Signe Brewster  Dec. 26, 2014 Christmas Day gamers ran into problems connecting their Xbox or Playstation to the internet thanks to a denial of service attack, and the hackers that have claimed credit are now naming a new target: online anonymity software Tor.
A group operating under the name “Lizard Squad” posted a series of tweets today about a planned zero-day attack, which target unnoticed weaknesses. In this case, that appears to be taking over the majority of Tor’s nodes: a series of points through which data sent over the Tor network travels. Tor protects users’ identities with these nodes, which obscure the origin of any data. Lizard Squad’s thought is if it controls enough of the nodes, information will no longer be anonymized.
 
Full Article

A gaggle of young misfits that has long tried to silence this Web site now is taking credit for preventing millions of users from playing Sony Playstation and Microsoft Xbox Livegames this holiday season.
The group, which calls itself LizardSquad, started attacking the gaming networks on or around Christmas Day. Various statements posted by self-described LizardSquad members on their open online chat forum — chat.lizardpatrol.com — suggest that these misguided individuals launched the attack for no other reason than because they thought it would be amusing to annoy and disappoint people who received new Xbox and Playstation consoles as holiday.gifts.
Such assaults, known as distributed denial-of-service (DDoS) attacks — harness the Internet connectivity of many hacked or misconfigured systems so that those systems are forced to simultaneously flood a target network with junk internet traffic. The goal, of course, is to prevent legitimate visitors from being able to load the site or or use the service under attack.
It’s unfortunate that some companies which specialize in DDoS protection services have chosen to promote their products by categorizing these latest attacks as “herculean” and “sophisticated;” these adjectives describe neither the attackers nor their attacks. The sad truth is that these attacks take advantage of compromised and misconfigured systems online, and there are tens of millions of these systems that can be freely leveraged to launch such attacks. What’s more, the tools and instructions for launching such assaults are widely available
 
full article

28 Dec 2014 at 12:30, Kelly Fiveash
 
Sony has blamed distributed-denial-of-service (DDoS) attackers for causing PlayStation's network to go titsup on Christmas Day.
The Japanese company struggled for three days to restore services, following an assault on its PSN login system.
 
Microsoft's Xbox Live also suffered a DDoS attack on 25 December. But that service recovered not long after rotund file-sharing baron Kim Dotcom apparently convinced the wrongdoers to stop disrupting the services.
 
full article
 

A UK man has been arrested as part of an investigation into denial-of-service attacks on Sony Playstation and Xbox systems over Christmas.
 
The 18-year-old was arrested at an address in Southport, near Liverpool.
He is accused of unauthorised access to computer material and knowingly providing false information to law enforcement agencies in the US.
 
The investigation was a joint operation between UK cybercrime units and the Federal Bureau of Investigation (FBI).
Microsoft and Sony were attacked on Christmas Day, making it difficult for users to log on. The distributed-denial-of-service attack - which floods servers causing them to stop working - caused major disruptions.
 
Full Article

Jamie Condliffe   16th January 2016
 
Britain's South East Regional Organised Crime Unit has arrested an 18-year-old man over the denial of service attacks waged on Sony Playstation and Xbox systems over Christmas.
The Crime Unit has been working closely with the FBI to identify the offender, ultimately resulting in the arrest of the man from Boundary Street in Southport, UK, just this morning. He's charged on suspicion of unauthorised access to computer material, unauthorised access with intent to commit further offences and threats to kill. Police seized "a number" of electronic and digital devices from the property, which will now be examined by cyber forensics teams.
 
Full Article

A great and in depth account by Brian Krebs on the arrest and the antics of the Lizard Squad.
 
16th January 2015
 
EXCERPT.
 
In one of their most appalling stunts from September 2014, Jordie and his ISIS pals allegedly phoned in a threat to Sandy Hook Elementary — the site of the 2012 school massacre in Newtown, Ct. in which 20 kids and 6 adults were gunned down. According to investigators, the group told the school they were coming to the building with an assault rifle to “kill all your asses.”
 
Full Article
 
 

Site won't load - he must be getting DDOSed again by the rest of the squad 🙂

I checked the link for the Krebs site itself and no luck, the Lizard Squad are not too keen on him ;)
 
Try it again now Nic, it is back.

Database of Lizard Stresser Tool clients leaked, more than 14241 users leaked

 
The hack on Lizardstesser(.)su was reported by Brian Krebs of Krebs On Security. According to Brian, someone hacked LizardStresser[dot]su, the Web site the group uses to coordinate attacks and sell subscriptions to its attacks-for-hire service.
A copy of the LizardStresser customer database obtained by KrebsOnSecurity shows that it attracted more than 14,241 registered users during its first month of operation.  Though Brian says that only a few of those may be using the rent-a-tool.
 
Full Article
 

Posted on 19 January 2015.The hacker group that calls itself the "Lizard Squad" has received another serious blow: LizardStresser(dot)su, the website where customers go to rent their DDoS service powered by a botnet of mostly home routers, has been hacked by and its customer database stolen by an unknown attacker.

Brian Krebs managed to get his hands on the database, which revealed that the Lizard Squad didn't think about keeping that information secure. Usernames and passwords used by the 14,241 registered users were stored in plain text, and could lead law enforcement to their real-world identities. full article

Ars analyzes the database contents from LizardSquad's hacked "stresser" site.

by Sean Gallagher - Jan 20 2015
 
http://cdn.arstechnica.net/wp-content/uploads/2015/01/lstress2-640x420.png LizardStresser's terms of service includes a privacy policy, DMCA protection, and is governed by the laws of the State of Chicago. Rahm Emanuel just got promoted to governor. A leaked database from a hacked denial-of-service site has provided some insight on what sorts of targets individuals will pay to knock offline for a few dollars or bitcoin. And it's safe to say that a significant percentage of them are not the brightest stars in the sky. To get an idea of who would use such a service and for what purposes, Ars analyzed the data from a recently-hacked DDoS for hire site: LizardSquad's LizardStresser.
"Booter" or "stresser" sites offer users the ability to pay for distributed denial of service attacks against a target, and these sites promise to try to disguise the nature of the attack with the fig leaf of being legitimate load testing sites. That wasn't so much the case with LizardStresser, the botnet-for-hire set up by the distributed denial of service crew known as LizardSquad. The group used its Christmas week DDoS attacks on Microsoft's Xbox Live network and Sony's Playstation Network as a form of advertising for the new service.
 
Full Article

 

• By Alan Buckingham

The past few weeks have not been kind to hacking group Lizard Squad. They've managed toraise the ire of the last possible group of folks you'd wish to anger -- Anonymous. The organization is also experiencing arrests of its members, thanks to poor procedures put in place for identity protection. But the latest blow may come as poetic justice to many people.
The loosely-knit hacker communicative has been trying to sell its wares online -- namely DDoS for hire services. Unfortunately for it, and rather fortunately for the rest of us, the offering has been hacked. According to multiple reports LizardStresser.su was compromised.
 
 
full article