Lizard Squad failed to encrypt its database of LizardStresser’s registered users – storing details of their usernames and passwords in plaintext. A schoolboy error if ever I heard one.
Oh, the irony…
Remember, Lizard Squad the hackers who took down the XBox Live and PlayStation Networks at Christmas, in what they claimed was a publicity stunt for their DDoS-for-hire service?
Well now, in an act of supreme irony worthy of a singalong from Alanis Morissette, Lizard Squad has been hacked itself.
Oh dear. What a shame. Couldn’t happen to a nicer bunch of fellows…
As Brian Krebs reports, the gang’s LizardStresser DDoS-on-demand service – powered by thousands of hacked residential internet routers – has been “completely compromised” and details of over 14,000 users passed to the authorities.
Astonishingly, it appears that the Lizard Squad failed to encrypt its database of registered users – but instead stored details of their usernames and passwords in plaintext. A schoolboy error if ever I heard one.
As I said at the end of last year, the authorities are likely to take a dim view of anyone purchasing the services of the Lizard Squad to launch a denial-of-service attack against a website or internet service.
I wonder what LizardStresser’s users, who apparently have paid Lizard Squad the tidy sum of $11,000 in bitcoins to launch attacks so far, will think of their details now being in the hands of law enforcement agencies like the FBI?
Lizard Squad hasn’t been having a great time of it since their yuletide antics against video game fans.
Firstly, police in the UK arrested 22-year-old Vinnie Omari, a suspected member of the gang who perhaps made the unwise move of offering his expert advice about the Lizard Squad in an on-screen TV interview. Omari has since been bailed until March.
Then it was revealed that Finnish police had questioned another suspected member of the Lizard Squad gang – Julius Kivimäki. Like Omari, Kivimäki hadn’t been shy about courting the media’s attention.
And last Friday, British police announced that they had arrested an 18-year-old man in Southport in connection with the denial-of-service attacks against PlayStation Network and XBox Live.
An 18-year-old man was arrested this morning (16/1) in Boundary Street, Southport on under the Computer Misuse Act 1990 #DDOS #xboxlivedown
— SEROCU (@SouthEastROCU) January 16, 2015
According to a BBC news report, the latest arrest was the result of a joint investigation between British law enforcement agencies and the FBI. The man has now been bailed until May.
It would be a mistake to think, however, that the police action seen so far necessarily spells the end for Lizard Squad’s antics.
The group’s Twitter feed, for instance, remains as vocal as ever – even going so far as to mimic the final tweet posted by Jake “Topiary” Davis, the spokesperson of the busted Lulzsec hacking gang, before his arrest in 2011.