As we had mentioned in our earlier post ‘Gaming the Gamers – DDoS: The Enemy’, anyone receiving a new Xbox One or PlayStation 4 on Christmas morning was likely in for a frustrating first experience with the system, as the PlayStation Network and Xbox Live were both taken down by prolonged distributed denial of service (DDOS) attacks. In addition to that, an 18-year-old UK man had been arrested as part of an investigation into these DDOS attacks that crippled PlayStation and Xbox services over Christmas.
Well, the hacker group Lizard Squad, which claims responsibility for the Xmas blackout on Xbox Live and PSN, has discovered its own network has been hacked.
Lizard Squad’s “boot-for-hire” service was compromised, with more than 14,000 names revealed.
Lizard Squad had achieved their objectives after their devastating attacks on the Christmas morning. They were obviously so pleased with their achievement that they announced their ‘boot-for-hire’ service. Basking in the so called glory of the ultimate success of their so called hacking skills Lizard Squad asked people to nominate any website as they will hack it for them. Of course their services would come for a charge, which is a nominal fee for their so called professionalism.
However, Lizard Sqaud was in for a surprise. Their Stresser tool was itself hacked. An unknown entity drilled through the security layers of Lizard Squad and gained access to the data behind their virtual walls. The hacker who hacked the hackers exposed a list of 14,241 who had already signed up for Lizard Squad’s malicious service of carrying out DDoS attacks on unsuspecting victims who were literally sitting ducks at the mercy of these digital mercenaries. Investigative journalist Brian Krebs obtained a copy of the data dump, and noted that few precautions were taken to protect the identity of customers. “All registered usernames and passwords were stored in plain text,” he wrote on his personal site.
This information sprung up after the local police at English seaside town of Southport arrested an 18 year old hacker. He was detained under suspicion that he was an active member of the Lizard Squad. The suspect is not only involved apparently in that malicious activity but also according to the web site GameSpot he’s also being held on the charges of ‘Swatting’.
This again reiterates the theory that no matter how smart criminals might think they are, eventually they leave a loop hole through which the law enforcement agencies gain their entry and apprehend the perpetrators. This story also contains important lessons for both the initiators and the victims. Especially so to the victims since it stresses the need of professionals who should take care of any potential DDoS attacks for them and safeguard them from mishaps occurring in the future.