29
Dec 14

Who’s in the Lizard Squad?

The core members of a group calling itself “Lizard Squad” — which took responsibility for attacking Sony’s Playstation and Microsoft‘s Xbox networks and knocking them offline for Christmas Day — want very much to be recognized for their actions. So, here’s a closer look at two young men who appear to be anxious to let the world know they are closely connected to the attacks.

Kim Dotcom offers Lizard Squad members vouchers to stop the attack.

Kim Dotcom offers Lizard Squad members vouchers to stop the attack.

The LizardSquad reportedly only called off their attacks after MegaUpload founder Kim Dotcom offered the group some 3,000 vouchers for his content hosting service. The vouchers sell for $99 apiece, meaning that Dotcom effectively offered the group the equivalent of $300,000 to stop their seige.

On Dec. 26, BBC Radio aired an interview with two young men who claimed to have been involved in the attacks. The two were referred to in the interview only as “Member 1” and “Member 2,” but both have each given on-camera interviews previously (more on that in a bit).

The BBC’s Stephen Nolan asks Member 2, “It was nothing really to do with exposing a company for the greater good? You took the money and you ran, didn’t you, like a petty criminal?”

M2: “Well, we didn’t really expect money from it in the first place. If we really cared about money we could have used the twitter accounts that we generated over 50,000 followers within 24-48 hours we could have used that for monetization, you know? We could have easily sent out a couple of linked….profiles or whatever where each click could gain us three to six cents.”

Vinnie Omari, speaking to Sky News on Dec. 27.

Vinnie Omari, speaking to Sky News on Dec. 27.

Nolan: “So why did you take the vouchers, then?

M2: “It was just an offer. It’s hard to say. It was just a one-time thing. It’s $300,000 worth of vouchers.”

Nolan: “Dirty, grubby, greed?”

M2: “Well, that’s what happens, I’m afraid. That’s what it is like in the security business.”

Member2, the guy that does most of the talking in the BBC interview, appears to be a 22-year-old from the United Kingdom named Vinnie Omari. Sky News ran an on-camera interview with Omari on Dec. 27, quoting him as a “computer security analyst” as he talks about the attacks by LizardSquad and their supposed feud with a rival hacker gang.

The same voice can be heard on this video from Vinnie’s Youtube channel, in which he enthuses about hackforums[dot]net, a forum that is overrun with teenage wannabe hackers who spend most of their time trying to impress, attack or steal from one another.

In a thread on Hackforums that Omari began on Dec. 26 using the Hackforums username “Vinnie” Omari says he’s been given vouchers from Kim Dotcom’s Mega, and wonders if the Hackforums rules allow him to sell the vouchers on the forum.

Hackforums user "Vinnie" asks about selling MegaUpload vouchers.

Hackforums user “Vinnie” asks about selling MegaUpload vouchers.

vinnie-profit

Member 1 from the BBC interview also gave an on-camera interview to Sky News, although he does not give his real name; he offers a pseudonym — “Ryan.” According to multiple sources, this individual is a Finnish teenager named Julius Kivimäki who has used a variety of online monikers, including “Zee,” “Zeekill” and “Ry|an.” 

Julius "Ryan" Kivimaki talks to Sky News about the Lizardsquad attacks.

Julius “Ryan” Kivimaki talks to Sky News about the Lizardsquad attacks.

Sources say Kivimäki was arrested by Helsinki police in October 2013 on suspicion of running a huge botnet consisting of more than 60,000 hacked Web servers around the world. Local Finnish media reported on the youth’s arrest, although they didn’t name him. Kivimäki, 16, also was reportedly found in possession of more than 3,000 stolen credit cards.

Both of these individuals may in fact be guilty of nothing more than taking credit for other peoples’ crimes. But I hope it’s clear to the media that the Lizard Squad is not some sophisticated hacker group.

The Lizard Squad’s monocle-wearing mascot shows them to be little more than a group of fame-seeking kids who desperately aspire to be like LulzSec, a similarly minded gang whose core members were busted and went to jail. With any luck, these kids will get their wish soon enough.

