Lizard Squad Speaks Up About DDoS

This Christmas, millions of kids and adults around the globe booted up their brand new consoles, only to be greeted with a message from Microsoft and Sony claiming that their online gaming networks were “down for maintenance”.

In the days that followed, a well-known hacking group and offshoot of Anonymous calling themselves Lizard Squad publicly took responsibility for the downtime, stating they had DDoSed both companies in an effort to get both to take the security of their services more seriously in the new year.

Now, several prolific members of the organization have come out of the shadows for interviews with BBC and The Daily Dot, and their answers to the big quandary of “why” seem to just bring up more questions than they answer.

“Microsoft and Sony are f***ing retarded, literally monkeys behind computers,” one of the members of Lizard Squad explained in his interview.

“They would have better luck if they actually hired someone who knew what they were doing. Like, if they went around prisons and hired people who were convicted for stuff like this they would have a better chance at preventing attacks.”

These statements aren’t necessarily unfounded either. The Lizard Squad had been warning both companies for upwards of a month before the strike actually went down, and neither thought to take the threat seriously enough to strengthen their networks in anticipation of the holiday rush.

“If I was working [at Microsoft or Sony] and had a big enough budget I could totally stop these attacks,” another member of Lizard claimed.

“I’d buy more bandwidth, some specific equipment, and configure it correctly. It’s just about programming skill. With an attack of this scale it could go up to the millions. But that’s really no problem for Sony and Microsoft.”

When asked about whether or not Lizard Squad felt bad for basically killing Christmas for kids around the world, their spokesman (talking with BBC Radio) was short with his reply.

“If I did, I would probably have apologized by now, but no I don’t,” the Lizard Squad member responded. “You feel that you have the power to do something, and maybe the company can change for the better,” he later said, while explaining why Lizard Squad took down PSN and Xbox Live.

While the explanation seems a bit dodgy on the surface, realistically you can’t help but understand the idea behind it on some level. Both Microsoft and Sony had plenty of time to heed the warning, and instead decided to shrug it off and horde whatever money they had at the top of the food chain instead.

Money that could (and should) have been spent in preparation not just for the Squad, but for any attacks that had the potential to take down their systems from the outside. Because they didn’t, they’ve become the victim of their own hubris, and unfortunately their customer base are who has to suffer because of it.

Despite the public admission that he was a part of the operation, the interviewee didn’t seem scared in the slightest at the prospect of getting caught:

“There is a chance that I will get caught, and I personally am not really that worried about it, to be honest,” a Lizard Squad member said in the BBC interview. “If I get caught, then I get caught. Maybe I’ll end up serving time, or maybe I’ll end up helping companies, help them get better I guess.”

In the days since the initial assault, there have also been leaks of personal credential data of 13,000 users for the virtual private network service CyberGhost, as well as a spattering of other websites gathered during the attack including UbiSoft, Brazzers, UFC TV, PSN and Xbox Live, Twitch.TV, Amazon, Hulu Plus, Walmart, Dell, and EA Games.

That said, many are skeptical of the files’ authenticity, claiming they are little more than an attempted PR stunt by a rogue member trying to detract from LS’ core message and motivations for pulling the stunt in the first place.

Though LS say they’ve ceased their operation on PSN and Xbox Live, they have now turned their attention to the Tor network, testing out a new zero-day that brought upwards of 3,000 separate exit nodes crumbling to their knees.

These numbers don’t bode well for Tor users. The service only maintains about 8,000 nodes in total, so with about 40 percent of all their traffic in the hands of Lizard Squad, the hacker group could potentially expose the identity of thousands of users “just for the lulz” if they really wanted to.

Anonymous has since responded to the campaign against their favorite anonymization platform, telling their bastard sons at the Lizard Squad that they should “stand the f***k down”.

Lizard Squad shot back shortly after, challenging their old masters with a simple, yet threatening “Do something.”

The group hasn’t elaborated on why they’ve focused their sights on Tor, though it’s suspected their motivations are much the same of what we’ve seen with their latest DDoS efforts: to scare their owners into strengthening their defenses so it doesn’t happen again.

As much as you might disagree with the tactic, it’s hard to argue about its overall effectiveness. Once the developers of the Tor project regain control, we can imagine they’ll be working closely with members of LS (who themselves actually support the service) to patch up the holes that were originally exploited to get in.

So, however malicious it may look on the surface, it seems that what Lizard Squad is trying to achieve here is more of a ‘tough love’ approach to the admins of the web as a whole.

They are proving (in a very abrasive way, but an effective one nonetheless) that no one is as safe as they think they are, and those responsible for safeguarding the identity and financial data of their users will need to step up to the plate if they’re to be trusted with that duty from here on out.