AFTER CAUSING NUMEROUS disruptions to both Playstation Network and Xbox Live over the Christmas period, Lizard Squad, the group behind the attacks, appears to have suffered its own security issues as it attempted to profit from its actions.
At the end of December, Lizard Squad unveiled LizardStresser, a tool that would help people launch DDoS (Distributed Denial of Service) attacks on any website or internet service of their choice.
But security researcher Brian Krebs claims that not only does it rely on hacked home routers to launch its attacks, but its database of users was recently hacked as well.
The tool’s consumer database revealed that more than €9,469 worth of bitcoin were deposited as a way of paying for it. Also, both usernames and passwords were stored in plain text instead of being encrypted.
A copy of the LizardStreser customer database obtained by KerbsOnSecurity shows that it attracted more than 14,241 registered users, but only a few hundred appear to have funded accounts at the service. Interestingly, all registered usernames and passwords were stored in plain text. Also, the database indicates that customers of the service deposited more than $11,000 worth of bitcoins to pay for attacks on thousands of internet addresses and websites (including this one).
As part of LizardStresser, the group charged between $6 and $500 in bitcoin for different levels of DDoS attacks, which led to some claiming that the attacks on Sony and Microsoft during Christmas was a way of advertising this tool.
An 18-year-old male was arrested by police in Southport, north-west England, over cyber attacks on both Playstation Network and Xbox Live.
He was also arrested for ‘swatting’, where knowingly false information is provided to US law enforcement agencies, in this case via Skype, causing them to dispatch SWAT teams to what they believed were major incidences.
To embed this post, copy the code below on your site
have your say