The U.K.’s National Crime Agency (NCA) arrested six teenagers for allegedly using a Distributed Denial of Service (DDoS) tool to disable websites. DDoS attacks flood servers or websites with massive amounts of data, making them inaccessible to users. The NCA coordinated the investigation, Operation Vivarium, with assistance from officers from various police forces.
The suspects deployed Lizard Stresser, which they purchased using alternative payment services such as bitcoin to remain anonymous. The suspects targeted a leading national newspaper, a school, gaming companies and some online retailers.
Victims: Amazon, Microsoft and Sony
The companies hacked included Amazon.com Inc., Microsoft Corp. and Sony Corp., Bloomberg reported. The NCA did not name the targeted websites, but an online database identified Amazon, Microsoft and Sony as targets. The agency did not say whether the attacks were successful. Sony and Amazon did not immediately respond to Bloomberg seeking comment while Microsoft declined to comment.
“By paying a comparatively small fee, tools like Lizard Stresser can cripple businesses financially and deprive people of access to important information and public services,” said Tony Adams, head of investigations at the NCA’s National Cyber Crime Unit.
This multi-agency operation illustrates the commitment of the NCA and its partners to pursuing people who think they can criminally disrupt important public services or legitimate businesses.
“One of our key priorities is to engage with those on the fringes of cyber criminality, to help them understand the consequences of cyber crime and how they can channel their abilities into productive and lucrative legitimate careers,” Adams said.
Lizard Squad disabled Microsoft Xbox and Sony PlayStation networks on Christmas day, according to The Daily Dot. Shortly after that, Lizard Squad released its Lizard Stresser service. After the DDoS service went live, someone leaked the internal database which contained Lizard Stresser users’ unencrypted usernames and passwords.
Authorities Used Database Leak
A Lizard Squad member said the leak was intentional; the hacker, using the alias of AntiChrist, told the Daily Dot: “The first one had cleartext (passwords) on purpose so we could steal people’s accounts, twitters, etc.” AntiChirst said that he assumed U.K. authorities used the leaked database to catch the teenagers.
“With the leaked database they just looked at the emails of the people,” AntiChirst said. “Usually kids using stressers don’t bother to hide themselves. I’m surprised they even did this, what a waste of taxpayer money lol.”
The warrants executed included: a 17-year-old from Manchester; an 18-year-old-from Huddersfield; An 18-year-old-from Milton Keynes; an 18-year-old from Manchester; a 16-year-old from Northampton; and a 15-year-old male from Stockport.
Police also visited about 50 addresses linked to individuals registered on the Lizard Stresser website, but not believed to have carried out attacks.
Featured image from Shutterstock.