Pierluigi Paganini
January 19, 2015
Last week the another alleged member of the popular Lizard Squad was arrested by UK authorities, the British Police in collaboration with the FBI identified a 18-year-old boy that is suspected to have participated to the to the DDoS attacks on the PlayStation Network and Xbox Live services.
The Lizard Squad was advertising a DDoS hacking tool, Lizard Stresser, that the team was offering for rent to its customers. The Lizard Stresser tool is a powerful DDoS tool that draws on Internet bandwidth from hacked home Internet routers worldwide.
Now is circulating on the Internet the database of customers for the Lizard Stresser, the entire archive containing the list of clients of the Lizard Squad. The experts believe that the DDoS-for-hire service has been breached, and bad actors leaked online details on more than 14,241 users.on more than 14,241 users.
The popular security experts Brian Krebs, who analyzed the archive, discovered that customers’ data were stored in plain text, and that clients have deposited nearly $11,000 in Bitcoins to run DDoS attacks on thousands of Internet addresses.
“In an unrelated development, not long after this publication broke the news that the Lizard Squad’s attack infrastructure is built on a network of thousands of hacked home Internet routers, someone hacked LizardStresser[dot]su, the Web site the group uses to coordinate attacks and sell subscriptions to its attacks-for-hire service. As I noted in a previous story, the attacks on Microsoft and Sony were merely meant to be commercials for this very “stresser” (a.k.a. “booter”) service, which allows paying customers to knock any Web site or individual offline for a small fee.” wrote Krebs.
Brian Krebs speculated that the attack on Sony PSN network and Xbox Live service allowed Lizard Squad to promote LizardStresser Stresser, but the data breach could have definitely compromised the business of the hacking crew.
(Security Affairs – LizardStresser , data breach)
