National Crime Agency snares teens who used Lizard Squad DDoS tool

Six teenagers between the ages of 15 and 18 have been arrested in the UK as part of an operation targeting users of LizardStresser, an online tool for attacking websites.

The teens were swept up in “Operation Vivarium,” led by the National Crime Agency (NCA), the UK agency responsible for fighting organized crime and cybercrime.

LizardStresser is a software-as-a-service tool offered by the Lizard Squad hacker gang, a group that gained notoriety for its attacks on Sony and Microsoft on Christmas of 2014.

As we reported back in January of this year, the LizardStresser tool uses thousands of hacked home routers to carry out distributed-denial-of-service (DDoS) attacks, which flood targeted websites with traffic to keep legitimate users from accessing the site.

In a twist of irony, however, the LizardStresser website was itself compromised, revealing details of thousands of the website’s registered users.

NCA said the teens used the DDoS-for-hire tool to attack the websites of a leading national newspaper, a school, gaming companies and a number of online retailers.

The suspects allegedly purchased LizardStresser services using alternative payment methods including bitcoins, in a “bid to remain anonymous.”

The NCA said the arrested teens are not believed to have been members of Lizard Squad.

NCA said it is in the process of interviewing another 50 individuals who registered on the LizardStresser website, but who are not believed to have carried out any attacks.

One-third of those individuals are under the age of 20, and NCA will caution them that DDoS attacks are illegal and carry serious consequences, for the businesses affected and those that attack them.

About 30% of UK businesses report having suffered a DDoS attack in the past year, NCA said.

DDoS attacks can harm businesses while preventing people from accessing information and services.

Tools such as LizardStresser lower the bar for involvement in cybercrime – “wannabe” hackers can pay a small fee for crimeware kits that do most of the work, no deep programming skills needed.

Perhaps that’s why NCA and the court system in the UK seem to be giving warnings rather than hefty prison sentences.

Julius “zeekill” Kivimaki, a 17-year-old who identified himself as a spokesman for Lizard Squad, received a suspended two-year jail sentence despite being convicted of 50,700 computer crime charges.

Tony Adams, Head of Investigations at the NCA’s National Cyber Crime Unit, said the NCA seeks to “engage with those on the fringes of cybercrime,” to convince them to turn their skills to “legitimate careers”:

One of our key priorities is to engage with those on the fringes of cyber criminality, to help them understand the consequences of cybercrime and how they can channel their abilities into productive and lucrative legitimate careers.

The UK’s emphasis on reform over punishment is in stark contrast to the approach taken in the United States, where convicted hackers can expect to serve hard time.

Image of lizard in a cage courtesy of Shutterstock.com.

Leave a Reply