Poetic Justice -- DDoS service operated by Lizard Squad gets hacked, user data leaked
The past few weeks have not been kind to hacking group Lizard Squad. They've managed to raise the ire of the last possible group of folks you'd wish to anger -- Anonymous. The organization is also experiencing arrests of its members, thanks to poor procedures put in place for identity protection. But the latest blow may come as poetic justice to many people.
The loosely-knit hacker communicative has been trying to sell its wares online -- namely DDoS for hire services. Unfortunately for it, and rather fortunately for the rest of us, the offering has been hacked. According to multiple reports LizardStresser.su was compromised.
Security firm Sophos reports that "The site is home to the group’s LizardStresser tool which relies on thousands of hacked home routers to launch DDoS attacks".
The group, which took down Playstation and Xbox networks on Christmas day, has bigger problems though. Three members have been taken into custody and identities of others are apparently known. Sophos reports that "Given how a Lizard Squad spokesman recently claimed that part of the group’s motivation for its recent attacks was the highlighting of poor security practices, it is ironic to note that its own database of users was not encrypted -- usernames and passwords were apparently stored in plaintext which, in terms of poor security mistakes, is about as big as they come".
Meanwhile, security researcher Brian Krebs states that "A copy of the LizardStresser customer database obtained by KrebsOnSecurity shows that it attracted more than 14,241 registered users, but only a few hundred appear to have funded accounts at the service".
It seems that crime continues to not pay, or at least for those who think it's a game and don't watch what they're doing. Though, we hope it pays for nobody, not even the expert criminal.