Formation | August 18, 2014 |
---|---|
Type | Hacking |
Membership | 7 |
Lizard Squad was a black hat hacking group, mainly known for their claims of distributed denial-of-service (DDoS) attacks [1] primarily to disrupt gaming-related services.
On September 3, 2014, Lizard Squad seemingly announced that it had disbanded [2] only to return later on, claiming responsibility for a variety of attacks on prominent websites. The organization at one point participated in the Darkode hacking forums and shared hosting with them. [3] [4]
On April 30, 2016, Cloudflare published a blogpost detailing how cyber criminals using this group's name were issuing random threats of carrying out DDoS attacks. Despite these threats, Cloudflare claim they failed to carry through with a single attack. [5] [6] As a result of this, the British National Fraud Intelligence Bureau issued an alert warning businesses not to comply with ransom messages threatening DDoS attacks. [7] [8]
A distributed denial-of-service (DDoS) attack occurs when numerous systems flood the bandwidth or resources of a targeted system, usually one or more web servers. [9] Such an attack is often the result of multiple systems (for example a botnet) flooding the targeted system with traffic. When a server is overloaded with connections, new connections can no longer be accepted.
Lizard Squad has claimed responsibility for launching a string of DDoS attacks against high-profile game-related services over the course of a few months in late 2014. On August 18, 2014, servers of the game League of Legends were taken offline with a DDoS attack; this was claimed as Lizard Squad's first attack. [10] Days later, on August 24, the PlayStation Network was disrupted via a DDoS attack. [11] On November 23, the group claimed they attacked Destiny servers with a DDoS attack. [12] On December 1, Xbox Live was apparently attacked by Lizard Squad: users attempting to connect to use the service would be given the 80151909 error code. [13] On December 2, Lizard Squad defaced Machinima.com, replacing their front page with ASCII art of their logo. [14] A week after, on December 8, Lizard Squad claimed responsibility for another PlayStation Network DDoS attack. [15] [16] On December 22, though not game-related, Internet in North Korea was taken offline by a DDoS attack. [17] Lizard Squad claimed responsibility for the attack and linked to an IP address located in North Korea. [18] North Korean Internet services were restored on 23 December 2014. [19]
Lizard Squad had previously threatened to take down gaming services on Christmas. [20]
On December 25, 2014 (Christmas Day), Lizard Squad claimed to have performed a DDoS attack on the PlayStation Network and Xbox Live. On December 26, 2014, at 2:00 AM,[ when? ] Lizard Squad appeared to stop attacking PlayStation Network and Xbox Live. Gizmodo reported that the attacks may have ceased after Kim Dotcom offered Lizard Squad 3000 accounts on his upload service MEGA. [21]
On December 26, 2014, a Sybil attack involving more than 3000 relays was attempted against the Tor network. [22] Nodes with names beginning with "LizardNSA" began appearing, Lizard Squad claimed responsibility for this attack. [23]
The relevance of the attack was questioned. According to Tor relay node operator Thomas White, the consensus system made that Lizard Squad only managed to control "0.2743% of the network, equivalent of a tiny VPS". [24]
On January 26, 2015, the website of Malaysia Airlines was attacked, apparently by Lizard Squad, calling itself a "cyber caliphate". Users were redirected to another page bearing an image of a tuxedo-wearing lizard, and reading "Hacked by Cyber Caliphate". Underneath this was text reading "follow the cyber caliphate on twitter" after which were the Twitter accounts of the owner of UMG, "@UMGRobert" and CEO of UMG, "@UMG_Chris". The page also carried the headline "404 - Plane Not Found", an apparent reference to the airline's loss of flight MH370 the previous year. Malaysia Airlines assured customers and clients that customer data had not been compromised. [25]
Media reports around the world said versions of the takeover in some regions included the wording "ISIS will prevail", which listed concerns of Lizard Squad's association with the Islamic State. [25]
On July 9, 2015, game servers operated by Daybreak Game Company, including those of H1Z1 and PlanetSide 2 , were disrupted by a DDoS attack that Lizard Squad claimed responsibility for. [26] [27] The attack was performed in retaliation to legal threats John Smedley, the company's CEO, had made after being targeted by the hacking group. [28]
On August 24, 2014, Lizard Squad claimed that a plane on which the president of Sony Online Entertainment, John Smedley, was flying (American Airlines Flight 362), had explosives on board. [29] [30] The flight from Dallas to San Diego made an unscheduled landing in Phoenix, Arizona. Sony Online Entertainment announced that the FBI was investigating the incident. [30]
