29
Dec 14

Who’s in the Lizard Squad?

The core members of a group calling itself “Lizard Squad” — which took responsibility for attacking Sony’s Playstation and Microsoft‘s Xbox networks and knocking them offline for Christmas Day — want very much to be recognized for their actions. So, here’s a closer look at two young men who appear to be anxious to let the world know they are closely connected to the attacks.

Kim Dotcom offers Lizard Squad members vouchers to stop the attack.

Kim Dotcom offers Lizard Squad members vouchers to stop the attack.

The LizardSquad reportedly only called off their attacks after MegaUpload founder Kim Dotcom offered the group some 3,000 vouchers for his content hosting service. The vouchers sell for $99 apiece, meaning that Dotcom effectively offered the group the equivalent of $300,000 to stop their seige.

On Dec. 26, BBC Radio aired an interview with two young men who claimed to have been involved in the attacks. The two were referred to in the interview only as “Member 1” and “Member 2,” but both have each given on-camera interviews previously (more on that in a bit).

The BBC’s Stephen Nolan asks Member 2, “It was nothing really to do with exposing a company for the greater good? You took the money and you ran, didn’t you, like a petty criminal?”

M2: “Well, we didn’t really expect money from it in the first place. If we really cared about money we could have used the twitter accounts that we generated over 50,000 followers within 24-48 hours we could have used that for monetization, you know? We could have easily sent out a couple of linked….profiles or whatever where each click could gain us three to six cents.”

Vinnie Omari, speaking to Sky News on Dec. 27.

Vinnie Omari, speaking to Sky News on Dec. 27.

Nolan: “So why did you take the vouchers, then?

M2: “It was just an offer. It’s hard to say. It was just a one-time thing. It’s $300,000 worth of vouchers.”

Nolan: “Dirty, grubby, greed?”

M2: “Well, that’s what happens, I’m afraid. That’s what it is like in the security business.”

Member2, the guy that does most of the talking in the BBC interview, appears to be a 22-year-old from the United Kingdom named Vinnie Omari. Sky News ran an on-camera interview with Omari on Dec. 27, quoting him as a “computer security analyst” as he talks about the attacks by LizardSquad and their supposed feud with a rival hacker gang.

The same voice can be heard on this video from Vinnie’s Youtube channel, in which he enthuses about hackforums[dot]net, a forum that is overrun with teenage wannabe hackers who spend most of their time trying to impress, attack or steal from one another.

In a thread on Hackforums that Omari began on Dec. 26 using the Hackforums username “Vinnie” Omari says he’s been given vouchers from Kim Dotcom’s Mega, and wonders if the Hackforums rules allow him to sell the vouchers on the forum.

Hackforums user "Vinnie" asks about selling MegaUpload vouchers.

Hackforums user “Vinnie” asks about selling MegaUpload vouchers.

vinnie-profit

Member 1 from the BBC interview also gave an on-camera interview to Sky News, although he does not give his real name; he offers a pseudonym — “Ryan.” According to multiple sources, this individual is a Finnish teenager named Julius Kivimäki who has used a variety of online monikers, including “Zee,” “Zeekill” and “Ry|an.” 

Julius "Ryan" Kivimaki talks to Sky News about the Lizardsquad attacks.

Julius “Ryan” Kivimaki talks to Sky News about the Lizardsquad attacks.

Sources say Kivimäki was arrested by Helsinki police in October 2013 on suspicion of running a huge botnet consisting of more than 60,000 hacked Web servers around the world. Local Finnish media reported on the youth’s arrest, although they didn’t name him. Kivimäki, 16, also was reportedly found in possession of more than 3,000 stolen credit cards.

Both of these individuals may in fact be guilty of nothing more than taking credit for other peoples’ crimes. But I hope it’s clear to the media that the Lizard Squad is not some sophisticated hacker group.

The Lizard Squad’s monocle-wearing mascot shows them to be little more than a group of fame-seeking kids who desperately aspire to be like LulzSec, a similarly minded gang whose core members were busted and went to jail. With any luck, these kids will get their wish soon enough.

