Another Lizard Arrested, Lizard Lair Hacked

By Brian Krebs

Several media outlets are reporting that authorities in the United Kingdom early this morning arrested an 18-year-old in connection with the denial-of-service attacks on Sony Playstation and Microsoft Xbox systems over Christmas. The arrest is one of several tied to a joint U.K. and U.S. law enforcement investigation into a group calling itself the “Lizard Squad,” and comes as the group’s attack-for-hire online service was completely compromised and leaked to investigators.

A BBC story does not name the individual, saying only that the youth was arrested at an address in Southport, near Liverpool, and that he was accused of unauthorized access to computer material and knowingly providing false information to law enforcement agencies in the United States. The notice about the arrest on the Web site of the Southeast Regional Organized Crime Unit states that this individual has been actively involved in several “swatting” incidents — phoning in fake hostage situations or bomb threats to prompt a police raid at a targeted address.

U.K. police declined to publicly name the individual arrested. But according to two sources close to the investigation, the 18-year-old is Jordan Cameron. Known online variously as “Jordie,” “EvilJordie” and “GDKJordie,” Cameron frequently adopts the persona of an African American gang member from Chicago, as evidenced in this (extremely explicit) interview he and other Lizard Squad members gave late last year. Jordie’s Twitter account also speaks volumes, although it hasn’t been saying much for the past 13 hours.

An individual using variations on the “Jordie” nickname was named in this FBI criminal complaint (PDF) from Sept. 2014 as one of three from the U.K. suspected in a string of swatting attacks and bomb threats to schools and universities across the United States in the past year. According to that affidavit, Jordie was a member of a group of males aged 16-18 who called themselves the “ISISGang.”

In one of their most appalling stunts from September 2014, Jordie and his ISIS pals allegedly phoned in a threat to Sandy Hook Elementary — the site of the 2012 school massacre in Newtown, Ct. in which 20 kids and 6 adults were gunned down. According to investigators, the group told the school they were coming to the building with an assault rifle to “kill all your asses.”

In an unrelated development, not long after this publication broke the news that the Lizard Squad’s attack infrastructure is built on a network of thousands of hacked home Internet routers, someone hacked LizardStresser[dot]su, the Web site the group uses to coordinate attacks and sell subscriptions to its attacks-for-hire service. As I noted in a previous story, the attacks on Microsoft and Sony were merely meant to be commercials for this very “stresser” (a.k.a. “booter”) service, which allows paying customers to knock any Web site or individual offline for a small fee.

A copy of the LizardStresser customer database obtained by KrebsOnSecurity shows that it attracted more than 14,241 registered users, but only a few hundred appear to have funded accounts at the service. Interestingly, all registered usernames and passwords were stored in plain text. Also, the database indicates that customers of the service deposited more than USD $11,000 worth of bitcoins to pay for attacks on thousands of Internet addresses and Web sites (including this one).


One page of hundreds of support ticket requests filed by LizardStresser users.

Two other Lizard Squad members also have been rounded up by police since the initial Christmas Day attacks. In late December, U.K. police arrested 22-year-old Vincent “Vinnie” Omari, in connection with the investigation. Additionally, authorities in Finland questioned a 17-year-old named Julius “Ryan/Zeekill” Kivimäki, after he and Omari gave an interview to Sky News about the attacks. Sources say Kivimäki has been arrested and jailed several times in Finland on charges related to credit card theft, although he is currently not in custody.

Sources say the 18-year-old arrested this morning operates only on the fringes of the group responsible for the Christmas day attacks, and that the core members of the Lizard Squad remain at large.

Nevertheless, individuals involved in swatting need to face serious consequences for these potentially deadly stunts. Swatting attacks are not only extremely dangerous, they divert emergency responders away from actual emergencies, and cost taxpayers on average approximately $10,000 (according to the FBI).

In most states, the punishment for calling in a fake hostage situation or bomb threat is a fine and misdemeanor akin to filing a false police report. Having been the victim of a swatting attack myself, allow me to suggest an alternative approach: Treat all of those charged with the crime as an adult, and make the charge attempted murder.

UK cops arrest PSN, Xbox Live DDoS attackers

By Christian Nutt

The UK'S National Crime Agency announced today that it has arrested five teens in connection with Distributed Denial of Service (DDoS) attacks which took down servers for popular online services - including Xbox Live and PlayStation Network, Variety reports.

Another was questioned, but not arrested. For the year, that makes seven arrests against teenagers accused of using Lizard Squad's "Lizard Stresser" DDoS tool, as part of "Operation Vivarium." The group offers the tool for sale, according to the NCA.

The group claimed responsibility for an attack on Sony's PlayStation Network service last year, and reputedly executed attacks on PSN and Xbox Live on Christmas last year.

Attacks like these can have significant effects on developers, as former Game Developer magazine and current indie dev Brandon Sheffield writes in this blog post about the Microsoft and Sony downtime.

Six Nabbed For Using Lizard Squad Attack Tool

By Brian Krebs

Authorities in the United Kingdom this week arrested a half-dozen young males accused of using the Lizard Squad’s Lizard Stresser tool, an online service that allowed paying customers to launch attacks capable of taking Web sites offline for up to eight hours at a time.

The Lizard Stresser came to prominence not long after Christmas Day 2014, when a group of young never-do-wells calling itself the Lizard Squad used the tool to knock offline the Sony Playstation and Microsoft Xbox gaming networks.

As first reported by KrebsOnSecurity on Jan. 9th, the Lizard Stresser drew on Internet bandwidth from hacked home Internet routers around the globe that are protected by little more than factory-default usernames and passwords.

The LizardStresser service was hacked just days after that Jan. 9th story, and disappeared shortly after that.



The Lizard Stresser’s add-on plans. In case it wasn’t clear, this service was *not* sponsored by Brian Krebs as suggested in the screenshot.

“Those arrested are suspected of maliciously deploying Lizard Stresser, having bought the tool using alternative payment services such as Bitcoin in a bid to remain anonymous,” reads a statement from the U.K.’s National Crime Agency (NCA). “Organizations believed to have been targeted by the suspects include a leading national newspaper, a school, gaming companies and a number of online retailers.”

The NCA says investigators also in the process of visiting 50 addresses linked to individuals registered on the Lizard Stresser Website but who haven’t yet carried out any apparent attacks. The agency notes that one-third of those individuals are below the age of 20, and that its knock-and-talk efforts are part of its wider work to address younger people at risk of entering into serious forms of cyber crime.

According to research published this month, the Lizard Stresser had more than 176 paying subscribers who launched more than 15,000 attacks against 3,907 targets in the two months the service was in operation.

For more information about how to beef up the security your Internet router, check out the “Harden Your Hardware” subsection in the post Tools for a Safer PC.

Further reading:

Stress-Testing the Booter Services, Financially

Story Category: DDoS-for-Hire

Finnish Decision is Win for Internet Trolls

Who’s In the Lizard Squad?

Crooks Use Hacked Routers to Aid Cyber-heists

Spam Uses Default Passwords to Hack Routers

Wonder if those guys will be kept offline.