Factory-default usernames and passwords for home routers are once again the culprits behind two high-profile distributed denial of service (DDoS) attacks on Sony and Microsoft’s gaming networks.
Both the PlayStation Network and Xbox Live were knocked offline in August and over the holidays respectively by a group known as Lizard Squad. The group runs a DDoS-for-hire service called Lizard Stresser, where people can pay to take corporate or individual websites offline for a specified period of time. According to independent researcher Brian Krebs, the stresser—hosted by a dodgy ISP in Bosnia—is fed by bandwidth from hacked home Internet routers worldwide.
The botnet also contains commercial routers at universities and companies, and Krebs said that there are “undoubtedly” other devices involved.
“The preponderance of routers represented in the botnet probably has to do with the way that the botnet spreads and scans for new potential hosts,” he said in a posting. “But there is no reason the malware couldn’t spread to a wide range of devices powered by the Linux operating system, including desktop servers and Internet-connected cameras.”
This is the latest in bandwidth schemes that Lizard Squad has had.
Investigators told Krebs that it had been renting cloud capacity from Google using stolen credit cards, until Google got wind of the situation and shut them down. And, it was planning to use hundreds of servers to act as Tor relays, taking down the anonymity.
Investigators are working with law enforcement to disrupt the operation, and are making progress on identifying the culprits.
“[The Bosnian ISP] happens to be on the same ‘bulletproof’ hosting network advertised by 'sp3c1alist,' the administrator of the cybercrime forum Darkode,” Krebs said. “Until a few days ago, Darkode and LizardStresser shared the same Internet address. Interestingly, one of the core members of the Lizard Squad is an individual who goes by the nickname ‘Sp3c.’”
This article has been extracted from http://www.infosecurity-magazine.com, please click on this link to read the article in full http://www.infosecurity-magazine.com/news/lizard-squad-botnet-home-routers/
Montash is a multi-award winning global technology recruitment business. Specialising in permanent and contract positions across mid-senior appointments across a wide range of industry sectors and IT functions, including:
ERP, BI & Data, Information Security, IT Architecture & Strategy, Energy Technology, Demand IT and Business Engagement, Digital and E-commerce, Leadership Talent, Infrastructure and Service Delivery, Project and Programme Delivery.
Montash is headquartered in Old Street, London, in the heart of the technology hub. Montash has completed assignments in over 30 countries and has appointed technical professionals from board level to senior and mid management in permanent and contract roles.