Skip to content

OPLIN 4cast #421: Inside the Dark Side

Posted in 4cast

lizardThree months ago we posted a 4cast about the availability of cheap Distributed Denial of Service (DDoS) attacks on the Internet, mentioning as well that OPLIN has a system in place to protect libraries from such attacks. Over the Christmas holidays, DDoS attacks on the Xbox Live and PlayStation networks got a lot of attention in the media, and shortly after that the “Lizard Squad” group that claimed credit for those attacks announced the availability of their own inexpensive DDoS service for hire. Now, thanks in large part to security researcher Brian Krebs, that service is falling apart and providing an interesting glimpse into the dark side of the Internet.

  • Lizard kids: A long trail of fail (Krebs on Security | Brian Krebs)  “The Lizard kids only ceased their attack against Sony’s Playstation and Microsoft’s Xbox Live networks last week after MegaUpload founder Kim Dotcom offered the group $300,000 worth of vouchers for his service in exchange for ending the assault. And in a development probably that shocks no one, the gang’s members cynically told Dailydot that both attacks were just elaborate commercials for and a run-up to this DDoS-for-hire offering. The group is advertising the new ‘booter service’ via its Twitter account, which has some 132,000+ followers. Subscriptions range from $5.99 per month for the ability to knock a target offline for 100 seconds at a time, to $129.99 monthly for DDoS attacks lasting more than eight hours.”
  • A hacked DDoS-on-demand site offers a look into mind of “booter” users (Ars Technica | Sean Gallagher)  “Things have not gone all that well for LizardSquad since the launch of LizardStresser. Shortly after the service—which uses a botnet of hacked home and institutional routers—was launched, members of LizardSquad started getting arrested. Last week the LizardStresser server was hacked, and its database was dumped and posted to Mega by the former operator of the darknet ‘doxing’ site Doxbin. As a result, the usernames and passwords of LizardSquad’s ‘customers,’ along with logs of the Internet addresses that had been attacked by the router botnet, were laid bare for everyone to see.”
  • Xbox Live destroyers Lizard Squad facing backlash in underground hacker wars (Forbes | Thomas Fox-Brewster)  “Investigative journalist Brian Krebs broke the news that the Lizard Stresser Distributed Denial of Service (DDoS) offering, which lets people pay for website takedowns and which the Christmas attacks were supposed to advertise, was breached and the customer database leaked. Forbes has obtained a copy of what appears to be a leaked Lizard Stresser database, though it differs from the one Krebs posted a screenshot of (incredibly, Lizard Squad has been making DMCA requests for links to the leaks to be taken down from Kim Dotcom’s Mega storage service). The link came courtesy of one of the more talkative dark web denizens who goes by the name of ‘nachash’, who once ran the controversial Doxbin site, where personal details of select individuals were posted on the anonymising Tor network.”
  • Lizard Squad’s LizardStresser hacked and customer details made public (The Guardian | Stuart Dredge)  “The news follows several arrests made as police investigate the original PlayStation Network and Xbox Live attacks. On 31 December, a 22 year-old man from Twickenham was arrested by the South East Regional Organised Crime Unit (SEROCU) on suspicion of fraud by false representation and Computer Misuse Act offences, before being released on bail until 10 March. Then, on 16 January, an 18 year-old man was arrested in Southport on suspicion of unauthorised access to computer material, unauthorised access with intent to commit further offences, and threats to kill.”

Articles from Ohio Web Library: