#Open journalism No news is bad news

Your contributions will help us continue to deliver the stories that are important to you

Support The Journal
Dublin: 10°C Saturday 16 January 2021

The group that brought PSN/Xbox Live down gets a taste of its own medicine

Both usernames and passwords of those using Lizard Squad’s tool LizardStresser, a tool which allowed anyone to launch their own DDoS attack, were exposed after it was allegedly hacked.

Playstation Network suffered downtime after Lizard Squad launched a DDoS attack on it during Christmas.
Playstation Network suffered downtime after Lizard Squad launched a DDoS attack on it during Christmas.
Image: AP Photo/Shizuo Kambayashi

AFTER CAUSING NUMEROUS disruptions to both Playstation Network and Xbox Live over the Christmas period, Lizard Squad, the group behind the attacks, appears to have suffered its own security issues as it attempted to profit from its actions.

At the end of December, Lizard Squad unveiled LizardStresser, a tool that would help people launch DDoS (Distributed Denial of Service) attacks on any website or internet service of their choice.

But security researcher Brian Krebs claims that not only does it rely on hacked home routers to launch its attacks, but its database of users was recently hacked as well.

The tool’s consumer database revealed that more than €9,469 worth of bitcoin were deposited as a way of paying for it. Also, both usernames and passwords were stored in plain text instead of being encrypted.

A copy of the LizardStreser customer database obtained by KerbsOnSecurity shows that it attracted more than 14,241 registered users, but only a few hundred appear to have funded accounts at the service. Interestingly, all registered usernames and passwords were stored in plain text. Also, the database indicates that customers of the service deposited more than $11,000 worth of bitcoins to pay for attacks on thousands of internet addresses and websites (including this one).

As part of LizardStresser, the group charged between $6 and $500 in bitcoin for different levels of DDoS attacks, which led to some claiming that the attacks on Sony and Microsoft during Christmas was a way of advertising this tool.

An 18-year-old male was arrested by police in Southport, north-west England, over cyber attacks on both Playstation Network and Xbox Live.

He was also arrested for ‘swatting’, where knowingly false information is provided to US law enforcement agencies, in this case via Skype, causing them to dispatch SWAT teams to what they believed were major incidences.

Read: Microsoft’s latest patent could remove one of the most annoying problems in cinema >

Read: Teenager arrested for Xbox and Playstation Christmas attacks >

About the author:

Quinton O'Reilly

Read next:


This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
write a comment

    Leave a commentcancel