back to article Lizard Squad gang moves from PlayStation, Xbox Live attacks to Tor

The developers of Tor, the software that tries to mask netizens' identities on the internet, have downplayed the arrival of 3,000 new relays – which are courtesy of a gang of mischief-makers. Tor Project members say the flood of nodes will largely be ignored by the network. The relays were seemingly introduced by Lizard Squad …

  1. ashdav

    Lizard Squad...

    And their point is...?

    No better than any yob in any high street.

    1. mhoulden

      Re: Lizard Squad...

      Given that the gaming networks attack happened on Christmas Day, I think you can guess how much of a life these people have.

  2. Anonymous Coward
    Anonymous Coward

    Well....

    I'll be seriously impressed if they don't get caught. They'll get caught. And they'll do a lot of time. Some of us will comment that you'd do less time for murder. That's normal.

    1. Destroy All Monsters Silver badge
      Paris Hilton

      Re: Well....

      What is normal?

      1. kellerr13

        Re: Well....

        Normal - Adjective. Consistency with the majority or most common.

    2. Grease Monkey

      Re: Well....

      "They'll get caught."

      A pawn will get caught and paraded round in front of the media as if he were a criminal mastermind instead of some pathetic little script kiddie who was stupid enough to get caught. That's what's normal.

      The idiot who gets caught won't be able to finger the rest of the Lizards and they'll bounce back up again under another name a few weeks later. Of course the fact that the suspect can't name anybody else involved will be used by the feds to "prove" that s/he is in fact the mastermind.

      The thing about these script kiddie gangs is that the media treat them as if they are criminal genii which of course encourages them. If the media reported them for what they are they'd probably run back into their bedrooms to hide. Nobody wants to be part of a gang that everybody laughs at.

      Don't believe me when I say the media takes them too seriously? Look at the news reports from thursday night and friday. How many of them talk about the Lizard Squad "hacking" the xbox network rather than just running a DDOS attack?

      1. Scroticus Canis
        Headmaster

        Re: Well.... Genii or Geniuses?

        Genii - mythological spirits associated with a particular person, place, or thing. Geniuses - really clever people. Same root but specifically different meaning in the plural forms.

        Well this lot have a lot to be desired in both the spiritual and intellectual arenas. Need a damned good spanking and off to bed with no supper.

  3. DougS Silver badge

    There are more than a million Tor relays?

    That seems unlikely to me, that would mean about 0.1% of full time internet connected machines are Tor relays?

    1. Don H

      Re: There are more than a million Tor relays?

      "less than 1 % by capacity", not by number of nodes.

    2. Ben Tasker Silver badge

      Re: There are more than a million Tor relays?

      There are, roughly, 9000 nodes.

      The percentages relate to capacity.

      The article doesn't mention it, but it was also pointed out to the Lizards (on the mailing list) that they'd made something of an OpSec facepalm. I'll leave you to look over the publicly accessible data to work out what it is :)

  4. Anonymous Coward
    Anonymous Coward

    Can we stop calling them hackers yet?

    They clearly barely understand how a network operates.

    1. Sir Sham Cad

      Re: Can we stop calling them hackers yet?

      They know how to run DDoS scripts from decentralised nodes (bought some time on a botnet) and run Tor nodes on some cloud hosts (bought some time on ... )

      I'm sensing a pattern in these terrifying, unstoppable leet hax attacks, I just can't quite put my finger on it.

      1. king of foo

        the tablets will save us...

        The decline of windows in the living room could mean the death of the botnet as we know it today. I (still) fear the (id)iot.

        1. Bugs R Us

          Re: the tablets will save us...

          No need for living room computers, we have cloud infrastructure now to play with. Cloud computing providers don't care what VMs are used for as long as there is a credit card to go with each one.

          1. king of foo

            Re: the tablets will save us...

            Hmmm. I'm not so sure. I'm no 1337 H4XX0R but surely for the "perfect" ddos you'd want as many distinct attack vectors as possible spread as far across the globe as you can get them. That's not how most cloud services work is it? (single badass data centre with enough cooling to start the next ice age). Actually "hacking" and poisoning the vm's being used would theoretically give you the volume, but not the spread. A few thousand "clever" fridges or toasters could do far more damage imho, especially if enterprising crims were to subvert the production process.

            I can't see skiddies using daddy's credit card to set up their own VM farm for ddosing...

            1. Ben Tasker Silver badge

              Re: the tablets will save us...

              I can't see skiddies using daddy's credit card to set up their own VM farm for ddosing...

              I can see some of them doing that.... Others will use stolen CC details, others will use stolen vouchers.

              You do want your attack nodes spread out, but don't underestimate the benefit of using a server with a 1Gbps (or better, 10) connection over that of using something that manages 500Kb upstream.

              The biggest benefit of using pawned consumer devices is that they (historically) aren't so easily noticed and shut down. You may get to run an attack from VMs for a while, but it's far easier for your host to shut you down than it is for 1000 home devices to be cleaned of your malware.

          2. Kiwi Silver badge
            Linux

            Re: the tablets will save us...

            Cloud computing providers don't care what VMs are used for as long as there is a credit card to go with each one.

            Not 100% true.

            My servers recently came under an attack of some sort that I suspect was from a botnet. Not DOS levels by any means but several thousand more attempts to get in to SSH and other services than normal, ie rahter than the odd one or two per hour I was seeing hundreds, and all the same few login names (before security software closed the door on them) from many different ISP's.

            These included some cloud providers. Often their IP's would show up in a close bunch as well, light I might get a dozen hits from one cloud company in a few mintues before things went back to random.

            Anyway.. I made contact with several ISP's. A few responded, but a couple responded very well. I'm not sure if I should name one but I can say that from shortly after their people responded to my message, their IP's disappeared from my logs. Not just the IP's I'd identified either. (The NZ ISPs were appallingly unwilling to help! - yes, looking at pretty much al of you! Shame on you, if I could get my internet from another country I would. NK or China or Redmond would probably be more secure!)

            Anyway.. Some at least will help, and it looks like certain ones will go to some good lengths to secure their systems (they won't tell me what they did sadly, I'd love to know even the basics).

  5. Anonymous Coward
    Anonymous Coward

    More B.S.

    Why would Lizard Squad attack a network they depend on?

    How many I.T. people and hackers out there are dumb enough to believe that?

  6. TeeCee Gold badge
    Facepalm

    Aha!

    claimed it was testing out an alleged zero-day vulnerability in the Tor service

    So it's all a cunning plan then:

    1) Run a load of DDOS scripts to screw over a couple of high-profile services.

    2) Wait until tabloid press / TV screams about "hackers".

    3) Talk cryptic bollocks about scary vulns wot only you know about.

    Presto, script kiddy to l33t hax0r in three simple steps. It's what every sad little wanker wants for Christmas.

  7. MissingSecurity

    Lizards Identiy

    Krebs on Security has a good write up and who some of these people possibly are:

    http://krebsonsecurity.com/2014/12/whos-in-the-lizard-squad/

    If anyone is interested.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019