This article was published on January 9, 2015

LizardSquad’s DDoS tool is mostly powered by hacked home routers


LizardSquad’s DDoS tool is mostly powered by hacked home routers

LizardSquad, the group who knocked Xbox Live and the PlayStation Network offline over Christmas, subsequently revealed that their motive was to publicise their ‘booter’ site, designed to allow paying customers to knock sites offline.

Now Brian Krebs of KrebsOnSecurity, who has been investigating the group for some time and has been personally targeted by them, says the DDoS tool draws most of its bandwidth from hacked routers in homes around the world. The error made by the owners of those routers? Failing to change the factory-default usernames and passwords.

Krebs says LizardSquad’s botnet is not totally reliant on home routers. It also makes use of commercial routers at universities and companies as well as other devices.

His research suggests that the malware not only turns routers into attack tools but uses the infected system to scan the internet for more devices that use factory default settings. That means each host is constantly searching for more routers and other devices to infect, which could also include desktop servers and connected cameras.

Krebs also says that a previous attempt by LizardSquad to build a botnet, aiming to disrupt the Tor network, involved attempting to buy thousands of instances of Google’s cloud computing service using stolen credit cards. Google swiftly became aware of the attempt and shut it down.

A Google spokesperson told Krebs: “We’re aware of these reports, and have taken the appropriate actions.” Evidence of the scheme can be found on Pastebin and the Tor project mailing list.

LizardSquad’s tool is just one of many paid-for DDoS and IP stresser tools on the web. Users can pay between $6 and $500 for attack bursts of up to 500 minutes concurrently.

While the group may have benefitted financially from the publicity around its attacks on Sony and Microsoft as well as an unknown party using its tool to target the 8chan image board this week, several members have been arrested.

For everybody not planning to delve into the shadier parts of the internet, the existence of LizardSquad’s botnet should be a timely reminder to make sure you at least change your router’s username and password from the factory settings.

➤ Lizard Stresser Runs on Hacked Home Routers [KrebsOnSecurity]

Image credit: Shutterstock

Get the TNW newsletter

Get the most important tech news in your inbox each week.