Cold Blooded! Lizard Squad’s ‘LizardStresser’ DDoS Service Reportedly Hacked

It's starting to look like the Lizard Squad saga is slowly reaching its conclusion, as UK police recently arrested another person with direct ties to the group. That development, however, isn't too interesting today; everything now coming out as a result is quite revealing.

Security researcher Brian Krebs has been following Lizard Squad's antics intimately since they began, which has led the group to target much angst against him (though mostly via comments about the size of his forehead). It's a little appropriate, then, that Krebs is the one who gets to break the news about the shoddy construction of the group's DDoS-for-hire service.

Not long after the public launch of this service, Krebs' research revealed just how amateur it is. For example, poor security allowed him to find out way more about the service than you'd really expect, including the fact that most of its source code was copied over from another service with similar goals. DDoSing isn't difficult, so Lizard Squad never had a reason to brag there, but now it appears the group couldn't even reliably run its own website. But, it gets better.

Lizard Squad DDoS Customer Service
Customer service records pulled from Lizard Squad's DDoS-for-hire service

Every single username and password stored in the site's database was in plaintext. Even the simplest Web services nowadays automatically employ encryption on at least user passwords, yet this service, which was to be used for nefarious means failed to employ it. That is a real eye-opener to the unskilled nature of Lizard Squad's members.

We're not entirely sure who was arrested the other day, but he goes by various nicknames that include "Jordie". Apparently, this same Jordie has been investigated for a while for their involvement in "swatting" - calling in raids on unsuspecting and undeserving people. And before you think that this might have been carried out against its enemies, the reality is far more evil. This past September, a swatting was called in at Sandy Hook Elementary, the location of a 2012 school massacre. On the phone, the group said that it was coming to the school to "kill all your asses."

Clearly, the world will lose very little to have people like this taken off of the street, but it might take a while to see how this is all going to play out. In December, UK police arrested someone else associated with Lizard Squad, and it seems likely that other potential members are currently being investigated as well.

However this plays out, it won't do so quickly enough.

Tags:  security, DDoS