Tags: , , , , , , , , , ,

130 comments

  1. Good work Brian. There is another one I believe to be involved in the attacks. His moniker on Twitter is @conrepping. One of the Lizard Squad was posting pictures of a guy with a bandanna around his mouth just enough to reveal his eyes which looks extremely similiar to photos of conrepping. Did you happen to get a glimpse of the supposed “screenshots” inside one of Sony’s servers they were posting two days ago? I’m not buying it.

  2. confirming zeekill aka julius kivimaki is indeed an active member in the lizard squad

  3. Great move by Mr. Kim.

    This will give a great way to trace these nuggets… even if they aren’t dumb enough to use them themselves, the sales will no doubt not all be anonymously done and give a path back to them.

    • Why wouldn’t the sales be anonymously done? Seems like a an easier task than to DDoS PSN and Xbox. No way they will be traced because of these vouchers.

      • Anonymous financial transactions? What like BTC? Hahaha. Christmas cracker joke. They can’t even be normal-person-not-looking-for-attention anonymous anyway so there’s that.

  4. The sad story is that this ‘not some sophisticated hackers group’ took down two sophisticated game networks with big money behind them.
    It indicates, again, how fragile the Internet is really is.

    • Think of it this way, it’s like 100 kids standing in front of your favourite shop… how to mitigate is difficult, you can do some policing but on the other hand, you don’t want to limit who comes into your shop.

      • Not exactly. The store is local and the service is global. The issue to stop ddos is clear, but if we like to depend on Web services, we need to realize how fragile are they.

        • This is just the internet rejecting the centralized model. Its easy to take down a service when there is one gateway everyone has to connect through.

          The big platform holders and developers want absolute control so they can artificially end-of-life their games and enforce DRM.

          Aside from the collateral damage to regular people just wanting to play games over the holiday i have no problems with a couple of teenagers showing everyone how bad centralized services are.

          Too bad its unlikely to change anything apart from criminalizing yet more online activity.

          • This myth that hackers spread, that they are making systems more secure by hacking them, is hypocritical.

            Nothing will ever be 100% secure till the end of time, and the only problem will always be malicious hackers themselves. Only criminals blame victims.

            Thats sort of like a mob extorting protection money from businesses, that they themselves would otherwise rob. Or saying its ok to rape women because they asked for it by the way the dress. Its hypocritical and makes me embarrassed every time i hear someone like you encourage such things.

            There is no premature end of life, these “centralized” servers for some of the most popular games are still running after 15 years. you live in a fantasy land.

            As for why online video games die, its almost always because people don’t want to play with cheaters and trolls that end up driving everyone away, whether they are hackers or not.

            People of all ages play video games. Assuming only kids play, is why noone takes it serious enough. It should be a billion dollar industry like athletic sports, and all these hackers are doing is taking food out of babies mouths.

            Society is not dumb and noone needs to be a computer programmer to see through phonies online. Its called human nature, and more arrogant nerds are going to realize this, one by one.

            • Nothing is 100% secure correct, but that is not even the issue here. Protecting a single point of entry against a high volume of traffic — while keeping that service up — is very difficult. As Lizard Squad have shown us.

              There is more than one DNS server on the internet for a reason.

              Also i may have an axe to grind about how games companies run their services and DRM but it is absolutely true that online services get shut down while there are still customers who paid for the game wanting to use it.

              Try playing Crysis 2 (a game you can still buy) online now Crysis 3 has launched, you can’t. There are many other examples, including the original Xbox Live.

              There is no reason these services cannot be run in distributed way. More and more of their customers are sitting on quality high bandwidth links, why not use that resource?

              • I agree with the other guy. You can’t stand in front of an “ice cream shop” with 10,000 of your bot friend and say “Seeeeee, you can’t handle 10,000 customers at a time? Why don’t you beef up you security?” That’s ridiculous. What these kids are doing is criminal, period. The Xbox and PSN networks are built to handle their projected user base, not 25,000 DDos bots or whatever the f-cking number is.

              • Crysis 2 is the perfect example of a good multiplayer, that got hacked out of existence.