On January 26, 2015, several social media services including Facebook and Instagram were unavailable to users. Tinder and HipChat were also affected. Lizard Squad claimed responsibility for the attacks, via a posting on a Twitter account previously used by the group. [31] The outage, originally speculated to be a distributed denial-of-service attack, lasted a little under an hour before services were restored. [32] [33]
Facebook later released a statement saying its own engineers were to blame, and that the disruption to its services was not the result of a third-party attack, but instead occurred after they introduced a change that affected their configuration systems. [34]
On January 27, 2015, Lizard Squad claimed to have compromised Taylor Swift's Twitter and Instagram accounts. Once they claimed to have access, they threatened to release nude photos in exchange for bitcoins. Taylor Swift, however, retorted that "there were no naked pics" and told the offenders to "have fun" finding any. [35]
On January 4, 2021, American lawyer and conspiracy theorist Lin Wood tweeted out baseless claims that a group of hackers named "the lizard squad" have evidence of a global sex ring involving several high-profile Americans, similar to the discredited conspiracy theory Qanon. [36] There seems to be no relation between the "lizard squad" mentioned by Wood and the black-hat hacking group Lizard Squad, and Vinnie Omari, a member of the Lizard Squad, denies any claim that his group may have information on a global sex-trafficking organization. [37]
Vinnie Omari is a member of the Lizard Squad who was arrested and bailed under the alleged offences of "Enter into/concerned in acquisition/retention/use or control criminal property, Fraud by false representation - Fraud Act 2006, Conspire to steal from another, unauthorized computer access with intent to commit other offences". He was used as a public face on television and as a spokesperson for the news to represent LizardSquad. [38] [39]
Julius Kivimäki (zeekill) is a Finnish member of Lizard Squad convicted in July 2015 on over 50,000 counts of computer crime. [40] In 2022, he was also suspected of the Vastaamo data breach, after having hacked around 50,000 psychotherapy patients' medical records and demanded ransoms for not publishing them. [41]
19-year-old Zachary Buchta (fbiarelosers) from Maryland, has been charged with computer crimes associated with a series of distributed denial-of-service (DDoS) attacks, stolen credit cards and selling DDoS-for-hire services. He was one of the members behind LizardSquad and also the Co-Group "PoodleCorp" which launched distributed denial-of-service (DDoS) attacks against multiple networks, YouTubers and gaming services. Buchta was hiding behind the Twitter alias @fbiarelosers, @xotehpoodle, and the online aliases "pein" and "lizard". [42] [43] [44] [45]
19-year-old Bradley Jan Willem van Rooy (UchihaLS) from the Netherlands, has been charged with computer crimes associated with a series of distributed denial-of-service (DDoS) attacks, stolen credit cards and selling DDoS-for-hire services. He was one of the members behind LizardSquad who was mainly responsible for launching the DDoS-attacks announced by the group. Also he was one of the two managers behind the Twitter account @LizardLands which is the main Twitter account of LizardSquad since January 2015. He was normally hiding behind his Twitter alias @UchihaLS (which stands for Uchiha LizardSquad) and the online aliases "UchihaLS", "Uchiha" and "Dragon". [42] [43] [44] [45]
In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.
Internet activism, hacktivism, or hactivism, is the use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change. With roots in hacker culture and hacker ethics, its ends are often related to free speech, human rights, or freedom of information movements.
The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.
Anonymous is a decentralized international activist and hacktivist collective and movement primarily known for its various cyberattacks against several governments, government institutions and government agencies, corporations and the Church of Scientology.
During the Russo-Georgian War, a series of cyberattacks swamped and disabled websites of numerous South Ossetian, Georgian, Russian and Azerbaijani organisations. The attacks were initiated three weeks before the shooting war began.
Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of cyber-dissidents and other active measures. According to investigative journalist Andrei Soldatov, some of these activities were coordinated by the Russian signals intelligence, which was part of the FSB and formerly a part of the 16th KGB department. An analysis by the Defense Intelligence Agency in 2017 outlines Russia's view of "Information Countermeasures" or IPb as "strategically decisive and critically important to control its domestic populace and influence adversary states", dividing 'Information Countermeasures' into two categories of "Informational-Technical" and "Informational-Psychological" groups. The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives."
Operation Payback was a coordinated, decentralized group of attacks on high-profile opponents of Internet piracy by Internet activists using the "Anonymous" moniker. Operation Payback started as retaliation to distributed denial of service (DDoS) attacks on torrent sites; piracy proponents then decided to launch DDoS attacks on piracy opponents. The initial reaction snowballed into a wave of attacks on major pro-copyright and anti-piracy organizations, law firms, and individuals. The Motion Picture Association of America, the Pirate Party UK and United States Pirate Party criticised the attacks.
LulzSec was a black hat computer hacking group that claimed responsibility for several high profile attacks, including the compromise of user accounts from PlayStation Network in 2011. The group also claimed responsibility for taking the CIA website offline. Some security professionals have commented that LulzSec has drawn attention to insecure systems and the dangers of password reuse. It has gained attention due to its high profile targets and the sarcastic messages it has posted in the aftermath of its attacks. One of the founders of LulzSec was computer security specialist Hector Monsegur, who used the online moniker Sabu. He later helped law enforcement track down other members of the organization as part of a plea deal. At least four associates of LulzSec were arrested in March 2012 as part of this investigation. Prior, British authorities had announced the arrests of two teenagers they alleged were LulzSec members, going by the pseudonyms T-flow and Topiary.
Anonymous is a decentralized virtual community. They are commonly referred to as an internet-based collective of hacktivists whose goals, like its organization, are decentralized. Anonymous seeks mass awareness and revolution against what the organization perceives as corrupt entities, while attempting to maintain anonymity. Anonymous has had a hacktivist impact. This is a timeline of activities reported to be carried out by the group.
We Are Legion: The Story of the Hacktivists is a 2012 documentary film about the workings and beliefs of the self-described "hacktivist" collective, Anonymous.
Austin Thompson, known as DerpTrolling, is a hacker that was active from 2011 to 2014. He largely used Twitter to coordinate distributed denial of service attacks on various high traffic websites. In December 2013 he managed to bring down large gaming sites such as League of Legends in an attempt to troll popular livestreamer PhantomL0rd. Public reaction to his presence has been generally negative, largely owing to the unclear nature of his motives.
CyberBerkut is a modern organized group of pro-Russian hacktivists. The group became locally known for a series of publicity stunts and distributed denial-of-service (DDoS) attacks on Ukrainian government, and western or Ukrainian corporate websites. By 2018, this group was accused by western intelligence agencies, such as National Cyber Security Centre of being linked to the GRU, providing plausible deniability.
High Orbit Ion Cannon (HOIC) is an open-source network stress testing and denial-of-service attack application designed to attack as many as 256 URLs at the same time. It was designed to replace the Low Orbit Ion Cannon which was developed by Praetox Technologies and later released into the public domain. The security advisory for HOIC was released by Prolexic Technologies in February 2012.
Mirai is malware that turns networked devices running Linux into remotely controlled bots that can be used as part of a botnet in large-scale network attacks. It primarily targets online consumer devices such as IP cameras and home routers. The Mirai botnet was first found in August 2016 by MalwareMustDie, a white hat malware research group, and has been used in some of the largest and most disruptive distributed denial of service (DDoS) attacks, including an attack on 20 September 2016 on computer security journalist Brian Krebs' website, an attack on French web host OVH, and the October 2016 Dyn cyberattack. According to a chat log between Anna-senpai and Robert Coelho, Mirai was named after the 2011 TV anime series Mirai Nikki.
On October 21, 2016, three consecutive distributed denial-of-service attacks were launched against the Domain Name System (DNS) provider Dyn. The attack caused major Internet platforms and services to be unavailable to large swathes of users in Europe and North America. The groups Anonymous and New World Hackers claimed responsibility for the attack, but scant evidence was provided.
Hack Forums is an Internet forum dedicated to discussions related to hacker culture and computer security. The website ranks as the number one website in the "Hacking" category in terms of web-traffic by the analysis company Alexa Internet. The website has been widely reported as facilitating online criminal activity, such as the case of Zachary Shames, who was arrested for selling keylogging software on Hack Forums in 2013 which was used to steal personal information.
Deflect is a DDoS mitigation and website security service by eQualitie, a Canadian social enterprise developing open and reusable systems with a focus on privacy, resilience and self-determination, to protect and promote human rights and press freedom online.
Powerful Greek Army or by the abbreviation "PGA" is a hacker group founded in 2016. The team has carried out numerous cyberattacks both in Greece and worldwide.
Killnet is a pro-Russia hacker group known for its DoS and DDoS attacks towards government institutions and private companies in several countries during the 2022 Russian invasion of Ukraine. The group is thought to have been formed sometime around March 2022.