Six teenagers from the United Kingdom have been arrested and released on bail for launching a number of cyber attacks against websites with the help of Lizard Squad’s DDoS tool, known as Lizard Stresser, an online DDos-for-hire service.
Lizard Squad, the hacking team behind the tool is infamous for knocking some of the worlds largest gaming networking offline, including PlayStation Network and Xbox live, where the group launched a series of massive Distributed Denial of Service (DDoS) Attacks forcing them offline for days at a time.
Hackers setup a domain that lets customers use their DDoS-for-hire tool by themselves, allowing customers to launch large DDoS attacks just as the group does. The tool may not hold the power to knock the Xbox network offline, as customers only have access to a portion of attack servers, however the tool is still extremely powerful.
A report on Krebs on Security uncovered that the Lizard Stresser tool leverages bandwidth from hacked home routers, allowing the service to abuse infected computers, making attacks much harder to mitigate as they are not coming from a single attack point.
The six teens were arrested by the National Crime Agency (NCA) and were accused of using Lizard Stresser to launch a service of DDoS attacks against a school, a national newspaper, gaming corporations and a number of online retailers.
According to the agency, law enforcement officials do not believe any of the teenagers are connected or affiliated with the Lizard Squad hacking group, nor do any of them have any past or present connections with group members.
“Those arrested are suspected of maliciously deploying Lizard Stresser, having bought the tool using alternative payment services such as Bitcoin in a bid to remain anonymous,” reads a statement from the the U.K.’s NCA. “Organisations believed to have been targeted by the suspects include a leading national newspaper, a school, gaming companies and a number of online retailers.”
Teens presumably hoped to keep their identity anonymous by paying for the subscription to the DDoS tool through alternate payment methods, however it seems they did not. Authorities have yet to release any information on how they tracked down the teens and arrested them.
In light of the arrests, Tony Adams, the senior head of investigations for the NCA’s National Cyber Crime Unit said:
“By paying a comparatively small fee, tools like Lizard Stresser can cripple businesses financially and deprive people of access to important information and public services.
“One of our key priorities is to engage with those on the fringes of cyber criminality, to help them understand the consequences of cyber crime and how they can channel their abilities into productive and lucrative legitimate careers.”
Due to the teens being labeled as minors by the court, teens names were not publicly listed, however their age and city they belong to were listed in the filings as:
- 18-Year-Old from Huddersfield, West Yorkshire
- 18-Year-Old from Manchester
- 16-Year-Old from Northampton
- 15-Year-Old from Stockport
- 17-Year-Old from Cardiff
- 17-Year-Old from Northolt, North-West London
As of now, all six suspects have posted bail and are free while the two 18-year-olds were cautioned at accepting any interview requests.
Though six teens were arrested, investigators say they are currently in the process of visiting 50 addresses linked to individuals who purchased a subscription but have yet to carry out any attacks with the tool. The agency also said that one-third of the individuals they have tracked down are below the age of 20, and their latest efforts are part of a wider plan to address young people at the risk of being involved with serious forms of cybercrime.
According to research conducted earlier this month, the Lizard Stresser tool has more than 176 active and paying subscribers who have launched more than 15,000 attacks on over 3,907 targets in just two months of the service being operational.