LizardStresser: Six people arrested in connection with Lizard Squad’s DDoS attack tool

British police have today announced the arrest of six people in connection with distributed denial-of-service (DDoS) attacks that attempted to bring down websites belonging to – amongst others – a national newspaper, a school and a number of online retailers.

The link between the attacks is that they all appear to have been conducted using the LizardStresser tool, a DDoS-on-demand service offered by the Lizard Squad hacking gang who managed to take down the XBox Live and PlayStation networks last Christmas.

Last month, Lizard Squad’s self-proclaimed “untouchable hacker god” Julius Kivimäki was given a two-year suspended prison sentence after being found guilty of a staggering 50,700 computer crimes.

Lizard Squad's self-proclaimed untouchable hacker god

Readers of We Live Security will remember that in January, Lizard Squad was itself – in a moment of supreme irony – hacked and details of people who had signed-up for the gang’s LizardStresser service passed to the authorities.

Yes, you’ve guessed it. Lizard Squad failed to encrypt its database of registered users – instead storing usernames and passwords in plaintext.

Somehow that doesn’t sound like the work of a true “hacker god”, but never mind.

The news today is that some of the people suspected of deploying LizardStresser maliciously, swamping websites with unwanted traffic without the permission of the site owners, having purchased access to the tool through digital currency services such as Bitcoin, have been arrested as part of “Operation Vivarium”.

Those helping the police with their enquiries include:

  • A 17 year-old male from Manchester had computer equipment seized and was interviewed under caution by the NCA’s National Cyber Crime Unit (NCCU) on 27 August.
  • A 18 year-old-male from Huddersfield arrested and bailed on 27 August by Yorkshire and Humberside police.
  • A 18 year-old-male from Milton Keynes interviewed under caution by the South East ROCU (Regional Organised Crime Unit) on 26 August.
  • A 18 year-old male from Manchester arrested and bailed by North West ROCU and Greater Manchester Police on 26 August.
  • A 16 year-old male from Northampton arrested and bailed by East Midlands ROCU on 26 August.
  • A 15 year-old male from Stockport arrested by the North West ROCU and Greater Manchester Police on 24 August.

Two other suspected users of Lizard Stresser were arrested earlier this year:

  • A 17 year-old male from Cardiff arrested and bailed by South Wales ROCU and NCCU on 16 April.
  • A 17 year-old male from Northolt arrested and bailed by the Metropolitan Police on 03 March.

What I think is most notable about these details is that it is teenagers who are instigating denial-of-service attacks, attempting to bring down sites to disrupt businesses and organisations, presumably with mayhem in mind rather than money-making.

It’s also clear that LizardStresser’s users might have believed that they could do so anonymously, without risk of their identities being discovered. The hack of Lizard Squad earlier this year, and the handing over of user data to the authorities proves that that belief was misguided.

“Acts of unlawful internet behaviour are seen by many of the average public as not being punishable or very rarely caught,” said Mark James, security specialist at ESET. “It is instances like this that should make those involved step up and understand it is a crime to participate in this type of activity, and your anonymity on the web cannot be guaranteed. It’s just a matter of time and resources before you are caught.”

The National Crime Agency says that it is also visiting “approximately 50 addresses” linked to individuals who had accounts on the LizardStresser site, but are not currently thought to have actually launched attacks.

Hopefully when they get an unexpected visit from the police they will feel suitably rattled, and think very carefully before engaging in dubious activity on the internet again.

Author Graham Cluley, We Live Security

Follow us

Copyright © 2016 ESET, All Rights Reserved.