The teens targeted a “leading national newspaper, a school, gaming companies and a number of online retailers,” according to the U.K.’s National Crime Agency.
A DDoS attack is a common technique that overloads servers with data requests, eventually rendering the server unavailable.
Lizard Squad released the LizardStresser service shortly after the group carried out attacks that took down Xbox Live and the PlayStation Network on Christmas Day last year. Shortly after it went live, someone leaked the first iteration of its internal database, which included the unencrypted usernames and passwords of LizardStresser users.
This was intentional, according to a hacker using the pseudonym AntiChrist, who helped developed Lizard Stresser and is an active member of Lizard Squad.
“The first one had cleartext [passwords] on purpose,” AntiChrist told the Daily Dot. “So we could steal people’s accounts, twitters etc. The original lizard stresser was meant to fuck n—-s over.”
AntiChirst said that he assumed U.K. authorities used the leaked database to catch the teenagers.
“With the leaked database they just looked at the emails of the people,” AntiChirst said. “Usually kids using stressers don’t bother to hide themselves. I’m surprised they even did this, what a waste of taxpayer money lol.”
The arrests are part of a National Crime Agency effort codenamed Operation Vivarium. U.K. law enforcement officers will also visit 50 individuals who are registered on the Lizard Stresser website “but who are not currently believed to have carried out attacks.”
— National Crime Agency (NCA) (@NCA_UK) August 28, 2015
Officers will inform the individuals that DDoS attacks are illegal and that “cyber crime can result in severe restrictions on their freedom, access to the internet, digital devices and future career prospects.”
“By paying a comparatively small fee, tools like Lizard Stresser can cripple businesses financially and deprive people of access to important information and public services,” Tony Adams, the head of the NCA’s cyber crime unit, said in a statement.
Authorities in Finland recently convicted Lizard Squad hacker Julius “zeekill” Kivimaki of more than 50,000 counts of hacking. He received a two year suspended prison sentence.
An FBI investigation into Lizard Squad remains underway.
Photo via Hugo A. Quintero G./Flickr (CC BY 2.0)