Readers like you keep news free for everyone.

More than 5,000 readers have already pitched in to keep free access to The Journal.

For the price of one cup of coffee each week you can help keep paywalls away.

Support us today
Not now

The group that brought PSN/Xbox Live down gets a taste of its own medicine

Both usernames and passwords of those using Lizard Squad’s tool LizardStresser, a tool which allowed anyone to launch their own DDoS attack, were exposed after it was allegedly hacked.

Playstation Network suffered downtime after Lizard Squad launched a DDoS attack on it during Christmas.
Playstation Network suffered downtime after Lizard Squad launched a DDoS attack on it during Christmas.
Image: AP Photo/Shizuo Kambayashi

AFTER CAUSING NUMEROUS disruptions to both Playstation Network and Xbox Live over the Christmas period, Lizard Squad, the group behind the attacks, appears to have suffered its own security issues as it attempted to profit from its actions.

At the end of December, Lizard Squad unveiled LizardStresser, a tool that would help people launch DDoS (Distributed Denial of Service) attacks on any website or internet service of their choice.

But security researcher Brian Krebs claims that not only does it rely on hacked home routers to launch its attacks, but its database of users was recently hacked as well.

The tool’s consumer database revealed that more than €9,469 worth of bitcoin were deposited as a way of paying for it. Also, both usernames and passwords were stored in plain text instead of being encrypted.

A copy of the LizardStreser customer database obtained by KerbsOnSecurity shows that it attracted more than 14,241 registered users, but only a few hundred appear to have funded accounts at the service. Interestingly, all registered usernames and passwords were stored in plain text. Also, the database indicates that customers of the service deposited more than $11,000 worth of bitcoins to pay for attacks on thousands of internet addresses and websites (including this one).

As part of LizardStresser, the group charged between $6 and $500 in bitcoin for different levels of DDoS attacks, which led to some claiming that the attacks on Sony and Microsoft during Christmas was a way of advertising this tool.

An 18-year-old male was arrested by police in Southport, north-west England, over cyber attacks on both Playstation Network and Xbox Live.

Making a difference

A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article.

Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

For the price of one cup of coffee each week you can make sure we can keep reliable, meaningful news open to everyone regardless of their ability to pay.

He was also arrested for ‘swatting’, where knowingly false information is provided to US law enforcement agencies, in this case via Skype, causing them to dispatch SWAT teams to what they believed were major incidences.

Read: Microsoft’s latest patent could remove one of the most annoying problems in cinema >

Read: Teenager arrested for Xbox and Playstation Christmas attacks >

About the author:

Quinton O'Reilly

Read next: