[OPLIN 4cast] OPLIN 4cast #421: Inside the Dark Side

Editor editor at oplin.org
Wed Jan 21 10:30:26 EST 2015 

Email not displaying correctly? View it in your browser. 
<http://www.oplin.org/4cast/>
OPLIN 4Cast

OPLIN 4cast #421: Inside the Dark Side
January 21st, 2015

lizardThree months ago we posted a 4cast 
<http://www.oplin.org/4cast/?p=4966> about the availability of cheap 
Distributed Denial of Service (DDoS) attacks on the Internet, mentioning 
as well that OPLIN has a system in place to protect libraries from such 
attacks. Over the Christmas holidays, DDoS attacks on the Xbox Live and 
PlayStation networks got a lot of attention in the media, and shortly 
after that the "Lizard Squad" group that claimed credit for those 
attacks announced the availability of their own inexpensive DDoS service 
for hire. Now, thanks in large part to security researcher Brian Krebs, 
that service is falling apart and providing an interesting glimpse into 
the dark side of the Internet.

  * Lizard kids: A long trail of fail
    <http://krebsonsecurity.com/2014/12/lizard-kids-a-long-trail-of-fail/>
    (Krebs on Security | Brian Krebs) "The Lizard kids only ceased their
    attack against Sony's Playstation and Microsoft's Xbox Live networks
    last week after MegaUpload founder Kim Dotcom offered the group
    $300,000 worth of vouchers
    <http://krebsonsecurity.com/wp-content/uploads/2014/12/lyYRjQB.jpg>
    for his service in exchange for ending the assault. And in a
    development probably that shocks no one, the gang's members
    cynically told Dailydot
    <http://www.dailydot.com/crime/lizard-squad-lizard-stresser-ddos-service-psn-xbox-live-sony-microsoft/>
    that both attacks were just elaborate commercials for and a run-up
    to this DDoS-for-hire offering. The group is advertising the new
    'booter service' via its Twitter account, which has some 132,000+
    followers. Subscriptions range from $5.99 per month for the ability
    to knock a target offline for 100 seconds at a time, to $129.99
    monthly for DDoS attacks lasting more than eight hours."
  * A hacked DDoS-on-demand site offers a look into mind of "booter"
    users
    <http://arstechnica.com/security/2015/01/a-hacked-ddos-on-demand-site-offers-a-look-into-mind-of-booter-users/>
    (Ars Technica | Sean Gallagher) "Things have not gone all that well
    for LizardSquad since the launch of LizardStresser. Shortly after
    the service-which uses a botnet of hacked home and institutional
    routers-was launched, members of LizardSquad started getting
    arrested. Last week the LizardStresser server was hacked, and its
    database was dumped and posted to Mega by the former operator of the
    darknet 'doxing' site Doxbin. As a result, the usernames and
    passwords of LizardSquad's 'customers,' along with logs of the
    Internet addresses that had been attacked by the router botnet, were
    laid bare for everyone to see."
  * Xbox Live destroyers Lizard Squad facing backlash in underground
    hacker wars
    <http://www.forbes.com/sites/thomasbrewster/2015/01/20/lizard-squad-backlash/>
    (Forbes | Thomas Fox-Brewster) "Investigative journalist Brian Krebs
    broke the news that the Lizard Stresser Distributed Denial of
    Service (DDoS) offering, which lets people pay for website takedowns
    and which the Christmas attacks were supposed to advertise, was
    breached and the customer database leaked. /Forbes/ has obtained a
    copy of what appears to be a leaked Lizard Stresser database, though
    it differs from the one Krebs posted a screenshot of (incredibly,
    Lizard Squad has been making DMCA requests for links to the leaks to
    be taken down from Kim Dotcom's Mega storage service). The link came
    courtesy of one of the more talkative dark web denizens who goes by
    the name of 'nachash', who once ran the controversial Doxbin site,
    where personal details of select individuals were posted on the
    anonymising Tor network."
  * Lizard Squad's LizardStresser hacked and customer details made
    public
    <http://www.theguardian.com/technology/2015/jan/19/lizard-squad-lizardstresser-site-hacked>
    (The Guardian | Stuart Dredge) "The news follows several arrests
    made as police investigate the original PlayStation Network and Xbox
    Live attacks. On 31 December, a 22 year-old man from Twickenham was
    arrested by the South East Regional Organised Crime Unit
    <http://www.theguardian.com/technology/2015/jan/01/man-linked-to-lizard-squad-hack-arrested-over-2013-14-cyber-fraud>
    (SEROCU) on suspicion of fraud by false representation and Computer
    Misuse Act offences, before being released on bail until 10 March.
    Then, on 16 January, an 18 year-old man was arrested in Southport
    <http://www.theguardian.com/technology/2015/jan/16/man-held-over-lizard-squad-cyberattacks-on-psn-and-xbox-live>
    on suspicion of unauthorised access to computer material,
    unauthorised access with intent to commit further offences, and
    threats to kill."

