A group of teenage hackers managed to breach some of the worlds biggest tech firms last year by exploiting systemic security weaknesses in US telecom carriers and the business supply chain . US regulators should penalize telecom firms with lax security practices and Congress should consider funding programs to steer American youth away from cybercrime . The Cyber Safety Review Board found that in general it was far too easy for the cybercriminals to intercept text messages that corporate employees use to log into systems . The group known as Lapsus alarmed US officials because they were able to embarrass major tech firms with robust security programs . The board wants telecom carriers to report SIMswapping attacks to US regulatory agencies and for those carriers to penalize carriers when they don’t adequately protect customers from such attacks . Hacks associated with Lapsuses have not been reported in months in part because multiple alleged members of the group were arrested in the UK last year . The groups have not reported in parts because they haven’t been reported for months . The hackers have only recently returned to the hacking group have not returned to their website in part due to a lack of activity in the past . The report was published by the DHS under secretary for the review board who said it could take nearly a decade to eradicate a vulnerability in software used by thousands of corporations and government agencies worldwide to eradicate the vulnerability in their systems. The board does not have regulatory authority but its recommendations could shape legislation in Congress and future directives from federal agencies. The report is expected to be published by September 30, 2015. It was published in October. It is published by December 29, 2013. The review was released by the Cyber Safety review. It has been published by October 29, 2014. It will also be published in December, 2013, by the