Tags: , , , , , , , , , ,

130 comments

  1. So apparently taking down gaming console access is an all important priority to these idiots? And yes they are idiots with the brain the size of a pea.

    These guys are pure criminals, and all need to be arrested and pay financially for their crimes. I would imagine that Microsoft and Sony want them, as this is a core business of both companies.

    These idiots are just going to make the internet far worse for everyone, as eventually there will be no privacy.

    • Idiots? You really think you can hack into Sony or Microsoft and take down their game consoles? go ahead and try to you will fail you need a pretty big brain to not to get cought and to hack these things, they may only know how to do this but there brains arent as big as a pea and think this is easy easy money to them

      • Da fuq did I just read? You are commenting about brains that are the size of peas and yet you put together this… collection of words? Badly I might add. Dear me…

      • DDoS is not complicated my friend. Even attention seeking teenagers with brains the size of peas could pull it off.

      • Bob I’m not trying to pick a fight with you but these guy’s are Idiots. To prove my point: Would you agree that there are some really smart people that are in prison. Smart people go to prison everyday. These people are smart but they are Idiots, there talents are wasted in breaking the law and getting caught at some point and ending up in a prison cell. Not my idea of good use of brain power. Talent wasted. Just my thoughts.

        • Going to counter that logic with the fact that many “smart” people waste their talents working for government/security agencies hat have no other purpose than to violate the privacy of common folk…and THAT is a crap ton worse then some kids making sure you’re angry ass can’t get on LIVE or PSN, which is why you’re posting in the first place…

      • They are not even hackers. They’re DDosers completely different look it up

      • These are ddos attacks not hacking. They basically flood the servers with so much traffic that the servers cant handle it an crash.Even if these large companies build twice as many servers they have right now these attacks can and will keep happening.

      • Srsly… ddos attacks are simple. Any tool can download LOIC, type in the ip address you want to attack, click and off you go. Its not complicated. Probably the easiest attack one can pull off actually. learn2know

      • Actually it’s not very hard to launch a DDoS attack on anybody including Sony, Anybody who knows their way around a computer and know what he’s doing could launch a DDoS attack.

        • pretty sure not, take down ea facebook twitch or xbox live, i’ll waiting, but i will will wait a lot.

          • Whew! Good thing that Xbox Live is impenetrable by a DDoS attack and didn’t get DDoSed on Christmas Day!

            Rent a big enough botnet and you can take down almost anything as big as PSN or Xbox Live or even Facebook or Twitter. Vulnerability to DDoS attacks is a side effect of running a server.

      • Idiots? You really think you can hack into Sony or Microsoft and take down their game consoles?

        Lizard Squad didn’t hack Sony or Microsoft. They executed a DDoS attack using a botnet of hacked home routes. It’s almost like you’ve never read anything on this blog. I kind of wonder if you know how to read at all.

        go ahead and try to you will fail you need a pretty big brain to not to get cought and to hack these things,

        Since it is public knowledge and they bragged about it, I fail to see how you’re making a point about “not getting caught”

        they may only know how to do this but there brains arent as big as a pea and think this is easy easy money to them

        No, they’re a bunch of kids who have not yet developed the ability to comprehend cause and effect or consequences, and will probably finish developing that part of their brain in jail (it takes until age 25)

      • In what world are ddos attacks particularly brilliant and “hacking”?

    • They hacked it befor duh

    • i think it is a good thing

      • plz2meetUhopeUguessmyname

        ill be seeing you silly rabbit trix r 4 kids ,an white rabbit knows u an the hole your in .

    • There is already no expectation of privacy on the internet unless you are using proxies and encryption. And even then so, that will not let you escape government going after you for whatever reason whether true of fabricated. It is not so much our privacy being gone that is the problem, it is the lack of having our consent. And the government datacenters and their contracts with social media are to blame for that mess.