*/Articles from Ohio Web Library <http://ohioweblibrary.org>:/*

  * How do booters work? Inside a DDoS for hire attack.
    <http://web.b.ebscohost.com.proxy.oplin.org/ehost/detail/detail?sid=85eea67d-654b-47f4-bb41-dd28618478f9%40sessionmgr113&vid=0&hid=115&bdata=JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d#db=cph&AN=89867465>
    (/eWeek/, 8/5/2013 | Sean Michael Kerner)
  * This is Lizard Squad, the nebulous hacker group now tied to the Sony
    hack.
    <http://web.b.ebscohost.com.proxy.oplin.org/ehost/detail/detail?sid=865a2399-fff6-497c-9816-76a22ece4132%40sessionmgr115&vid=0&hid=115&bdata=JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d#db=ulh&AN=100128985>
    (/Christian Science Monitor/, 12/24/2014 | Fruzsina Eördögh)
  * As gaming servers went down, hacker group's profile rose.
    <http://web.b.ebscohost.com.proxy.oplin.org/ehost/detail/detail?sid=7470707c-05ba-4f10-9a46-edd3730a2d93%40sessionmgr114&vid=0&hid=115&bdata=JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d#db=bwh&AN=wapo.909fcc3c-8d35-11e4-a085-34e9b9f09a58>
    (/The Washington Post/, 12/27/2014 | Brian Fung and Andrea Peterson)

------------------------------------------------------------------------
The */OPLIN 4cast/* is a weekly compilation of recent headlines, topics, 
and trends that could impact public libraries. You can subscribe to it 
in a variety of ways, such as:

  * *RSS feed.* You can receive the OPLIN 4cast via RSS feed by
    subscribing to the following URL:
    http://www.oplin.org/4cast/index.php/?feed=rss2.
  * *Live Bookmark.* If you're using the Firefox web browser, you can go
    to the 4cast website (http://www.oplin.org/4cast/) and click on the
    orange "radio wave" icon on the right side of the address bar. In
    Internet Explorer 7, click on the same icon to view or subscribe to
    the 4cast RSS feed.
  * *E-mail.* You can have the OPLIN 4cast delivered via e-mail (a'la
    OPLINlist and OPLINtech) by subscribing to the 4cast mailing list at
    http://mail.oplin.org/mailman/listinfo/OPLIN4cast.


OPLIN 4Cast
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplin4cast/attachments/20150121/afb140d9/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kubrickheader.jpg
Type: image/jpeg
Size: 38379 bytes
Desc: not available
URL: <http://lists.oplin.org/pipermail/oplin4cast/attachments/20150121/afb140d9/attachment-0003.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lizard.png
Type: image/png
Size: 18541 bytes
Desc: not available
URL: <http://lists.oplin.org/pipermail/oplin4cast/attachments/20150121/afb140d9/attachment-0003.png>

More information about the OPLIN4cast mailing list