Following its attack on Xbox Live earlier this week, hacker group Phantom Squad has threatened to take down both Xbox Live and PlayStation Network for a week over Christmas, calling its first successful attempt a demonstration, The Independent reports. The Twitter account that Phantom Squad used to make these threats has now been suspended, but the group has returned with a new account, @PhantomLair.
“Why do we take down PSN and Xbox Live? Because cyber security does not exist,” the old Phantom Squad account tweeted, followed by, “Some men just want to watch PSN and Xbox Live burn.”
Phantom Squad is claiming that it temporarily took down PSN earlier today, but this has not yet been confirmed:
Only a few days ago, the “hacking group” known as Phantom Squad threatened to shut down Xbox Live and PlayStation Network during the Christmas period. Before I move onto today’s development, please note that the press shouldn’t really be referring to groups like Lizard Squad and Phantom Squad as hacking groups. I’ve fallen into that trap myself without thinking about it, and it’s not actually an accurate term. Using a DDoS to disrupt networking services is not hacking, and we shouldn’t give these groups a title which overemphasize their abilities. Putting that aside, it seems Phantom Squad have lived up to their promise and conducted a DDoS attack on Xbox Live. Here we can see them taking responsibility for the service outage and also tweeted about the lack of security on these networks:
This might indicate they have a motive to expose Xbox Live and PlayStation Network’s security loopholes. However, this isn’t the way to go about it, and only impacts on the enjoyment factor for new console owners during Christmas. Rather surprisingly, Twitter has suspended the groups account but luckily Ars Technica UKcaptured some of their Tweets. In lieu of recent events, Microsoft issued a status update on its support site which reads:
“Hey Xbox members, are you having trouble purchasing or managing your subscriptions for Xbox Live? Are you also having an issue with signing into Xbox Live? We are aware of these issues and are working to get it fixed ASAP! Thank you for being patient while we work. We’ll post another update when more information becomes available.”
Phantom Squad’s egotistical and attention seeking traits reached fever pitch as they asked for retweets to prevent PSN from being the next target:
Any hope of Phantom Squad caring about security of having some sort of moral purpose is discredited by this tweet. Clearly, they just want to cause havoc and feel better about themselves by spoiling other people’s Christmas. As a result, they need to reassess their behaviour and comprehend how they would feel if their Christmas was spoilt by an unknown group on the internet.
The National Crime Agency is a UK body which tackles online cyber attacks and recently arrested 6 people for using Lizard Squad’s DDOS tool. In an act of retaliation, the hacking group conducted a DDOS attack on the NCA website. The team mockingly used the NCA’s logo in a Twitter post and publicly announced the DDOS attack. An NCA spokesperson said about the incident:
“The NCA website is an attractive target. Attacks on it are a fact of life. DDoS is a blunt form of attack which takes volume and not skill. It isn’t a security breach, and it doesn’t affect our operational capability. At worst it is a temporary inconvenience to users of our website. We have a duty to balance the value of keeping our website accessible with the cost of doing so, especially in the face of a threat which can scale up endlessly.”
Hacking via a DDOS method doesn’t usually result in long-term chaos and the majority of sites can be up and running within 1-2 hours. Of course, this greatly depends on the scale and complexity of each hacking attempt. The NCA spokesperson emphasized this and argued:
“The measures we have in place at present mean that our site is generally up and running again within 30 minutes, though occasionally it can take longer. We think that’s proportionate.”
However, Dave Larson, CTO at Corero Network Security explained the more sinister impact of DDOS attacks on network infrastructure:
“The recent reports indicating that the National Crime Agency website has been taken offline by DDoS attack, seemingly by the increasingly popular DDoS-for-hire site, Lizard Stresser is a classic example of cyber-warfare taking aim in retaliation of the recent arrests of individuals associated with the service.
“DDoS attacks can be a nuisance, cause temporary or long term service disruptions, and take down IT security infrastructure in any organization. What is even more distributing is the potential for even greater damage in the form of smokescreen diversions allowing hackers to run additional attacks aimed at breaching sensitive data and further impacting operations.
“DDoS mitigation strategies must be viewed as more than just protecting your website, it is protecting the business, your intellectual property and your customers.”
In my opinion, this particular hack was nothing more than an inconvenience and predatory response to the 6 arrests. Arguably, Lizard Squad hopes this sends a warning message out to government bodies trying to infiltrate the group and arrest its leading members. Personally, I feel this is more of a PR stunt and not a valid attempt to make the NCA’s website inoperable.
Six people in the UK have been arrested for using Lizard Squad’s infamous DDoS tool, Lizard Stresser. Operation Vivarium, co-ordinated by the National Crime Agency (NCA), was a nationwide initiative involving numerous police forces and Regional Organised Crime Units (ROCUs) across the UK. It is estimated that 30% of UK businesses suffered DDoS attacks last year.
According to the NCA website, the following suspects, all male and aged 18 or under, were arrested:
A 17 year-old male from Manchester had computer equipment seized and was interviewed under caution by the NCA’s National Cyber Crime Unit (NCCU) on 27 August.
A 18 year-old-male from Huddersfield arrested and bailed on 27 August by Yorkshire and Humberside police.
A 18 year-old-male from Milton Keynes interviewed under caution by the South East ROCU on 26 August.
A 18 year-old male from Manchester arrested and bailed by North West ROCU and Greater Manchester Police on 26 August.
A 16 year-old male from Northampton arrested and bailed by East Midlands ROCU on 26 August.
A 15 year-old male from Stockport arrested by the North West ROCU and Greater Manchester Police on 24 August.
This follows two other arrests earlier this year:
A 17 year-old male from Cardiff arrested and bailed by South Wales ROCU and NCCU on 16 April.
A 17 year-old male from Northolt arrested and bailed by the Metropolitan Police on 03 March.
“By paying a comparatively small fee, tools like Lizard Stresser can cripple businesses financially and deprive people of access to important information and public services, Tony Adams, Head of Investigations at the NCA’s National Cyber Crime Unit, said. “This multi-agency operation illustrates the commitment of the NCA and its partners to pursuing people who think they can criminally disrupt important public services or legitimate businesses.”
“One of our key priorities is to engage with those on the fringes of cyber criminality, to help them understand the consequences of cyber crime and how they can channel their abilities into productive and lucrative legitimate careers,” he added.
Publicly attacking the cyber bullies Lizard Squad might not have been the best idea that Daybreak Games CEO John Smedley ever had. A day after he made headlines with his twitter posts, the massively multiplayer online zombie game, H1Z1, is experiencing trouble and people can’t login. Other Daybreak releases also experienced trouble, including their website and even the server-status page.
Lizard Squad is known to brag about their takedowns and they are also the group that took responsibility for the attack on the PS4 and Xbox One over Christmas. First there was the twitter announcement and just minutes later people started to complain that they weren’t able to connect.
The whole thing started after the sentencing of Julius Kivimaki, one of the kids that outed themselves as Lizard Squad members, where John Smedley voiced that the sentence was too mild. Julius Kivimaki was convicted of 50000 counts of computer crime and harassing people including calling swat teams on Smedley and calling in bomb threats to ground flights he was taking. Julius Kivimaki only got a commuted two-year sentence which means no jail-time.
A Finnish hacker, and member of the notorious Lizard Squad, has been found guilty of 50,700 charges of hacking, according to the nation’s newspaper, Kaleva. The hacker, 17-year-old Julius “zeekill” Kivimaki, was given a 2-year suspended sentence, meaning he will avoid prison on the proviso that help “to fight against cybercrime”. Any failure to meet this condition will see Kivimaki serve his 2-year sentence in prison.
Kivimaki was charged with crimes related to data breaches, felony payment fraud, telecommunication harassments, plus a number of other computer fraud and violation of privacy crimes. He was identified as a member of Lizard Squad – the perpetrators of the Xbox Live and PlayStation Network DDoS attacks last Christmas – by cybersecurity journalist Brian Krebs late last year. Shortly after, Kivimaki conducted an interview with Sky News, using the alias “Ryan”, to discuss the Xbox and PlayStation DDoS attacks.
One of Kivimaki’s victims, Blair Strater, has been left “utterly disgusted” by the court ruling, feeling that the sentence is far too lenient. Strater was a regular victim of the practice known as “swatting” – fake calls to US law enforcement that result in a SWAT team being dispatched to an address – at the hands of Kivimaki.
“I’ve lost complete faith in the justice system, and that includes the FBI. He’s harmed American targets and the FBI should have stepped in by now,” said Strater. “The reality is, Julius Kivimaki will never be made to pay for his crimes.”
Tesla, electric motoring giant; like many companies have taken to social media to boost the brand and also get into direct contact with consumers and just about anyone that is interested in their products.
What comes with social media however is a massive risk of hacking. We’ve seen it before with some pages, but normally these are returned to the owner within an hour or so and nothing malicious follows. However, it seems Tesla Motors’ twitter account has been hacked and the new ‘owner’ is having a bit of a joyride on their.
The hacking group behind this seems to be Lizard Squad when following the “@ripprgang” account that was linked in the profile description.
If you are interested in taking a look at the twitter feed, follow this link. Please take discretion when reading some of the tweets as some of them may offend.
This currently seems to be an isolated incident to this one Twitter account, as activity on the company Facebook page and the website still seem normal. Lets hope that this is rectified quickly.
Update: It seems that the hack has been reversed with all offending tweets removed.
We will keep you up to date with any further updates as they come in.
According to the official PlayStation Twitter account, PlayStation Network has suffered another outage. There is no news as to why, or whether it is down to another malicious attack, à la the Christmas DDoS attack on PSN by Lizard Squad.
We're aware that some users are experiencing issues signing into PSN – engineers are investigating. We'll keep you posted
There are strong rumours abound that hacker collective Lizard Squad has developed a PlayStation 4 jailbreak and that it plans to release it at some point this year.
Reports suggest that Lizard Squad found a security flaw in the PS4’s 2.03 firmware, allowing them to modify the root files to run their rewritten code. The code lets users run ISO copies of PS4 games. A further alleged benefit is the ability to update games via PSN to access cracked DLC content.
The jailbreak is said to be inspired by Reckz0r, who was reported to have hacked the PlayStation 4 as early as October 2013. Reckz0r’s method, using Orbis OS, has been written up as a tutorial, according to GrahamCluley.com. The report says that Sony have threatened Reckz0r with legal action over the hack.
Reckz0r’s tutorial was said to be removed after he received the following direct message from the official PlayStation Twitter account:
“No? We’re giving you one day, to delete that Pastebin link you have recently posted, alongside with the files if you have uploaded them somewhere. It won’t take us long to get you arrested if you’re still going to proceed spreading the jailbreak. 🙂 Take the Geohotz scenario as an example.”
How deliciously apt: Lizard Squad’s for-hire DDoS service, Lizard Stresser, has been hacked by unknown persons.
Lizard Squad are the hacker group responsible for the attacks on Xbox Live and PlayStation Network that brought the services down over Christmas last year. The group later claimed that these DDoS attacks were meant as a form of advertisement for its Lizard Stresser service.
News of the Lizard Stresser hack was broken by Brian Krebs of online security site Krebs on Security, revealing that the culprit had sent him a copy of Lizard Stesser’s customer database, including their passwords, obtained directly from the site, stored as a plain text file.
The document reveals that although 14,241 people have registered with the site, only a couple of hundred people have paid for the service, raising over $11,000-worth of Bitcoins in sales.
Brian Krebs, an online security blogger, has found how hacker group Lizard Squad managed to amass the trafficking power to take down Xbox Live and PlayStation Network over Christmas, and the answer lies very close to home.
Krebs’ investigation – outlined on his blog, KrebsOnSecurity – led him to discover that Lizard Squad had used a recently discovered malware variant to take control of thousands of home routers. Together, the routers formed a botnet that was used to direct a high volume of junk internet traffic toward Xbox Live and PSN, putting them under so much stress that they collapsed, unable to cope.
Though Krebs asserts that the majority of Lizard Squad’s botnet hosts home routers, he claims that a significant number of commercial routers, used by companies, schools, and universities, had been compromised.
A for-hire DDoS tool, run by Lizard Squad, the hacker group responsible for the Christmas attacks on Xbox Live and PlayStation Network, has been used to take down infamous den of depravity, 4chan.org.
Lizard Squad made the DDoS tool, which they call Lizard Stresser, available to use by anyone who wants to pay for the service earlier this week. The Lizard Stresser system uses 2400GB/s of data to facilitate its DDoS attacks, double the level of the Xbox and PSN attacks.
The 4chan website went down on the morning of 3rd January. The content of a now-deleted tweet seemed to confirm the involvement of Lizard Stresser:
Someone is hitting 4chan with our booter, loling irl
Sony, in an effort to make amends with customers over the Christmas hack of the PlayStation Network by hacker group Lizard Squad, are offering PlayStation Plus members five free days of membership. Any user with an active PS Plus membership or free trial on 25th December is eligible. In addition, Sony will make a 10% discount code available to all PlayStation Store users some time later this month.
Eric Lempel, head of Sony Entertainment Network, said on the PlayStation blog, “We wanted to show our appreciation for your patience.”
The five free days of PlayStation Plus are automatically applied, so there is no need for users to opt in.
A yet to be officially named member of Lizard Squad has been arrested over claims of online fraud. The individual is believed to be 22-year-old Vinnie Omari, and is in connection to money stolen from PayPal accounts.
“The arrest is in connection with an ongoing investigation into cyber-fraud offences which took place between 2013 and August 2014 during which victims reported funds being stolen from their PayPal accounts,” Thames Valley police said in a statement on behalf of SEROCU.”
Brian Krebs of KrebsOnSecurity says that this is Vinnie, with him posting an image of his supposed bail notice.
Lizard Squad has claimed responsibility for a string of attacks upon Xbox Live and the PlayStation Network, culminating in a massive outage over Christmas Day. The group has sparked outrage online for its supposed DDoS attacks. Last week it was reported that the FBI is investigating.
Well, Lizard Squad is in some deep… well… you know what I was going to say. The FBI has confirmed that it is now investigating the hacking group, after they took both Sony’s PlayStation Network and Microsoft’s Xbox Live services down over the holidays. An FBI spokesperson told GamesBeat “The FBI is investigating the matter. Given the pending nature of the case, we cannot comment further.”
Most would consider the FBI investigating them quite, well, serious, right? Not Lizard Squad, who took to Twitter with this tweet:
It seems that the Christmas DDoS attacks on Xbox Live and PlayStation Network by hacker group Lizard Squad could have been an elaborate marketing campaign. On Tuesday morning, Lizard Squad announced on Twitter that it will begin selling custom DDoS attack services, under the name Lizard Stresser.
Want a website attacked? Pay anywhere between $6 and $500, depending on the size of the site, via Bitcoin and Lizard Squad will oblige. $130 a month will get you 30,000 seconds (about 20 days) of sustained attack, while $500 earns an unlimited attack.
Lizard Squad member dragon told The Daily Dot that the Xbox and PSN attacks were “a huge marketing scheme. Playing games on a Twitter is fun, but it comes down to the money. The objective here, for me at least—can’t speak for others—is money.”
Three hours after launch, 25 people had already paid for the DDoS service. According to dragon, Lizard Squad hopes to keep the service running for a “minimum of one year.”
Sony has issued an update over its is-it-up-or-down PlayStation Network gaming service, which is now “back online” according to the PlayStation blog. The blog states “PlayStation Network and some other gaming services were attacked over the holidays with artificially high levels of traffic designed to disrupt connectivity and online gameplay. This may have prevented your access to the network and its services over the last few days.”
It’s funny though, because Sony states that “The video game industry has been experiencing high levels of traffic designed to disrupt connectivity and online gameplay. Multiple networks, including PSN, have been affected over the last 48 hours. PSN engineers are working hard to restore full network access and online gameplay as quickly as possible.”
Well Sony… my PC has been fine, sheesh even uPlay is fine… and that’s an Ubisoft product. The Steam Holiday Sales have been thrashing gamers wallets across the world, as well as Valve’s servers without a single hiccup. So when you say “the video game industry has been experiencing high levels of traffic” you mean your services were hacked and played with, as well as Microsoft’s. Don’t put us in your potato basket, please.
The Tor Project, victims of an attempted hack by a group known as Lizard Squad, has reassured users that the threat is being dealt with and that users’ anonymity remains intact.
It seems that Lizard Squad launched what is known as a Cybil attack, creating new relays in the hope of saturating the network, as opposed to taking control of existing relays. But, despite reports, the hackers only controlled 1% of the total number of relays within the Tor network. Tor confirmed this in a statement to Business Insider:
“This looks like a regular attempt at a Sybil attack: the attackers have signed up many new relays in hopes of becoming a large fraction of the network. But even though they are running thousands of new relays, their relays currently make up less than 1% of the Tor network by capacity. We are working now to remove these relays from the network before they become a threat, and we don’t expect any anonymity or performance effects based on what we’ve seen so far.”
Lizard Squad claimed responsibility for the Christmas attack on Xbox Live and PlayStation Network, explaining that it brought the two online gaming servers down to demonstrate that users were being short changed by a weak, lacklustre network. Its reasoning for attacking Tor is still a mystery but, whatever its motives were, the move has turned the collective head of Anonymous:
Hey @LizardMafia don't fuck with the Tor network. People need that service because of corrupt governments. Stand the fuck down.
Lizard Squad, the hacker group responsible for taking down Xbox Live and PlayStation Network over Christmas, has claimed it committed the act for the good of gamers. Whatever the motivation, Anonymous has declared war on Lizard Squad, telling the collective that they’ve “made an enemy”.
According to Lizard Squad, a company as large as Microsoft and Sony should have the money and infrastructure to prevent DDoS attacks, and that’s exactly the point, the implication being that users are being short-changed by the two companies not investing in their networks enough.
“If I was working [at Microsoft or Sony] and had a big enough budget I could totally stop these attacks,” a member of Lizard Squad, ‘Ryan Cleary’, told The Daily Dot. “I’d buy more bandwidth, some specific equipment, and configure it correctly. It’s just about programming skill. With an attack of this scale it could go up to the millions. But that’s really no problem for Sony and Microsoft.”
Lizard Squad’s altruistic reasoning hasn’t touched Anonymous, though, as the group has warned Lizard Squad “now you are all going down.” But there seems to be another motive behind Anonymous’ move against the hacker group, as revealed in a YouTube video released on Friday.
“Greetings Gaming Community & Lizard Squad aka Finest, It has come to our attention that despite our continued warnings you have decided to disregard our requests to stop promoting propaganda such as “Anonymous has joined up with the FBI”. The only Anon that ever worked with the FBI is Sabu, the former Lulzsec’s leader and now he’s know as the biggest traitor and scumbag that shopped hes friends to the police in order to save himself among all Anonymous parties. The Leader of Lizard Squad Jord is also the leader of Finest Squad which is in the same position as Sabu (shopped two of hes friends to the police after hacked by Anonymous and, now is struggling to escape from us). Everything that’s happening right now such as “Interview” is a typical brainwashing method of drama in order to save himself. You have made an enemy of Anonymous by saying that we are supporting FBI and now you are all going down!”
