Security researcher Graham Cluley has today published a post on ESET’s We Live Security blog which discusses the recent announcement from the British Police that they have arrested six people in connection with distributed denial-of-service (DDoS) attacks that attempted to bring down websites belonging to – amongst others – a national newspaper, a school and a number of online retailers.
Key takes outs from the post are listed below, however you can view the full piece at the following link: http://www.welivesecurity.com/2015/08/28/lizard-stresser-arrests
The news today is that some of the people suspected of deploying LizardStresser maliciously, swamping websites with unwanted traffic without the permission of the site owners, having purchased access to the tool through digital currency services such as Bitcoin, have been arrested as part of “Operation Vivarium”.
Those helping the police with their enquiries include:
A 17 year-old male from Manchester had computer equipment seized and was interviewed under caution by the NCA’s National Cyber Crime Unit (NCCU) on 27 August.
A 18 year-old-male from Huddersfield arrested and bailed on 27 August by Yorkshire and Humberside police.
A 18 year-old-male from Milton Keynes interviewed under caution by the South East ROCU (Regional Organised Crime Unit) on 26 August.
A 18 year-old male from Manchester arrested and bailed by North West ROCU and Greater Manchester Police on 26 August.
A 16 year-old male from Northampton arrested and bailed by East Midlands ROCU on 26 August.
A 15 year-old male from Stockport arrested by the North West ROCU and Greater Manchester Police on 24 August.
What I think is most notable about these details is that it is teenagers who are instigating denial-of-service attacks, attempting to bring down sites to disrupt businesses and organisations, presumably with mayhem in mind rather than money-making. It’s also clear that LizardStresser’s users might have believed that they could do so anonymously, without risk of their identities being discovered. The hack of Lizard Squad earlier this year, and the handing over of user data to the authorities proves that that belief was misguided
The National Crime Agency says that it is also visiting “approximately 50 addresses” linked to individuals who had accounts on the LizardStresser site, but are not currently thought to have actually launched attacks.