Lizard Squad


Lizard Squad was a black hat hacking group, mainly known for their claims of distributed denial-of-service attacks primarily to disrupt gaming-related services.
On September 3, 2014, Lizard Squad seemingly announced that it had disbanded only to return later on, claiming responsibility for a variety of attacks on prominent websites. The organization at one point participated in the Darkode hacking forums and shared hosting with them.
On April 30, 2016, Cloudflare published a blogpost detailing how cyber criminals using this group's name were issuing random threats of carrying out DDoS attacks, despite these threats, Cloudflare claim they failed to carry through with a single attack. As a result of this, the City of London Police issued an alert warning businesses not to comply with ransom messages threatening DDoS attacks.

Distributed denial-of-service attacks

A distributed denial-of-service attack occurs when numerous systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple systems flooding the targeted system with traffic. When a server is overloaded with connections, new connections can no longer be accepted.

Notable actions

''League of Legends'' DDoS

On August 18, 2014, servers of the game League of Legends were taken offline with a DDoS attack; this was claimed as Lizard Squad's first attack.

Destiny DDoS

On November 23, 2014, Lizard Squad claimed they attacked Destiny servers with a DDoS attack.

PlayStation Network DDoS

On August 24, 2014 the PlayStation Network was disrupted via a DDoS attack, and again On December 8, with Lizard Squad claiming responsibility.

Xbox Live DDoS

On December 1, 2014, Xbox Live was apparently attacked by Lizard Squad: users attempting to connect to use the service would be given the 80151909 error code.

The Machinima Hack

On December 2, 2014, Lizard Squad hacked Machinima.com, replacing their front page with ASCII art of their logo.

North Korea DDoS

On December 22, 2014, Internet in North Korea was taken offline by a DDoS attack. Lizard Squad claimed responsibility for the attack and linked to an IP address located in North Korea. North Korean Internet services were restored on the 23 December 2014.

Christmas attacks

Lizard Squad had previously threatened to take down gaming services on Christmas.
On December 25, 2014, Lizard Squad claimed to have performed a DDoS attack on the PlayStation Network and Xbox Live. On December 26, 2014 at 2:00 AM, Lizard Squad appeared to stop attacking PlayStation Network and Xbox Live. Gizmodo reported that the attacks may have ceased after Kim Dotcom offered Lizard Squad 3000 accounts on his upload service MEGA.

Tor sybil attack

On December 26, 2014, a Sybil attack involving more than 3000 relays was attempted against the Tor network. Nodes with names beginning with "LizardNSA" began appearing, Lizard Squad claimed responsibility for this attack.
The relevance of the attack was questioned. According to Tor relay node operator Thomas White, the consensus system made that Lizard Squad only managed to control "0.2743% of the network, equivalent of a tiny VPS".

Malaysia Airlines website attack

On January 26, 2015, the website of Malaysia Airlines was attacked, apparently by Lizard Squad, calling itself a "cyber caliphate". Users were redirected to another page bearing an image of a tuxedo-wearing lizard, and reading "Hacked by Cyber Caliphate". Underneath this was text reading "follow the cyber caliphate on twitter" after which were the Twitter accounts of the owner of UMG, "@UMGRobert" and CEO of UMG, "@UMG_Chris". The page also carried the headline "404 - Plane Not Found", an apparent reference to the airline's loss of flight MH370 the previous year. Malaysia Airlines assured customers and clients that customer data had not been compromised.
Media reports around the world said versions of the takeover in some regions included the wording "ISIS will prevail", which listed concerns of Lizard Squad's association with the Islamic State.

False claims

Bomb threats

On August 24, 2014, Lizard Squad claimed that a plane on which the president of Sony Online Entertainment, John Smedley, was flying, had explosives on board. The flight from Dallas to San Diego made an unscheduled landing in Phoenix, Arizona. Sony Online Entertainment announced that the FBI was investigating the incident.

Facebook, Instagram, and Tinder attack

On January 26, 2015, several social media services including Facebook and Instagram were unavailable to users. Tinder and HipChat were also affected. Lizard Squad claimed responsibility for the attacks, via a posting on a Twitter account previously used by the group. The outage, originally speculated to be a distributed denial-of-service attack, lasted a little under an hour before services were restored.
Facebook later released a statement saying its own engineers were to blame, and that the disruption to its services was not the result of a third-party attack, but instead occurred after they introduced a change that affected their configuration systems.

Explicit celebrity photos

On January 27, 2015, Lizard Squad claimed to have compromised Taylor Swift's Twitter and Instagram accounts. Once they claimed to have access, they threatened to release nude photos in exchange for bitcoins. Taylor Swift, however, retorted that "there were no naked pics" and told the offenders to "have fun" finding any.

Known members

Vinnie Omari

Vinnie Omari is a member of the Lizard Squad who was arrested and bailed under the alleged offences of "Enter into/concerned in acquisition/retention/use or control criminal property, Fraud by false representation - Fraud Act 2006, Conspire to steal from another, unauthorized computer access with intent to commit other offences". He was used as a public face on television & as a spokesperson for the news to represent LizardSquad.

Julius Kivimäki

Julius Kivimäki is a Finnish member of Lizard Squad convicted in July 2015 on over 50,000 counts of computer crime.

Zachary Buchta

19-year-old Zachary Buchta from Maryland, has been charged with computer crimes associated with a series of distributed denial-of-service attacks, stolen credit cards and selling DDoS-for-hire services. He was one of the members behind LizardSquad and also the Co-Group "PoodleCorp" which launched distributed denial-of-service attacks against multiple networks and gaming services. Buchta was hiding behind the Twitter alias @fbiarelosers, @xotehpoodle, and the online aliases “pein” & “lizard".

Bradley Jan Willem van Rooy

19-year-old Bradley Jan Willem van Rooy from the Netherlands, has been charged with computer crimes associated with a series of distributed denial-of-service attacks, stolen credit cards & selling DDoS-for-hire services.
He was one of the members behind LizardSquad who was mainly responsible for launching the DDoS-attacks announced by the group. Also he was one of the two managers behind the Twitter account @LizardLands which is the main Twitter account of LizardSquad since January 2015. He was normally hiding behind his Twitter alias @UchihaLS and the online aliases “UchihaLS”, "Uchiha" & “Dragon".