Cyber Incident Victim: Lizard Squad

In December 2014, the Lizard Squad group executed distributed denial-of-service (DDoS) attacks against Sony PlayStation and Microsoft Xbox online gaming networks, causing widespread service disruptions. These attacks were later revealed to be promotional efforts for LizardStresser[dot]ru, a DDoS-for-hire service marketed as a network stress-testing tool. On January 16, 2015, a UK man was arrested in connection with these attacks, marking at least the second detention in an ongoing law enforcement investigation. Shortly after this arrest, the customer database for LizardStresser was breached, exposing records for 14,241 users. The compromised data included customer usernames and passwords stored in unencrypted plaintext, alongside transaction records showing customers had deposited approximately $11,000 in Bitcoin to fund DDoS attacks against thousands of internet targets. Security researcher Brian Krebs first reported the breach, noting the database provided evidence linking payments to specific attack campaigns.

The breach had immediate operational and legal consequences for Lizard Squad and its clients. The leaked database revealed the scale of LizardStresser’s commercial activities, identifying customers who paid for attacks while simultaneously exposing them to retaliation from rival groups or law enforcement. The plaintext password storage demonstrated severe security negligence, enabling credential theft and unauthorized access to user accounts. Forensic analysis of the database confirmed that the December attacks on gaming networks were intended to advertise LizardStresser’s capabilities. However, the breach eliminated any competitive advantage or market credibility the service possessed, as both its infrastructure and customer base became compromised. Law enforcement agencies globally gained access to financial records, attack logs, and client identities, significantly advancing investigative efforts initiated after the gaming network disruptions.