Lizard Squad hits UK crime agency site with DDoS after arrests

Hacking group Lizard Squad has claimed responsibility for taking the UK National Crime Agency’s website offline on Tuesday morning in what appears to be revenge for the arrest six customers who paid for its botnet.

The NCA’s website was offline for about two hours from 9am on Tuesday in the UK, which the Lizard Squad quickly claimed credit for in a tweet stating: “Stressed out? #offline”. The post included above a picture of a lizard wearing a top hat and monocle, smoking a pipe.

The NCA last week arrested six people in the UK who’d paid to use Lizard Squad’s attack service known as “Lizard Stresser”, which the group developed to allow anyone to launch a distributed denial of service (DDoS) attack on a targeted website.

Lizard Stresser relies on a network of thousands of malware-infected home routers to add muscle to its service, which the NCA said was used against a national newspaper, a school, gaming companies and online retailers. The six people apprehended were all male aged between 15 and 18 years of age.

The NCA today stressed in a tweet that today’s attack hadn’t resulted in an actual intrusion, thus it .

Lizard Squad launched the paid-for service shortly after claiming responsibility for the high profile attacks on Sony and Microsoft’s gaming networks during the Christmas of 2014. Indeed, those attacks were supposedly a springboard for the service’s launch. The group is charging between $49 for a month to month attack service and up to $1,140 for lengthier periods, which can only be paid in Bitcoin, KrebsOnSecurity noted recently.

As the NCA’s cyber crime unit noted last week, tools like Lizard Stresser cost comparatively little for the attacker to use but can be costly for businesses in downtime.

Lizard Squad’s decision to only accept payments in Bitcoin however may be hamstringing the business, according to recent research into how Lizard Squad and other DDoS for hire services receive payments.

As reported in August, researchers at George Mason University, UC Berkeley’s International Computer Science Institute, and the University of Maryland found that Lizard Squad had converted only two percent of its nearly 13,000 users to paid subscribers compared to 15 percent and 23 percent respectively for rival services Asylum Stresser and VDO, both of which accepted PayPal.

The was based on leaked databases from the three services, showing that over two years they were responsible for nearly 640,000 attacks on 185,000 targets stemming from just under 7,000 paying subscribers.

Anecdotal evidence the researchers point to for Lizard Squad’s low conversion rate is that subscribers didn’t have Bitcoins to pay. However the data available in its leak only covered two weeks of its operation in which it earned $3,368.

Blast from the past?

Try our new Space Invaders inspired video game NOW

What score can you get ?

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags hackingcybercrimecybersecurityddosBitcoinCSO AustraliaLizard SquadNCA’s cyber crime unitUK crime agencyLizard StresserKrebsOnSecurity

More about MicrosoftPayPalSony

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts