Hack attack on Sony and Xbox
20 January 2015
Hacking group Lizard Squad has been hit by a shambolic attack that exposed the entire database of people who registered to use its services.
The group claimed to have shut off the PlayStation and Xbox gaming networks over Christmas.
It then launched a website that allowed anyone who paid to use its software to flood other sites with data.
The attack which exposed the customer list is just one of many targeted at the group and its tools.
Investigative journalist Brian Krebs broke the news that the database used to create the Lizard Stresser tool had been compromised. The Stresser let those who paid use it to overwhelm websites or kick people offline by bombarding the sites they were using with their personal data.
Mr Krebs did not specify who got at the data but said he had acquired a dump of the complete list of 14,241 individuals who signed up.
Anyone visiting the Stresser website was warned of the attack via a message on the login page's main page that advised users to change the password they had created when they registered.
In a blogpost in a blog post, Mr Krebs said the Lizard Squad had not taken many steps to safeguard the login information and contact details provided by users.
"All registered usernames and passwords were saved in plain text," said Mr Krebs and added that only a handful of the people who registered paid for the service.
Tech news site Ars Technica also obtained the database dump, which was briefly published on the Mega file-sharing service. It stated that most people who used it were gamers who were trying to stop their opponents from playing a specific game. Minecraft servers were a popular target of the Stresser users according to the report.
Ars Technica said the dump of the database could cause issues for anyone who used it, as the IP addresses of a lot of them were obscured and could, with a bit of work, be retrieved.
The petty theft of the database comes just after other experts in computer science dismantled the tools that Lizard Squad has been using. One revealed the source program's code to target people on IRC chat networks,
Eric Zhang, a computer science student, was able to quickly identify the names of everyone who signed up for Stresser with a simple script.
He said, "That took only 10 minutes."
He said he wasn't shocked that the entire database had been taken over because, when he viewed the website, access for the public to the server behind it hadn't been closed off.
He stated that the site was run by a person who had no formal expertise in software engineering.
He stated, "Most of their work isn't very impressive." "Anyone could do it. It takes only time.
Mr. Krebs said that Lizard Squad was being targeted because security personnel were annoyed by their sudden popularity.
He added: "There seems to be a general feeling within the security research community that these guys are way over their heads, and that when we're unable to find a way to bring justice to a bunch of teens in Western nations who are doing a slap in the face to everyone else, then that's a sad state of affairs."
He also said that the time taken to carry out investigations and locate members of the group helped it survive. Recent Lizard Squad arrests seemed to have resulted in only the arrest of a few of its hangers-on, but left some of its core members unharmed.
UK man arrested for hacking Sony
16 January 2015
Sony hackers 'shared' stolen logins
30 December 2014
PlayStation rebuild service
27 December 2014