

The Lizard Squad, an Internet mayhem group, has recently been caught with their proverbial pants down when an attacker compromised the customer database of the group’s recently released distributed denial of service (DDoS) for hire service. The service, the “Lizard Stresser,” allows paying customers to trigger attacks against websites and networks that can knock them off the Internet for seconds or hours.
Lizard Squad is best known for ruining Christmas Day for users of Microsoft Corporation’s Xbox Live and Sony Online Entertainment LLC’s PlayStation Network. The mayhem group announced the release of the Lizard Stresser at the height of their infamy after taking credit for the Christmas Day attacks, which the group also predicted.
Security expert Brian Krebs from the Krebs on Security blog briefly mentioned the customer database compromise in a December article about Lizard Squad’s ineptitude entitled “Lizard Kids: A Long Trail of Fail.” However, on Friday, Krebs revealed that his outfit had obtained a copy of the compromised database and that the Lizard Squad failed to even secure the passwords—instead, the passwords are stored in plain text (i.e. human readable.)
Another Lizard kid (gang that DDoS’d Sony/Xbox) arrested; Lizard Stresser hacked, customer database leaked http://t.co/Whw9TfXDVB
— briankrebs (@briankrebs) January 16, 2015
Krebs says that the DDoS-for-hire tool saw more than 14,241 registered users within a month, however “only a few hundred appear to have funded accounts at the service.”
Further, the database revealed that customers deposited more than $11,000 USD worth of bitcoins and targeted thousands of Internet addresses for attack (including KrebsOnSecurity.com itself.)
There is an apparent juvenile rivalry from Lizard Squad towards Krebs, which is visible in the Lizard Stresser DDoS-for-hire tool. The tool contains several mentions of Krebs including jokes about Krebs’s hairline and includes his e-mail address as a “supporter” of the service.
Krebs also revealed in December that the Lizard Stresser is a rough copy/paste of another more popular product TitaniumStresser. While Lizard Squad managed to gain notoriety for attacking major gaming services, DDoS-for-hire is already a well known service of the “black market” that is normally not visible to the general public.
NexusGuard gave SiliconAngle an idea of what the DDoS-for-hire market is like and how these sites are built in a previous article. These services build on top of “attack infrastructure,” which Lizard Squad’s tool is known to use compromised routers, and hooks in the copied front end for taking money and directing attacks.
After the Christmas Day attacks caught the public’s attention news has been trickling in about possible Lizard Squad members being arrested and/or questioned by international authorities.
In December, reports surfaced that the FBI sought “ryanc” or Ryan, a teen and Finnish resident, in connection to Lizard Squad. Then, shortly thereafter, UK authorities arrested an alleged Lizard Squad member, 22-year-old British citizen Vinnie Omari. Finally, in early January, the South East Regional Organized Crime Unit announced the arrest of an 18-year-old teen who is also speculated to be connected to Lizard Squad.
Support our open free content by sharing and engaging with our content and community.
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.