Lizard Squad, the group that took down the Sony PlayStation and Microsoft Xbox networks over the Christmas period, has received a dose of its own medicine with the news that it has itself been hacked.
Security blogger Brian Krebs reports that Lizard Squad’s own DDoS-for-hire website – Lizardstresser.su – has been compromised.
The site is home to the group’s LizardStresser tool which relies on thousands of hacked home routers to launch DDoS attacks.
Krebs reports that the site has been “completely compromised” and the details of over 14,200 registered users of the DDoS-for-hire service are in the hands of authorities.
Given how a Lizard Squad spokesman recently claimed that part of the group’s motivation for its recent attacks was the highlighting of poor security practices, it is ironic to note that its own database of users was not encrypted – usernames and passwords were apparently stored in plaintext which, in terms of poor security mistakes, is about as big as they come.
Krebs says that only a few hundred of the users registered with LizardStresser ever paid for the website-disabling service – handing over around $11,000 in bitcoins – but they must surely be quaking in their boots right now, knowing that law enforcement now has the information it needs to identify them.
That’s not the only problem for Lizard Squad.
Since the group took out the PlayStation and Xbox networks, three alleged members have been questioned by police for their part in the DDoS. (Group member ‘Ryan’ previously said there were only three members of the Squad.)
First to be collared was 22-year-old Vincent Omari who was apprehended by the South East Regional Organised Crime Unit (SEROCU) on 31 December 2014.
The arrest happened not long after ‘computer security analyst’ Omari had given an interview to Sky News on 27 December in which his voice sounded remarkably similar to that of an anonymous Lizard Squad member who spoke on BBC radio the day before.
A second suspected member of Lizard Squad was later detained in Finland. Julius Kivimäki, 17, was questioned by Finnish police amid claims that he was the Lizard Squad spokesman ‘Ryan’ who also spoke to Sky News.
Since then SEROCU, working with the FBI, arrested an 18-year-old man in Southport, UK in connection with the Xbox and PlayStation attack.
The unnamed individual was detained under the Computer Misuse Act 1990. The man has been bailed until May.
Image of lizard courtesy of Shutterstock.
JOJo
incompetent dumbos
Jim
And thank goodness for incompetence. Unfortunately, not all hackers are this dumb nor are they so focused on themselves that they’re willing to sacrifice all just for a moment in the spotlight.
But, these guys were, thankfully. Grant an INTERVIEW? Without even TRYING to disguise your voice?
Andrew Ludgate
So… did they neglect to encrypt their customer list, or did they create a decoy filled with “targets” ? In this case, likely the first.
Jim
I would agree, but one guy gave an interview. On live radio with his voice unfiltered. Those are pretty basic steps for an intelligent hacker to avoid.
So, I’m inclined to believe they’re script kiddies, without any real hacking expertise.
But, you could be right. Hopefully, the authorities have made the same connection you did.
gixxerblade
Could a script kiddie take down XBoxLive and the PSN?
Anonymous
Was thinking along the same lines.
dj
i dont understand why lizard squad is taking down microsoft and playstation if u want to show your true talent go work for the government to hack isis if u guys seem to be all pr.