Site icon Sophos News

Lizard Squad’s DDoS service hacked, buyers’ details revealed

  • Lee Munson
    • Lizard. Image courtesy of Shutterstock.

    Lizard. Image courtesy of Shutterstock.Lizard Squad, the group that took down the Sony PlayStation and Microsoft Xbox networks over the Christmas period, has received a dose of its own medicine with the news that it has itself been hacked.

    Security blogger Brian Krebs reports that Lizard Squad’s own DDoS-for-hire website – Lizardstresser.su – has been compromised.

    The site is home to the group’s LizardStresser tool which relies on thousands of hacked home routers to launch DDoS attacks.

    Krebs reports that the site has been “completely compromised” and the details of over 14,200 registered users of the DDoS-for-hire service are in the hands of authorities.

    Given how a Lizard Squad spokesman recently claimed that part of the group’s motivation for its recent attacks was the highlighting of poor security practices, it is ironic to note that its own database of users was not encrypted – usernames and passwords were apparently stored in plaintext which, in terms of poor security mistakes, is about as big as they come.

    Krebs says that only a few hundred of the users registered with LizardStresser ever paid for the website-disabling service – handing over around $11,000 in bitcoins – but they must surely be quaking in their boots right now, knowing that law enforcement now has the information it needs to identify them.

    That’s not the only problem for Lizard Squad.

    Since the group took out the PlayStation and Xbox networks, three alleged members have been questioned by police for their part in the DDoS. (Group member ‘Ryan’ previously said there were only three members of the Squad.)

    First to be collared was 22-year-old Vincent Omari who was apprehended by the South East Regional Organised Crime Unit (SEROCU) on 31 December 2014.

    The arrest happened not long after ‘computer security analyst’ Omari had given an interview to Sky News on 27 December in which his voice sounded remarkably similar to that of an anonymous Lizard Squad member who spoke on BBC radio the day before.

    A second suspected member of Lizard Squad was later detained in Finland. Julius Kivimäki, 17, was questioned by Finnish police amid claims that he was the Lizard Squad spokesman ‘Ryan’ who also spoke to Sky News.

    Since then SEROCU, working with the FBI, arrested an 18-year-old man in Southport, UK in connection with the Xbox and PlayStation attack.

    The unnamed individual was detained under the Computer Misuse Act 1990. The man has been bailed until May.


    Image of lizard courtesy of Shutterstock.

    Exit mobile version