      Perhaps hackers are not the problem for pointing fingers. It is a good thing they highlight the shortcomings of the OSI Model. Security was never built into the functionality of these networks, because the early engineers were just happy to get the computers talking to each other.

      It is the hackers that push for better security to be implemented, we should all be thankful they are willing to bring these problems into the light by their work. Perhaps then, we can find better methods for keeping the government out of our communications.

  2. Like another member brought up, the lulz group went around laughing how they would never get caught, and even taunting law enforcement to catch them. Many of them were caught eventually.

    There was also the anonymous group who DDOS Paypal, and many of them also got caught.

  3. Vinnie looks like someone from ISIS, not from Finland.

  4. Twitter needs to be held accountable also for catering to these criminals. They have a long history of catering to criminals.

  5. Vinnie Omari, just turned 22, got grief from his younger brother, aged 10, because he could not play his Minecraft

    https://www.youtube.com/watch?v=QVXfAb8NXyM#t=123

  6. Well, if they’re just taking credit for the Lizard Sqad then they’re idiots, and with their previous wrap sheet they’re going to jail for it just like the Lizard Squad will.

  7. The facebook page for Vinnie Omari has – “Born on 24 December 1992”. In the BBC interview he says he has just turned 22. Perhaps he had too much to drink in celebration of his birthday when the attack was launched.

  8. What is really amazing is that the internet is so unsecure that two guys like this could pull this off.

    We desperately need a major paradigm shift to eliminate the anonymity that makes these kinds of exploits possible.

    I want an internet where every participant is clearly identified and every transaction is easily traceable. Those people who want to remain anonymous can have their own separate network that is totally quarantined from those of us who don’t want to be subject to these kinds of attacks, spam, and all the other BS that is making the current internet increasingly unusable.

    • Yea, basically that’s what we already have and is in the works. The anonymous portion is called the deep or dark web….

    • @ Mike Schumann – yours is the totalitarian reaction, on perfect display.

      Whenever someone does something wrong or anti social, the totalitarian impulse is to develop more authoritative accountability of anyone doing anything, ever, anywhere, at any time, so as to theoretically account for anyone who ever does anything wrong.

      While I too agree that perhaps certain ‘wild west’ aspects of the web may warrant a bit of taming, I recognize the totalitarian impulse whenever someone does something wrong and frankly, its a road to hell. The current state of the NSA is brought to you by precisely that mentality.

      • This! It can’t be said enough. Whenever we have something good and great, totalitarians and also lots of “normal” people start screaming about abuse and want to squash the good thing (whatever it might be).

        It is always amazing to see people ramble against things that would be good for themselves, e.g. regular employees being against unlimited sick days. They like only being able to take 5 paid sick days, which can be over with just catching one stomuch flu from the kids easily. I know, its a very communist thought for the average north american but totally normal in many European countries to get as many sick days as you’re sick. Yet the average north american worker spews employer logic and doesn’t want sick days for himself whenever he’s sick. He’d rather go to work and infect everyone else because he also can’t live without being paid for the additional days he’s sick.

        And now, normal people would like to have the kind of surveillance that was normal in east Germany. Google the “Stasi” and maybe watch the movie “Goodbye Lenin” and you may understand what you’re wishing for. Please do it in your own country but not in mine. I like my freedom.

  9. Well, looks like a lot of accounts are suspended or not available.

    Vinnsec Twitter is down. Google shows “null.cat” from last Twitter scrape. That now redirects to ice.gov., Not sure on validity, so I checked way back machine. Null.cat has one archive from oct. The website title is “DDoS Mafia”.

    Gotta love the narcissistic generation that just has to have attention… Dumb asses.

    • Nice! Couldn’t have said it better myself.

      This reminds me of a (so called) hacker (“Mahzar The Hacker”) that I tracked several years ago, after he had defaced a webmail server owned by my employers. He had used ‘c99shell’ in a poorly misguided attempt at pulling off a SQL-Injection on our (long since retired) NT4/Exchange 5.5 Outlook Web Access server. His attack was only partially successful. He had managed to replace the index.html, and inject the C99Shell code, but since the server wasn’t Apache based, the C99Shell had very limited capability, if any at all.

      I performed the forensic-exam of the system, after having made a snapshot of the system drives for chain-of-custody, and reported it up the chain of command. Along with my report, I delivered wedding photos of the attacker that clearly showed his face, which were taken from his website that I had tracked down via the C99Shell configuration files. Unfortunately, this particular attacker was located in Tehran, Iran. That being the case, my manager did not escalate the issue further because the lack of extradition treaties with Iran made prosecution impossible… or at least, that’s what I’ve come to believe… truthfully, I think it should have been reported to the State Department, or at least to the FBI. But, it’s now been several years since that incident, and none of the same crew even work there now… including myself.

      Anyway, my point is that you’re spot-on with the comment about narcissism. It was either narcissism or plain stupidity on the part of ‘Mahzar’ that allowed me to locate photos connecting his face with his moniker. In all of the years I’ve been involved in cyber-security, more often than not, the commonly held belief hold true time and time again, that the greater majority of these acts are committed by narcissistic kids that don’t fear the consequences of their actions, and often have misplaced anger that would be better used to improve their situation rather than to create a chain of events that inevitably will lead to their incarceration, or worse. Mahzar… if the pictures I found were not simply a frame-up to falsely implicate a fall-guy, is more of an exception from the norm. Based on the photos, I’d say he was in his late 20s to early 30s, although it’s impossible to be certain about that. But, based on the evidence I collected, his actions were those of a system exploiter rather than a hacker. There was nothing used in his attack that displayed any unique creativity, rather opting for ‘off-the-shelf’ script-ware attacks. Oddly though, from the defacement page he put up on the server he attacked, you would think he believes he really accomplished something. All he really accomplished was pissing me off enough to go after him.

  10. The thing with ddos is that it is getting rapidly more powerful and (even scarier) more accessible to those with little to no tech savvy in conjunction with ‘awareness’ of it as an available eTantrum among non 1337 types.

    What isn’t being adequately addressed, until its too late for both the business and the basement dweller, is that the consequence of DDOS is enormous. It costs a real business a ton of money, does a lot of damage but the kid doing it has no idea the severity of what he’s doing.

    “Don’t Play With Matches/Fire” was inculcated in everyone over the age of 35 or so from the day they were born. Why? Because matches and lighters were everywhere (back in the day), yet their power to cause enormous harm might not be something understood by a stupid kid fooling around with them. The total sociopaths, there isn’t much you can do for them other than send them to jail. The ones that deserve our attention are the prankster type kids who don’t understand that ddosing a business/app/whatever amounts to walking in to their headquarters and setting their curtains on fire. The consequences might be a lot bigger than you want to deal with.

  11. Bobino ~ these brilliant youths didn’t “hack” anything. DDOS is not hacking.

    They are idiots

  12. I still don’t understand why we’re referring to DDOS attacks as “hacking”.

    There isn’t a serious level of sophistication that goes into these things and the media makes these guys out to be a squad of Kevin Mitnicks.

  13. none of this would have happened if they had the courage to leave their respective houses to talk to a girl.

  14. attacking a 75Bn$ company’s service and marketing presence is picking a fight in the wrong way. It will eventually make federal agencies develop a working process for dealing wih these kinds of attacks. Further, it wil bring the wrong kind of heat that you can’t stand and attention that you can’t diffuse or deflect.

  15. So Anonymous shut up the wrong people? http://pastebin.com/vBAU5HQH

  16. They did not hacked sony .v. and the True Will come out, Any smart hacker would know its not a smart idea to show ur face its the same has giving your name

  17. F””” lizard squad

  18. They did this for money…how about getting a regular job like the rest of us. They took down xbox and sony to have the children spend more time with their family….. Seeing the sad look on your child’s face after you spent a boat load of money on a gift you want them to use….Sorry but the lizard squad, as tech smart as they are, are all a bunch of selfish d**k heads that deserve whatever comes to them. Let’s see how tough they are away from the computer!

