Lizard Squad, the hacking group responsible for the DDoS attacks that brought down both the PlayStation Network and Xbox Live on Christmas Day, recently created a tool that allowed users to perform DDoS attacks of their own. Unfortunately for these users, a database of their usernames and passwords has now been hacked and leaked online, a welcome twist of fate that now puts these users at as much of a risk as the sites they attempted to take down.
The DDoS tool, dubbed the Lizard Stresser, reportedly allowed users to pay to take down certain websites. However, Lizard Squad stored the information of its 14,241 registered users in easy-to-access plain text documents, which have now been obtained by KrebsonSecurity.
This has also been followed up by the news that an 18-year-old working with the Lizard Squad has allegedly been arrested in Southport, UK, for unauthorized access to computer material and providing false information to law authorities in the US. Though the subject hasn’t been named officially, online sources are claiming that he is Jordan Cameron, who operates under the pseudonyms “Jordie,” “EvilJordie” and “GDKJordie” online.
The plain text documents that were leaked reveal that although Lizard Stresser’s 14,241 users didn’t all pay to have sites taken down, $11,000 worth of Bitcoins were received by Lizard Squad from those who did use the tool. Regardless, all of the tool’s subscribed members have had their information leaked, so if you signed up to an account out of morbid curiosity, then looks like you’ll have to make smarter decisions in the future and not entrust a known hacking group with your personal information.
Responding to the reported arrests, Lizard Squad appears to have remained defiant, tweeting: “You can’t arrest a lizard,” followed by: “What am I saying, you greasy nerds don’t even know what a lizard looks like.” They also seem to doubt that they’d be severely punished for their crimes, saying: “The punishment for everything we’ve ever done would be at most 1 week in a nice hotel-like prison with a gym, pool, etc.”
It remains to be seen what will become of the Lizard Stresser, or if the individuals that have been arrested were in fact affiliated with the Lizard Squad. It’s unlikely that the hacking group will reveal the truth of the matter, though.