actor at the time, because 鈥淚 was bored.鈥� 

When the hacker alerted the group to vulnerabilities on their site, 鈥渢hey ignored me. ignored me. ignored me.鈥�

Lane was 16 at the time. 

Lane is far to get caught up in organized cybercrime. The trope of a teenage hacker tapping away in his parents鈥� basement is . Indeed, many of the most devastating hacks in recent memory 鈥� including   鈥� have led to the . 

鈥淢ost of these criminals tend to have a better understanding of the local businesses, the local institutions, and what type of sensitive data they are likely to hold,鈥� Medhe said. 鈥淎nd they鈥檙e most likely to target some of these institutions that they know about before going global.鈥� 

The pathway to cybercrime for teens often begins in video gaming communities devoted to cheat codes that are used to modify the playing experience and gain an advantage, by the National Crime Agency in the United Kingdom. Such digital meetups can serve as a first stop before they move on to criminal forums that dispense 鈥渓ow-level hacking tools鈥� and where 鈥渟ocial relationships, albeit online, are key.鈥� 

The thrill of the chase and accumulating internet points in cybercrime forums 鈥� not money 鈥� are often prime motivators, according to the British law enforcement agency, which found that just a small number of hackers work their way up the ranks to 鈥渢he very technically skilled cybercriminal.鈥� 

, published in 2023 by researchers in the Netherlands, identified two dozen 鈥渞isk factors for cyber-offending,鈥� such as being a young male with 鈥渓ow self-control and deviant peers.鈥�

Youthful hackers generally turn to online communities 鈥渘ot only as a way to build expertise, but to gain a reputation, gain insights from others and buy and sell services,鈥� said Thomas Holt, the director of the Michigan State University Center for Cybercrime Investigation & Training, and the entry points and motives for teen hackers. In , Holt found young people 鈥渨hose peers used drugs, shoplifted and played computer games were more likely to engage in hacking.鈥� 

鈥淣ow you can pay for a denial of service attack, as an example, whereas 20 years ago you鈥檇 have to know how to run it yourself,鈥� Holt said, referring to a type of attack that overwhelms a computer network鈥檚 capacity and renders it unable to function. 鈥淎ll you need is an internet connection and some forums 鈥� maybe some YouTube videos 鈥� to become proficient, at least in today鈥檚 world.鈥� 

Papadodimitraki of the , whose research focuses on youth delinquency, has questioned the role video games play in cybercrime. Her own work points to many of the same factors that are correlated with other crimes, including poverty, trauma, poor social connections and school exclusion. 

鈥淏ut what we seem to be seeing when it comes to gaming and cybercrime is an overall interest in technology,鈥� she said. 鈥淪o gaming is just a part of that.鈥�

BreachForums user logs leaked in 2023 show the g0re account was created using a VPN to mask the hacker鈥檚 identity, according to a Cyble analysis of the data breach. The account, researchers found, was among the earliest BreachForums members, with User ID 17. The user鈥檚 鈥渓ast recorded activity,鈥� researchers found, pointed to the IP address of the Lane household in Sterling, Massachusetts. The lapse suggests 鈥渙perational security degradation over time,鈥� they wrote, and may have played a part in 尝补苍别鈥檚 ultimate capture.

Lane is accused of going to elaborate lengths with an Illinois-based co-conspirator to cover their tracks so that investigators “will literally find nothing.” Prosecutors allege Lane used an 鈥渁nonymized email address鈥� to communicate with breach victims and Signal, the encrypted messaging app, to communicate with the co-conspirator. The two discussed directing their criminal proceeds to cryptocurrency wallets, transferring those funds to anonymous virtual credit cards and wearing masks and gloves when taking that money from ATMs. They also talked about using money mules to withdraw the cash for them.

The Cyble threat intelligence report notes Lane was also active on Telegram, the privacy-branded messaging app that鈥檚 become a popular hangout for cybercriminals. 

“The sophistication and planning involved in his crimes and the steps he took to conceal his identity鈥攊ncluding identifying which victims to target, gaining access to their networks, negotiating ransom payments with professional cybersecurity companies, hiding the flow of funds from the ransom payments to himself and others 鈥� belies any argument that Lane was too young to understand what he was doing was wrong,” prosecutors allege.

Calling the cops

On one online forum similar to BreachForums, which is still in operation, PowerSchool exploits have been a subject of discussion for years 鈥� with student users seeking ways to change their grades and stay out of trouble with their parents. 

In one post, a user gave forum members instructions on how to spoof 鈥渢he painfully evil grade checking website,鈥� albeit temporarily, to 鈥渟how off or to prove to your mom that you鈥檙e a good student.鈥� 

The trick was a hit.

鈥淥MG dude i love you,鈥� one user wrote. 鈥淭his just saved my xbox till my school calls home.鈥� 

Bogieczyk, who played the video game Minecraft with Lane while in high school, recalled him taking Advanced Placement Computer Science courses and finding them 鈥渏ust really easy.鈥� She said she hasn鈥檛 visited Lane since the indictment but she has friends who have. One of his preoccupations, she said, has been his online reputation. News of his indictment led to 鈥渉ate online,鈥� including social media posts and negative comments on news articles. 

One of 尝补苍别鈥檚 former Assumption University professors, who asked not to be identified because he wasn鈥檛 authorized by the university to speak, said Lane was 鈥渧ery quiet鈥� in class and was surprised to learn the student, whose progress reports show he was an adept computer programmer, stood accused of a cybercrime. 

The professor said he received a general email from university administrators notifying the school community of FBI activity on campus related to cybersecurity. After news of the indictment broke, the instructor said he got an email from 尝补苍别鈥檚 personal account explaining why he was absent from class and that law enforcement had confiscated his devices.

Officials at Assumption University, a small, Catholic college with about 1,600 undergraduate students and a tiny computer science program, didn鈥檛 respond to requests for comment. 尝补苍别鈥檚 sentencing report notes he was attending Assumption on a partial scholarship, expected his college internships to pay off his student debt and aspired to work for Google.

In Sterling, the Lanes were described as 鈥渘ice neighbors鈥� who generally kept to themselves. A conversation with one neighbor was interrupted when two local police officers pulled onto the tree-lined street. Someone concerned about their privacy 鈥� Matthew Lane or his parents 鈥� had called in a complaint. 

鈥淭hey just called and they don鈥檛 have any comment and they just don鈥檛 want you here anymore,鈥� Officer Steve Mucci said. 鈥淵ou headed out?鈥�

Did you use this article in your work?

We鈥檇 love to hear how 麻豆精品鈥檚 reporting is helping educators, researchers, and policymakers.