ARTICLE
6 August 2025

Think All Hackers Wear Hoodies In Dark Basements?

WL
Winslow Law

Contributor

Winslow Law, LLC, Attorneys and Counselors at Law, is a general practice, civil litigation law firm located in Pawleys Island, South Carolina. Our focus includes general civil litigation involving business and commercial disputes, as well as other general matters. Our experienced team offers a full range of legal services. We are deeply committed to developing successful attorney-client relationships while assisting the citizens of our community with their legal needs. We invite you contact us to learn more about our firm and our areas of expertise.

Meet 19-year-old Matthew Lane. We often picture hackers as mysterious figures lurking in shadows. However, the face of cybercrime is changing, and sometimes it appears to be a college student from Worcester, Massachusetts.
United States Technology

Meet 19-year-old Matthew Lane. We often picture hackers as mysterious figures lurking in shadows. However, the face of cybercrime is changing, and sometimes it appears to be a college student from Worcester, Massachusetts.

Last month, Matthew pleaded guilty to hacking two major companies and attempting to extort millions in Bitcoin. Here's what happened:

✅ Target #1: A telecom company.
Lane broke into their systems and demanded $200,000 to stay quiet—then dropped his price to $75,000 when they refused.

✅ Target #2: PowerSchool, an educational software giant.
Stole records of ~60 million students and 10 million teachers.
Exfiltrated the data to servers in Ukraine.
Demanded a ransom of $2.85 million in Bitcoin.
Threatened to publish or sell the stolen data.

Simple mistakes lead to big consequances (ask Brian Kohberger). Matthew was caught in part because he used some of his ransom Bitcoin to buy himself sneakers and designer clothes, a digital paper trail law enforcement easily traced. Now, Lane faces up to 17 years in federal prison.

WHY THIS MATTERS...

Cybercrime isn't always sophisticated.
This wasn't a nation-state attack.
It was a teenager exploiting stolen credentials, weak security practices, and underestimations of "who could be behind this."

Simple mistakes = massive consequences.

Credential reuse, unsecured cloud services, and unmonitored exfiltration paths remain the easiest entry points for attackers, regardless of their age.

Conclusion

Stop thinking of hackers as "other people's problem."
Secure third-party connections.
Monitor data exfiltration.
Limit privilege and enforce zero trust.
Have an incident response plan and practice it regularly.

Because sometimes, the person rolling the dice with your business isn't a cybercrime syndicate in Russia... It's a teenager in your own backyard.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More