Sign up to our newsletter
The attack which “stole Christmas” for millions of video games players by knocking offline the PlayStation Network (PSN) and Xbox Live appears to have been a publicity stunt, designed to gain notoriety and draw attention to the hacking group which has claimed responsibility – Lizard Squad.
The Lizard Squad gang has now launched a new service, LizardStresser, through which anyone can launch a distributed denial-of-service (DDoS) attack against the website or internet service of their choice.
LizardStresser’s promotional website isn’t shy to report its previous “successes”:
“This booter is famous for taking down some of the world’s largest gaming networks such as Xbox Live, PlayStation Network, Jagex, BattleNet, League of Legends and many more!
“With this stresser, you wield the power to launch some of the world’s largest denial of service attacks.”
The price? A mere $6 can get you started, but for a more prolonged attack you may wish to stump up $130 per month, or $500 worth of bitcoin if you wish to have unlimited attempts.
In an interview with Daily Dot, one alleged member of Lizard Squad boasted that his activities were financially-motivated:
“Playing games on a Twitter is fun, but it comes down to the money. The objective here, for me at least – can’t speak for others – is money.”
For those who aren’t aware, denial-of-service attacks are fairly simple to orchestrate but often remarkably effective. By using lots of computers to bombard a particular website with unwanted traffic, it’s possible to swamp a site, effectively clogging it up, and preventing legitimate visitors from reaching it.
Of course, it’s worth bearing in mind that participating in denial-of-service attacks is considered illegal in many countries, and can result in you receiving a prison sentence.
In short – launching, or paying for, a denial-of-service attack is a very dangerous game to play.
Lizard Squad isn’t the first to offer DDoS attacks as “cybercrime as a service”. There are plenty of other online criminals offering booter tools and criminal services on underground hacking forums. But Lizard Squad does appear to have been particularly brazen – both in its choice of targets and in its active use of social media to promote its activities.
The authorities are likely to take a dim view of anyone purchasing the services of the Lizard Squad to launch an attack against a website or internet service, just as they will no doubt be keen to throw the book at members of Lizard Squad themselves.
Earlier this week, security blogger Brian Krebs reported on clues pointing to the possible identities of Lizard Squad members – who appear to have been flirting the media since the hacks against PSN and XBox Live.
My prediction is that Lizard Squad is playing with fire. Their activities have caught the attention of law-enforcement authorities, and I have no doubt that investigations are taking place to identify those who might have perpetrated the attacks.
Lizard Squad may have ruined Christmas for millions of innocent gamers, but chances are that the gang itself won’t have good times to look forward to in 2015.
Author Graham Cluley, We Live Security