Lizard Squad Back to Old Ways with Xbox Attack

Written by

Hackers claiming to hail from the notorious Lizard Squad group have been gloating online after appearing to take down Xbox Live again with a DDoS attack. They also took credit for disrupting customers of Daybreak Games.

The Microsoft online gaming platform appears to be back to normal now, but multiple reports claimed that the service was limited for several hours on Monday morning.

At the same time, a Twitter account claiming to represent Lizard Squad tweeted that it had carried out the attack with the help of another group known as ‘Like None Other.’

It also couldn’t resist a dig at Kim Dotcom, the outspoken Megaupload owner who effectively bribed the hackers with free cloud storage vouchers last time they took out the PlayStation and Xbox networks over Christmas.

The post read: “One more thing: Tell KimDotcom to take his vouchers and shove them up his fat ass.”

The group was not only active against Microsoft. On Saturday it claimed to take zombie-themed game H1Z1 offline.

John Smedley, president of the Daybreak Game Company, which owns the title, confirmed the DDoS in a tweet on the same day.

Lizard Squad and Smedley have history. Before his current role he was president of Sony Online Entertainment – which was subsequently sold and turned into independent business Daybreak Games.

Lizard Squad hit Sony PlayStation Network with a DDoS last August while Smedley was in charge. They then upped the ante by claiming responsibility for a bomb hoax call which disrupted an American Airlines flight the Sony president was on board.

There have been several arrests of suspected members of Lizard Squad recently, including one of an 18-year-old man in Southport in January. However, none have been formally charged as yet.

Andrew Conway, research analyst at Cloudmark, argued that the recent attacks show how widespread the capabilities to aim successful DDoS campaigns at major gaming networks have become.

“There are some technical solutions to reduce DDoS attacks. These include better DNS security to prevent DNS amplification attacks, preventing IP address spoofing, and upgrading NTP servers to the latest release,” he added.

“However, these need to be applied across the whole internet, and not just on the targeted systems. In the meantime, the most effective response to Lizard Squad and similar groups will be through law enforcement.”

It’s only a “matter of time” before the remaining members of the group are rounded up, he claimed.

What’s hot on Infosecurity Magazine?