In December of 2014, just a few days after Christmas, the gaming networks of both Sony Playstation and Microsoft Xbox were taken down for hours on end. This was done by a group of young and mischievous hackers that call themselves the “Lizard Squad”. They were able to do so through the use of a tool in which they developed affectionately named the “Lizard Stressor”. The details of this attack were first brought to the public’s attention by KrebsOnSecurity on Jan. 9, 2015. Shortly after the story was released, the lizard stressor service itself was hacked by an unknown group of White Hats, and disappeared shortly following that. The group has been back in the news more recently due to the arrests of about half a dozen young males for use of the Lizard Stressor tool by authorities in the United Kingdom. The National Crime Agency (NCA) released a statement regarding the arrest, “Those arrested are suspected of maliciously deploying Lizard Stresser, having bought the tool using alternative payment services such as Bitcoin in a bid to remain anonymous.” The NCA went on to mention that the organizations these individuals were going after included “…a leading national newspaper, a school, gaming companies and a number of online retailers.”
The NCA also has a group of agents looking into approximately 50 individuals that have downloaded the tool but have yet to use it maliciously. These agents are using a “knock-and-talk” approach to these individuals, as a large percentage are under the age of 20. This is part of a greater effort to keep younger individuals from turning to cybercrime as a means of living. What comes in to question here is whether or not the knock-and-talk approach is doing too little, or if it is the exact how we should handle these types of offenders. Gone are the days of hackers harmlessly pushing the limits of infrastructures to simply to find out, “what happens?” It has become a potentially multi-million dollar skill that is feeding a rapidly growing black market. With companies losing hundreds of millions of dollars on a very regular basis, it is hard to justify such soft consequences for those individuals, regardless of what their intentions with the tool may have been. In an article by Jose Pagliery of CNN, he goes over how the hacking culture itself has changed over the decades:
“In 1999, the hacker Space Rogue exposed how FAO Schwarz’s website was leaking consumer email addresses and forced the company to fix it. He was cheered. When Andrew Auernheimer (known as “weev”) did the same thing to AT&T in 2010, he spent more than a year in prison until his case was overturned on a technicality.”
The heroes of old have turned into the villains of new, and the amount of money involved is the sole reason for it. We take care of everything online, from our bills, to our taxes, to even our everyday shopping. When the stakes are this high, why wouldn’t you want the culprits conspiring with these tools to be punished?
However, there are always two sides to a story. As stated earlier, a large part of those 50 individuals who had downloaded this tool were still in their teenage years. As a society, it wouldn’t make sense to lock away these young and curious, yet misguided talents. The promise that they show simply by their interest in such a complex realm should be enough to justify helping them before they are lost to the life of cybercrime. With more and more areas of the world turning to information warfare as a very viable tactic, we are going to need people to combat it. Who better than the ones who grew up with an innate interest and obvious comprehension of such an abstract skill? Let us know what you think!
Sources: Brian Krebs, KrebsOnSecurity, Aug. 28th, 2015. “Six Nabbed for Using LizardSquad Attack Tool” https://krebsonsecurity.com/2015/08/six-nabbed-for-using-lizardsquad-attack-tool/
Jose Pagliery, CNNMoney.com, June 4th, 2015 “The Evolution of Hacking” http://www.cnn.com/2015/03/11/tech/computer-hacking-history/