Hack attack on Sony and Xbox
20 January 2015
Hacking group Lizard Squad has been hit by a shambolic attack that exposed the entire database of users who registered to use Lizard Squad's services.
The group claimed to have knocked down the Xbox and PlayStation gaming networks offline during Christmas.
It soon launched an online platform that allowed anyone who paid for its software to flood other sites with data.
The attack that exposed the list of customers is one of several aimed at the group and its tools.
Address list
Brian Krebs, an investigative journalist, broke the story about the hacking of the Lizard Stresser database. The Stresser allowed those who paid for it to load websites or remove users from their websites by dumping data.
Krebs did not provide a name. Krebs did not specify who had access to the information, but said he'd acquired an archive of the entire roster of 14,241 people who signed up.
Anyone who visited the Stresser website was warned via text message in the login box. It advised users to change their password which they created when they registered.
In a blog post in a blog post, Mr Krebs said the Lizard Squad had not taken numerous precautions to safeguard the login information and contact details provided by users.
"All registered usernames and passwords were stored in plain text," said Mr Krebs and added that only a handful of the users who signed up had paid to use it.
Tech news site Ars Technica also got hold of the database dump, which was released on the Mega file-sharing platform. It stated that the majority of those who utilized it were gamers who wanted to stop rivals playing an exact game. Minecraft servers were a popular target for the Stresser users, it said.
Ars Technica stated that the dump of the database could cause problems for anyone who used it, as a lot of IP addresses were not properly hidden and could be recovered with a little effort.
Then, shortly after Lizard Squad was attacked on IRC chat networks Other computer experts also dismantled the tools. One of the hackers leaked the source code of a program that was used to attack IRC chat network users.
Eric Zhang, a computer science student was able to quickly enumerate the names of all those who signed up for Stresser using a very simple script.
He said, "That took only 10 minutes."
He stated that he wasn't surprised that the entire database had been stolen, as he scanned the site and saw that public access to the server behind it was open.
Playing games is always fun
He stated that the site was run by someone with no formal knowledge of software engineering.
He added, "Most of their work is not very impressive." "Anyone could accomplish this. All you need is time."
Mr Krebs said that Lizard Squad was being targeted because security personnel were annoyed by their sudden fame.
He also said that there was a general feeling within the security community that these men are way beyond their heads. If we don't bring to justice a few teens from Western countries who are rubbing it in everyone's faces, that's a sad state.
He claimed that the group survived due to the length of time it required for investigations to be conducted and members found. Recent Lizard Squad arrests seemed to have resulted in only the capture of some of its hangers-on, but left some of its core members unharmed.
UK man is arrested for hacking Sony
16 January 2015
Sony hackers 'shared' stolen logins
30 December 2014
PlayStation rebuild service
27 December 2014
Brian Krebs
Eric Zhang
No comments yet