Hacking group Lizard Squad’s DDoS-for-hire website LizardStresser has itself been hacked and the entire database of customers who signed up is now in the hands of the authorities, according to reports.
LizardStresser.su, the site which the group uses to manage its illegal commercial venture, had attracted more than 14,000 registrants, with $11,000 in bitcoins already paid to the group for its services, researcher Brian Krebs said.
Lizard Group promoted its DDoS-for-hire service to prospective punters via successful high profile attacks which took PlayStation Network and Xbox Live offline last year.
The service uses hacked home routers left exposed thanks to factory-default usernames and passwords, in order to provide LizardStresser with the bandwidth it needs to overwhelm targeted sites.
It seems like the net is closing around the group, however.
An 18-year-old man was arrested in Southport last Friday over alleged involvement with the Sony and Xbox attacks and so-called ‘swatting’ offences.
This refers to a new take on the old crank call, in which the prankster provides false information to law enforcers suggesting there’s a serious incident at a particular location, so that they send round a SWAT team.
Assisted by the FBI and the UK’s National Cyber Crime Unit (NCCU), the South East Regional Organised Crime Unit (SEROCU) Cyber Crime Unit, and the north-west's Titan Regional Organised Crime Unit made the arrest in the Merseyside town.
The arrest comes just a few weeks after police apprehended 22-year-old Vincent ‘Vinnie’ Omari, in connection with the same investigation. Finnish police have also questioned a third man, 17-year-old, Julius ‘Ryan/Zeekill’ Kivimäki, although he has apparently not been charged.
The group in the past has also posted pro-ISIS content online and even forced the emergency landing of an American Airlines plane carrying Sony Online Entertainment president John Smedley after claiming there was a bomb on board.