The Christmas Day distributed denial-of-service (DDoS) attacks that took down Sony’s PlayStation Network and Microsoft’s Xbox Live appear to have been a “marketing scheme” for a new DDoS service. According to a report in the Daily Dot Internet news site, the “hacker collective” known as Lizard Squad launched the PlayStation and Xbox attacks to promote its “Lizard Stresser” DDoS tool, which it is offering to other would-be cyber-attackers in packages starting at $ 5.99 per month.
An image posted in the Daily Dot article shows options for eight different monthly service plans, ranging from $ 5.99 for a 100-second DDoS attack to $ 129.99 for a 30,000-second attack. Payable using the cyber-currency bitcoin, some of the plans are also available for a one-time “Lifetime” fee, with a footnote comment that ‘Lifetime is 5 years, the expected lifetime of lizardstresser.”
The Lizard Stresser Web site features registration and login boxes along with a background video featuring statistics about growth in Internet and data center traffic. The video closes with a message: “Those who master these forces become unstoppable.”
FBI Is Investigating
Both Xbox Live and PlayStation Network were unavailable to users for most of Christmas Day due to DDoS attacks, with the Lizard Squad taking responsibility. Both gaming and entertainment services are now back online, although access to some applications remains limited.
We reached out to the Federal Bureau of Investigation to learn more about what it has been doing in the wake of those DDoS attacks. A spokesperson confirmed that the FBI is investigating, adding, “Given the ongoing nature of our work, I’m precluded from commenting further.”
As of Friday, the Lizard Squad was no longer attacking either PlayStation Network or Xbox Live, according to a Twitter feed linked to the organization. A message on the Lizard Stresser site promoted the DDoS tool as a booter “famous for taking down some of the world’s largest gaming networks.”
Not ‘Sophisticated’ Hackers
As the Daily Dot article noted, the Lizard Squad is “not the first to set up a commercial DDoS service. Dozens of similar services, known as ‘rental booters,’ are publicly for sale on hacking forums.”
Members of the Lizard Squad “want very much to be recognized for their actions,” Cyber security writer Brian Krebs said Monday in a blog post. After describing two self-identified members who have been interviewed by BBC Radio and Sky News — a 22-year-old UK national and a 16-year-old Finn — Krebs added it should be clear that “the Lizard Squad is not some sophisticated hacker group.”
Krebs concluded: “The Lizard Squad’s monocle-wearing mascot shows them to be little more than a group of fame-seeking kids who desperately aspire to be like LulzSec, a similarly minded gang whose core members were busted and went to jail. With any luck, these kids will get their wish soon enough.”