Lizard Squad, the “hacker” group best known for attacking Microsoft’s Xbox Live and Sony’s PlayStation Network, has now launched a distributed denial-of-service (DDoS) attack tool. Now anyone can now take down the website or online service of their choice thanks to “Lizard Stresser,” which we’re not linking to for obvious reasons.
A DDoS attack is a common method for taking down a server by overloading it with requests. The end goal is to make a machine or network resource unavailable to its intended users.
“Welcome to LizardStresser, brought to you by Lizard Squad,” reads the tool’s introduction page. “This booter is famous for taking down some of the world’s largest gaming networks such as Xbox Live, Playstation Network, Jagex, BattleNet, League of Legends, and many more! With this stresser, you wield the power to launch some of the world’s largest denial of service attacks.”
It offers eight packages, ranging from $6 monthly (for taking down a site for 100 seconds) to $130 monthly (for taking down a site for 30,000 seconds, or over 8 hours). It also has “lifetime” options that are one-time fees ranging from $30 to $500 (the page notes this actually means five years, because that’s apparently how long the tool will exist).
Not only is Lizard Stresser open to anyone willing to pay, but customers can also use it against any target they wish. As a result, if someone wanted to target Xbox Live and PlayStation Network again, they could do so, even though Lizard Squad itself promised not to attack those services anymore.
Lizard Stresser even has a referral system: “We give you 10 percent of whatever money your referrals spend. To cash out the money, please open a ticket and tell us which plan you want.”
It also lets you upgrade to higher-end packages, presumably by paying the difference, if you want more power. Lizard Stresser offers add-ons as well:
The service only accepts the cryptocurrency bitcoin, though the group says PayPal support is “coming soon.” The payment system doesn’t work with VPNs, so those making purchases will have to find other ways to hide their identity and location if they want to remain anonymous.
At the time of report, Lizard Stresser has supposedly been used seven times (Update: Now the page says three times, so the number is clearly not accurate, and either way it is quite low given sales opened seven hours ago). The site claims attack power (the amount of traffic requests with which customers can overload their targets) currently stands at a 2Tbps average and that the total network traffic is 30Tbps, which is simply preposterous.
As expected, Lizard Squad is making other grand claims about its “booter” on Twitter. Here is an example:
Without correct power distribution, if you hit a home connection right now, you'll drop the entire city.
— R.I.U. Lizard Squad (@LizardMafia) December 30, 2014
Commercial tools for DDoS attacks are nothing new and are readily available on hacking forums. Yet even if the above claims are significantly exaggerated, Lizard Stresser is certainly unique in its alleged size, as is the group’s track record — Lizard Squad clearly plans to use its “fame” on Twitter to attract potential clients.
The group, which has had multiple Twitter accounts suspended but merely creates new ones, has previously hinted that it is funded by “interested parties.” In fact, Lizard Squad has previously said it has sold “DDoS as a service,” which is exactly what Lizard Stresser is.
This would suggest all the attacks so far have simply been a marketing ploy for Lizard Stresser. Whoever is funding the group is now looking to cash in on their investment.
Lizard Squad gained fame this month by attacking Microsoft’s Xbox Live and Sony’s PlayStation Network multiple times, most notably on Christmas Day, resulting in many being unable to play video games online. The impact was particularly large for many reasons.
First of all, the DDoS attack targeted both Xbox Live and PSN, the two largest console gaming networks. Next, the timing was key: Many gamers naturally wanted to play on their day off, whether on an already-purchased game console or on one received as a present for Christmas. Finally, the aftermath of the attack was massive, if not greater than the attack itself, because the game networks couldn’t handle the traffic of millions of consoles trying to get back online all at once after the attack was over.
While VentureBeat hasn’t tested Lizard Stresser, I expect it works given Lizard Squad’s history, even if doesn’t offer the capacity the group claims. That said, Lizard Squad has made dubious claims in the past, so naturally I recommend looking at everything it does with some skepticism.