  19. I certainly don’t agree with the LizardSquad, but when the supposed land of the free is watching every key stroke we make, every website we go to, tracking our phone calls, is this really a big issue? A ddos attack on servers seems minor compared to the infringements upon civil liberty we encounter each and every day….

    • That’s 2 different matters. One doesn’t (shouldn’t) hide the other.

      Like saying that thieves shouldn’t be arrested because there’re still murderers on our streets…

  20. You just released the name of the Finnish minor, apparently involved in this.

    Are you daft?!

    There’s no place, NO PLACE where this guy can hide in a small country like Finland. THIS is why minors names are rarely released to the public.

    But well done. Hope you were right, and didn’t release a wrong name…. Again.

    • The kid showed his face in a Sky News interview pretending to be a member of this group, therefore agreeing to a crime he supposedly committed. Brian only connected the dots between his face to his name.

      Given the nationality of this kid, I also doubt that there’s ground for prosecution for a USA citizen releasing the name of a Finish citizen.

  21. It sounds to me like the solution to Lizard Squad is a spanking and some English lessons.

  22. I find it funny, that ‘normal’ people believe that if you go to jail for a crime, that it means your automatically stupid.
    Forgetting that the criminal might have by then stashed away more cash, then he or she could have made with normal work.
    In other words even if you go to jail, people can still have profited more from their crime, regardless of going to jail, then if they didn’t do what ever they did.

    Standard misrepresentation of news agencies, who most times just regurgitate the official police report, and have little insight in to the true motivations of people involved or the real actions that where taken or why.
    You see all kinds of discussions like here, where the ‘good people’ know best what to do with things they would never do them self.
    Gloating over a very limited amount of real knowledge of the case, pretending to know it all.

    If police have evidence of criminal activity they should pursue those leads, that doesn’t mean that anybody caught is automatically a pea brain, and it doesn’t make you a smarter person if you have a website called krebsonsecurity. It just means you made different choices, with what you want to do with your life.

    I’m sure Pablo Escobar thought that running a website called krebsonsecurity to make a living, is only for somebody with a pea brain.
    Sorry Krebs I know you didn’t say that, but it’s fun to use it as it was posted.

    Other news outlets seem to suggest that the PSN and Xbox DDOS attacks where a commercial for the Lizardsquad payed for DDOS attack service.
    So all these rightfully angry PSN and Xbox users, where maybe just used for the exposure of the DDOS service.

    Happy new year to all, Anonymous Tor User.

    • You’re bashing people for calling these choads idiots but your post reveals your own lack of intelligence. Go back to elementary school and learn about ‘your/you’re’, ‘then/than’, ‘where/were’, and most importantly, sacrificing logic and freedom for a quick payoff that closes off more opportunities for you later in life. Sure, they can make a quick cash now, maybe even stash it away, but in exchange they give up the right not only to live free, but to not be sodomized by a gorilla in prison.

  23. I see here everyone saying how its easy to DDoS and that its not hacking and etc.. But why no one is looking to the other side of this? I would really like to see everyone here to simply ddosing :) WTF will you get so much BOTS in the first place?! Some one sayed “rent them”, HOW? Why? Do you think these kids rented 60k (or so) bots to ddos? In the post it sayed that Ryan had before a botnet with such amount of bots.. This is a VERY VERY huge amount of bots!

    As I like to read alot about cyber security, I know that its VERY hard to get such amount of bots, bot owners have to infect and spread the trojan, which is hard as you need to make it FUD (fully undetected) which costs money, and you need either to buy/make traffic (which costs alot! look at traffic sellers (LEGIT ONES, online)).. you need to work alot to get big amounts of them.. I doubt they are alone.. and I doubt they were the minds of this..

    Yes, they are stupid, because they go on cameras, reveal them selves, use same emails and etc.. but they are young.. think what they will do once they are 30 :) and think about the ones, that dont want any attention and have such a big botnets which lead to massive banking/ddos/spam realated crimes!

  24. These wannabes need to die.