Ironically enough, the hacking group responsible for taking down Sony PlayStation and Microsoft Xbox gaming networks offline during Christmas, known as ‘Lizard Squad,’ has been compromised.
According to independent security journalist Brian Krebs, the incident exposed the unencrypted login credentials of more than 14,000 prospective users of Lizzardstresser.su – the group’s DDoS-for-hire service.
Although only a couple hundred of these accounts appeared to have been funded, the details of registrants are now in the hands of investigators.
Since the hacking group’s online attack service launched last year, customers of the service deposited more than $11,000 USD worth of bitcoins to pay for attacks on thousands of Internet addresses and websites, including KrebsonSecurity, said the reporter.
Less than a week prior to the incident, Krebs also revealed that the hacking ring’s attack infrastructure was being powered by thousands of hacked home routers using factory-default usernames and passwords.
However, Tripwire Security Analyst Ken Westin said their attempt to cause “awareness,” or amusement, could put them at greater risk due to lack of understanding or pure complacency when it comes to securing the system.
“Criminals with more malicious intent could hijack the system, causing damage to infrastructure and further compromise people’s home networks.”
Nonetheless, Westin commented the real crime committed comes from the people that registered for the service.
Last week, United Kingdom police arrested an 18-year-old suspected of involvement with the Sony and Microsoft denial-of-service attacks after being accused of unauthorized access to computer material. UK police declined to publicly name the individual, but some sources have identified the suspect as Jordan “Jordie’ Lee-Bevan.
The arrest is one of several that officials have made since the Christmas Day attacks, including alleged Lizard Squad member 22-year-old Vincent “Vinnie” Omari and 17-year-old Julius “Ryan/Zeekill” Kivimäki.