The tables have been turned on Lizard Squad, the cyberattack group that shut down the PlayStation Network and Xbox Live on Christmas with a series of DDoS attacks.
Someone hacked the servers for DDoS attack tool Lizard Stresser, gaining access to usernames and passwords for the customers who signed up to get access to the tool. Internet security journalist Brian Krebs said he has obtained a copy of the data.
Members of Lizard Squad claimed in media appearances in late December that attacks against PlayStation Network and Xbox Live were meant as a marketing scheme for Lizard Stresser.
According to KrebsOnSecurity, the registered usernames and passwords for the customers of Lizard Stresser were stored in plain text. Information from the hacked database also shows that $11,000 worth of bitcoins were deposited by customers to pay for attacks against thousands of Web addresses and sites.
DDoS attacks launched by Lizard Squad against Xbox Live and PlayStation Network on Dec. 1 and Dec. 7, respectively, were announced by the cyberattack group as preparation for a Christmas Day assault. Lizard Squad followed through with the threat, bringing down both online gaming networks. The attack against PlayStation Network specifically was severe enough to warrant a rare, official acknowledgement by Sony.
Giving interviews to media outlets, including the Daily Dot, may have stirred up the proverbial hornet’s nest. Lizard Squad claimed that after the launch of Lizard Stresser, members of the cyberattack group would “vanish off back to the caves where we came from.” Investigations by law enforcement, however, aren’t letting them go so easy.
Krebs reported on Thursday that a team of security experts, working in conjunction with law enforcement agencies investigating Lizard Squad, discovered that Lizard Stresser operated via hacked Internet routers, and the infected systems were being taken offline.
A 22-year-old Lizard Squad member Vinnie Omari was arrested by British law enforcement on Dec. 30. Cooperation between British cybercrime units and the FBI led to another arrest on Friday, this time also in conjunction with charges related to “swatting,” or the practice of making false crime reports to get armed police units to invade peoples’ homes.
No one has taken credit for the hack on Lizard Stresser’s servers.