On the 25th of December 2014 a self proclaimed hacker collective called “Lizard Squad” launched a DDoS attack on the Xbox Live and Playstation Network. Earlier in December 2014 Steam was hit by the same collective. Rumors has it that they intended to also hit the Nintendo network striking out pretty much the biggest gaming networks in just one month. In an interview by Winbeta “Lizard Squad” mentioned they did it for the laughs and also in order to prove that said services was vulnerable and to show the true colors of the companies behind these services – hinting at their greedy nature. The collective also made a statement that people should spend more time with their family instead of gaming.
Brian Krebs wrote some blog entries about the “Lizard Squad”. It makes a pretty interesting read. In his blog post “Who’s in the Lizard Squad” Brian names a few suspects based on a BBC interview from the 26th of December. This interviews features two members. Brian names the second member as the 22-year-old United Kingdom based “Security Analyst” Vinnie Omar. This Vinnie was also featured in an an on-camera-interview on the 27th of December where he discuss Lizard Squad and their supposed feud with a rival hacker gang. Later news reports that Vinne Omar has been arrested in the United Kingdom.
The same blog post by Brian Krebs goes on to name another suspect, a Finnish teenager named Julius Kivimäki. Julius was featured in an on-camera-interview by Sky News made on the 27th of December. According to Krebs Julius wasn’t exactly unknown in the industry. Back in October 2013 he was arrested on suspicion of running a huge botnet. Supposedly a stack of 3000 stolen credit cards were found in his possession. Googling Julius Kivimäki and his alter egos (Zee,” “Zeekill,” and “Ry|an”) yields much interesting information in form of a dox and it seems that Julius did not exactly try to hide his cover.
In a second blog post Brian Krebs goes on to reveal more interesting information about the group. It appears that they now have their own DDoS for hire tool disguised as a network stressing tool. Apparently they are trying to cash in on their activities. It seems a bit primitive compared to industry tools – but a primitive tool can do damage too I suppose (example LOIC). In order to market this tool they’ve set up a website registered to one Australian teenager using the nickname “abdilo“. It may very well be that “he” is the third member of “Lizard Group” or just a “straw man” used for such purposes as registering shady websites.
From what I’ve read about this case, there are some things that feels unreal. First, it seems like the criminals didn’t try hide their cover very much. From the blog posts mentioned above we see them admitting and talk about their actions and motives. In my mind, it isn’t a very good strategic move to keep yourself out of jail. Secondly, Brian Krebs were naming them pretty fast. I know that Brian Krebs has access to more juicy information and has tons of experience in this field. But still. It kinda feels like someone is trying to impress to get access to somewhere. Or it may just be another case of suicide hacking.
Compared to recent hacking attempts in Norway done by teenagers we see the same surreal setting. Back in 2012 a group called DotNetFuckers were DDoS-ing several major Norwegian websites. After a short while this group got doxxed and it came apparent that the members where teenagers. Even before that, when the government voted in favor of implementing the European Union’s Data Retention Directive, a branch of Anonymous Norge/Norway DDoS-ed the websites of political parties voting in favor. In the DotNetFuckers case Anonymous Norge/Norway got irritated and started to dig deeper into the matter and soon found the culprits. In the latter example, it wasn’t actually hard to get information about the attack since they were discussing it openly on a semi open discussion forum/chat service. And the brawl that came out of it kinda gave them away and it resulted in this. From these two examples we see that not keeping things under a closed lid is kind of normal.
Thinking back when I was a teenager and the Internet was very young I can somehow relate to not keeping things secret. Back then few had access to the Internet and information was somewhat hard to find. It was somehow easier than going to the library. Anyways, during high school during networking class we tormented each other using NetBus, Sub7 and Back Orifice. We rooted our NT4 server and workstations in our sandboxed environment. Trojans weren’t part of the curriculum and we thought our teacher didn’t know about these tools. And we were wrong. He did know all along and made sure to pass instructions to the IT department in order to improve security. Thinking back, what on earth were we thinking? We talked openly about it in class and in the lunch break. Toying with trojans made us feel special – that we had some sort of power. Maybe this feeling is what motivates the young people, even today?