When Hackers Get Hacked: Lizard Stresser Users Revealed


Lizard Squad, the “group” of “hackers” claimed responsibility for taking down online services for Xbox and PlayStation around Christmas. The attacks lasted for a few days, and absolutely hurt both companies and annoyed many gamers who couldn’t play the games they received as gifts. Adding insult to injury, Lizard Squad set up a website to allow anyone to pay to use its software for DDoS attacks on other sites. They collected more than $11,000 worth of bitcoin at the time.

DDoS, or distributed denial of service, attacks are essentially a way of shutting down a website or service by flooding it with pings. For a visual metaphor, imagine everyone trying to enter a store on Black Friday. If people entered one at a time, things would work fine and orderly, but when thousands of people try to fill every line and get in on every door, nothing works well, and that’s pretty much what a DDoS attack is: clogging servers with fake traffic and maxing out their resources.  They’re in a legal grey area and some would defend it as freedom of speech (Anonymous filed a failed petition to have it classified as protected free speech).  Others have been prosecuted under the Computer Fraud and Abuse Act.  They rented out capacity on existing botnets and/or used published exploits to build their own botnet.  That’s why I refer to Lizard Squad as “hackers”.

By selling access to the software, Lizard Squad would allow anyone with a vendetta and money to take down a specific site. However, this “for the lulz” attitude and site opened Lizard Squad up to some attacks. One journalist, Brian Krebs broke the news: the database of users on the Lizard Squad tool had been compromised, revealing the names of 14,241 people who had signed up. This includes usernames and passwords.

For a group that seems to revel in bashing the security of other companies, the fact that they left themselves so open is just stunning. The passwords and usernames were saved as plain text documents, and only a minor script was needed to find all the needed information. This is very telling of the level of skill in Lizard Squad. It’s also why they often don’t get respect from security professionals. Their notoriety is only because of how loud they are, and the profile of who they have attacked via DDoS.

There have been several minor arrests of Lizard Squad members, but the consensus appears to be that those arrested are only fringe members, and the core group remains at large. The fact that the main members have yet to be tracked down only adds to the notoriety of the group, and I wonder if we will ever actually be able to find their names, and how much damage Lizard Squad will be able to do before they are all finally caught. Is Lizard Squad an actual group, or is it an idea?

About Stephen Crane

Stephen was hooked by the NES at a very young age and never looked back. He games on a daily basis and is currently trying to climb his way up the ranked ladder on League of Legends! Outside of the video game world he actually likes running and owns a rapidly growing collection of toed shoes. Stephen Crane is the owner of Armed Gamer.

Recommended for you