Lizard Squad’s latest attack seems to be designed to compromise users’ anonymity by commandeering Tor’s relay nodes. If the hackers take control of enough nodes, it will be able to eavesdrop on, track, and identify Tor users. So far, Lizard Squad has control of 3,000 relays, close to half of all nodes.
Hacker group Lizard Squad launched a DDoS attack on Xbox Live and PlayStation Network (PSN), taking both services down on Christmas Day. The official Lizard Squad Twitter account demanded 10,000 retweets before it would allow the services to continue. However, German web entrepreneur Kim Dotcom stepped in, offering Lizard Squad 3,000 Lifetime accounts on his encrypted upload site, Mega.
Dotcom shared a screen capture of a direct message exchange between the two parties:
The conversation seems a little contrived, possibly staged, but the net result is that both Xbox Live and PSN services were able to continue. Though, now that Kim Dotcom has breached the “don’t negotiate with terrorists” rule, will this persuade Lizard Squad to launch more attacks in hope of soliciting further benefits?
It looks like The Lizard Squad would like to wish you a very Merry Christmas, as the hacking group has taken down Xbox Live in the UK, and in many other parts of the world.
The group said they wanted to keep their promise of giving out “presents” to gamers, in the form of taking down Xbox Live. Xbox Live has reportedly been down for many throughout the world, with the official Xbox Live status page stating that it’s hard for people to sign into Xbox Live on the Xbox 360, but not the Xbox One.
Sony’s PSN has reportedly also been hit by The Lizard Squad… so the “giving” continues, I guess. #pcmasterrace unaffecte.d
Imagine all the people signing into Xbox Live over Christmas with their brand new Xbox One consoles, to reach it and see it has been hacked and shut down. This could be the future in just a couple of weeks time, as hacking group Lizard Squad has threatened Microsoft, saying it “Microsoft will receive a wonderful Christmas present from us.”
The hacking group has previously hit Sony’s PlayStation Network with a DDoS attack, as well as taking down Xbox Live before. Now the group is taking it a few steps further, threatening to take Xbox Live down “forever”. Lizard Squad has said “This is not a treat but a promise. On December 25 aka Christmas. We will tap into Microsoft and shut down Xbox Live, FOREVER! So enjoy it while it lasts.”
So if you start seeing people complaining about Xbox Live being down this Christmas, you’ll know Lizard Squad have been tinkering around inside of Microsoft’s servers.
What is with these hacking teams taking down gaming servers? Not only are they threatening to take down the entirety of Xbox Live forever, but they’re still beating the hell out of the PlayStation servers. It’s worth noting that this has nothing to do with the Sony Pictures hack; Sony are fighting more than one battle right now.
If your game connection has been down, it may just be a general technical glitch at Sony HQ. However, Lizard Squad is staking their claim on the issues, and given their past efforts I’m inclined to believe they’re responsible.
Lizard Squad, a hacking group that has been grabbing a lot of headlines recently, has made one of their boldest claims yet; they’re going to try to take Xbox Live offline, forever!
While I doubt that they’ll be able to take it offline forever, I don’t doubt that it’s possible to cause severe disruption to online services over the holiday period. It’s also interesting to see the team take on so many big companies, as the longer they continue their campaign, the more likely they are to get caught.
There’s really nothing much you can do to prevent any of this, these hackers or whatever you want to call them are just out to disrupt anything they don’t like. If you want to be safe as possible, just make sure your Xbox Live password doesn’t match an account elsewhere on the web and/or remove your bank details, as you can always use store-bought top-up cards anyway.
Thank you VGStations for providing us with this information.
Xbox Live users in turn tweeted Microsoft about the outage, complaining about not being able to access their account. Microsoft did not respond.
Lizard Squad has previously taken responsibility for DDoS attacks on the Sony PlayStation Network, the game Destiny, and “several EA games” (as yet unnamed). They seem to be pondering the target of their next attack.