Lizard Squad vs The NCA

The National Crime Agency’s attempts to get to grips with online crime and hacking continued this week with the arrests of six people in the UK in “Operation Vivarium” The aptly named operation targeted users of hacking group Lizard Squad’s “Lizard Stresser” tool. The NCA say that this software that allowed users to pay a small fee to have websites attacked and put offline for up to eight hours at a time by using Distributed Denial of Service (DDoS) attacks. These increasingly common attacks flood web servers or websites with massive amounts of data which overwhelms them and crashes them leaving the sites inaccessible to other users whilst the attack lasts.

Those arrested are suspected of using Lizard Stresser to attack websites. Organisations believed to have been targeted by the suspects include a leading national newspaper, a school, gaming companies and a number of online retailers. The commercial effect of a DDoS attack can therefore be profound for the website owner, especially if it takes place when the targeted site would experience high volumes of traffic, but for comparatively low levels of effort and outlay for the attacker. Apparently, the individuals concerned had attempted to use Bitcoin for the purchase in an attempt to remain anonymous.

One interesting aspect of this investigation, which seems to be a new development in the NCA’s tactics, is that 50 or so individuals who are identified as being registered on the Lizard Squad website but who are not thought to have taken part in any attacks, will be receiving visits from NCA officers. Those receiving the visits “will be told that DDoS attacks are illegal, can prevent individuals from accessing vital online services, and can cause significant financial and reputational damage to businesses. They will also be informed that committing cyber crime can result in severe restrictions on their freedom, access to the internet, digital devices and future career prospects.”

As if they didn’t already know that. At first instance it looks more like the purpose of the visit is really to say “We know who you are and we know where you live” rather than to advise individuals of the above.

However, it might not be all bad, according to Tony Adams, Head of Investigations at the NCA’s National Cyber Crime Unit:

“One of our key priorities is to engage with those on the fringes of cyber criminality, to help them understand the consequences of cyber crime and how they can channel their abilities into productive and lucrative legitimate careers.”

So if you impress them, presumably they’ll offer you a job. It’s an interesting strategy development though, and probably a smart and cost-effective one, especially given the average ages of those identified (1/3 are under 20 years old).

It doesn’t appear to have been successful thus far, however, as news outlets reported today that the NCA’s own website was the victim of a hack by Lizard Squad that took it offline for an hour! The Lizard Squad also appear unrepentant, claiming that the raids targeted customers rather than members of Lizard Squad itself, that Lizard Stresser itself was obsolete and has long since been replaced by Shenron, a Lizard Stresser v2 that is still secure and that “whilst the NCA is doing mass raids, half the crew are relaxing in the Maldives.”

Nonetheless, for the individuals arrested over the previous week, this is the beginning of a long process. The evidence against them will no doubt be highly technical and complex. A great deal of digital material has been seized from them in their computers, phones and other digital media and they need expert advice on how to proceed. Cartwright King is a national firm with expertise in defending allegations of cyber crime. Our specialist cyber crime team can be contacted here.