Skip to content
National Crime Agency snares teens who used Lizard Squad DDoS tool
Naked Security Naked Security

National Crime Agency snares teens who used Lizard Squad DDoS tool

The NCA says it wants to reform the teens caught up in its operation targeting users of LizardStresser, an online tool for attacking websites. Is a stern talking-to enough? Or should they face jail time?

Lizard SquadSix teenagers between the ages of 15 and 18 have been arrested in the UK as part of an operation targeting users of LizardStresser, an online tool for attacking websites.

The teens were swept up in “Operation Vivarium,” led by the National Crime Agency (NCA), the UK agency responsible for fighting organized crime and cybercrime.

LizardStresser is a software-as-a-service tool offered by the Lizard Squad hacker gang, a group that gained notoriety for its attacks on Sony and Microsoft on Christmas of 2014.

As we reported back in January of this year, the LizardStresser tool uses thousands of hacked home routers to carry out distributed-denial-of-service (DDoS) attacks, which flood targeted websites with traffic to keep legitimate users from accessing the site.

In a twist of irony, however, the LizardStresser website was itself compromised, revealing details of thousands of the website’s registered users.

NCA said the teens used the DDoS-for-hire tool to attack the websites of a leading national newspaper, a school, gaming companies and a number of online retailers.

The suspects allegedly purchased LizardStresser services using alternative payment methods including bitcoins, in a “bid to remain anonymous.”

The NCA said the arrested teens are not believed to have been members of Lizard Squad.

NCA said it is in the process of interviewing another 50 individuals who registered on the LizardStresser website, but who are not believed to have carried out any attacks.

One-third of those individuals are under the age of 20, and NCA will caution them that DDoS attacks are illegal and carry serious consequences, for the businesses affected and those that attack them.

About 30% of UK businesses report having suffered a DDoS attack in the past year, NCA said.

DDoS attacks can harm businesses while preventing people from accessing information and services.

Tools such as LizardStresser lower the bar for involvement in cybercrime – “wannabe” hackers can pay a small fee for crimeware kits that do most of the work, no deep programming skills needed.

Perhaps that’s why NCA and the court system in the UK seem to be giving warnings in cases involving teens, rather than hefty prison sentences.

Julius “zeekill” Kivimaki, a 17-year-old who identified himself as a spokesman for Lizard Squad, received a suspended two-year jail sentence despite being convicted of 50,700 computer crime charges.

Tony Adams, Head of Investigations at the NCA’s National Cyber Crime Unit, said the NCA seeks to “engage with those on the fringes of cybercrime,” to convince them to turn their skills to “legitimate careers”:

One of our key priorities is to engage with those on the fringes of cyber criminality, to help them understand the consequences of cybercrime and how they can channel their abilities into productive and lucrative legitimate careers.

The UK’s emphasis on reform over punishment is in stark contrast to the approach taken in the United States, where convicted hackers can expect to serve hard time.

Image of lizard in a cage courtesy of


Teach them how to infiltrate networks in Iraq and Iran from UK. Assign them 3 to 5 years and have UK benefit.


You seem to be assuming that the ability to click on a website to launch an attack on someone else’s is a good indicator of a person’s likely skills in networking, computer science and vulnerability research.

If you offered free network penetration training to the very highest level – followed by 5 years of guaranteed work in that rather elite field – as a “punishment” for cybervandalism and other cybercriminality…

…that wouldn’t be a very strong disincentive, would it?

Seems a bit like drafting convicted muggers into an top-level program of boxing or Tae Kwon Do training to get ready to represent their country at the next Olympic Games.


That list bit sounds like a strategy that Russia might use.



My point is not that it is inevitably unethical or immoral to draft crooks into the service of one’s country, but that it is silly to assume that a predilection for criminality implies interest or ability in any particular line of work.

Being criminally inclined to {use force to steal, hack computers, rip off bank accounts, smash glass, joyride cars} doesn’t imply that that you are even particularly interested in {competitive boxing, network security, accountancy, the making of stained glass windows, competitive motor racing}, let alone that you have any particular aptitude for any one of them.


There are 100 people in a room. Ninety of them want “lucrative legitimate careers”. Ten of the would rather rob and or deface/property of people they don’t even know (e.g., they’re psychopaths by ever definition of the word). Why, why, why would you even consider “reforming” those 10? Send them to prison where they belong.


These people deserve to spend some time in jail for what they have done-it’s illegal , destructive and have caused damage to the rights of legitimate businesses and institutions . They may be young , but they aren’t stupid , they may think of it as a bit of fun or maybe they have some sort of grudge against a business or other operation but whatever is their reason for doing so is at best childish or at worst a savage and unwarranted digital bashing .
Let them hear the clang of the cell doors being closed behind them – it may remind them of their crass stupidity or that the other reasons that they had for their actions will bring consequences to them that are not very funny or pleasant


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!