                It was so cheated in the beta, that crytek publicly promised more security mesasures with the official release. It didn’t help. It was bot city and everyone stopped playing it.

                Don’t blame crytek for that…..blame the trolls that noone wants to play with!

    • The Internet isn’t fragile, specific services are. So Sony and Microsoft’s gaming networks were unavailable… that didn’t mean you couldn’t browse to Amazon and buy things or post on Steam’s forums. The Internet itself is very resilient although not invincible by any means.

  5. I wonder what games they can play on that vouchers?

    hahahhaa

    Seems to be something for them to know nothing about.

  6. All of the lizard squad people should be banned on psn for good, if they try to get on xbox they should also be banned from there as well. People like this ruin everything for others. It’s just the dumbest thing to try and hack it doesn’t make you cool. Nobody likes hackers so just stop it’s annoying!!!!!!

    Stop these people for good get them off playstation.

  7. I think it should be a crime to pay cybercriminals, juveniles or not, unless you’ve contacted the authorities & it helps prosecute them.

    We are at war & we’re losing. Why?

    No one with the resources but the government has the breadth to attack the problem.

    No large corporation, or a group of large corporations, is going to step up & invest its resources into fighting cybercrime unless the crime directly effects its bottom line.

    Obviously, the government is constrained by national borders, & agreements with other cooperative nations, giving the criminals safe havens to operate from. So, it’s only marginally effective.

    Since the internet was not designed with security in mind, I would not be adverse to the U.S. government creating a security national network that is public, but not private.

    Anyone using it agrees to have their traffic monitored for criminal/terrorist activity. I pay my taxes, I’m not a criminal or a terrorist. ;^)

    I don’t care about social networking/pornography/gaming/celebrity gossip/ sensationalism/ ads for Asian/Russian/Lower Slobovian hot babes that want to jump in bed with me & share genetic material.

    I just would like to have a safe place to conduct business activity & would give up some privacy to get it.

    Is that too much to ask? Apparently, so.

    • Sheep. The NSA CIA FBI already monitor web traffic. Go an astronomical amount. That is why people who are educating themselves have turned to the tor network for annoyomity. Regardless of what I’m doing(nothing illegal of course) our government needs to keep there noses ou .

      • ;^D I suspected that just wanting a safe way to conduct business without having to spend an inordinate amount of time trying to protect my communication was going to get a lot of responses that miss the point completely.

        BTW I used to work at NSA, so I probably know a bit more about the organization & what they do than you do. Although you could have worked there, too, I don’t think you would be quite so paranoid if you had. ;^)

        A safe network alternative to the internet would have to be supported by someone, or the horrendous ads that currently are proliferating exponentially would simply segway over to the secure network. The government is the only one with the resources to put one in place without a financial incentive.

        I’m certainly not proposing replacing the internet, or all its malodorous sludge that passes for entertainment.

        All you ranters & ravers can stay on the current internet & spend your hours trying to fix the unfixable. Fine with me. I wish you well.

    • We already have what you want, are you any safer? Any free’er?
      No, what you want will never exist, unless the politician make the NSA really do its job. But that gives too much power to the state. It becomes its own worst enemy. All your communications, communications gear, and tracing gears have the ability to be tracked. But the quantity of data, the quality of search programs, and the limited time to co-opt the process, that is amazing. Right now, I’m on an android tablet. The sound is turned all the way off, I got tired of listening to the snapshots. That will tell you how secure all your communications are. Its businesses who really don’t need that information, but who intrude because they can.

      • An interesting thought, but if you read my comment a bit more carefully, you might see that, no, we don’t have what I want.

        I’m sure I wasn’t very clear. An alternative network set up by the government because anyone with a financial incentive will stuff it full of the same kind of news & ads that are already cluttering up the internet.

        I never wanted to replace the internet, the playpen of the juvenile cyberdelinquents, porno addicts, etc. Let them spend their lives wallowing in the gossip about someone who just got pregnant, stubbed their toe, or whatever. Fine.

        The risk doesn’t really work well for business because of the time & resources that are necessary to try to make it secure. & if you bank, or trade, or have information vital to the interests of your business, you have to try to make something secure that was never intended to be secure, & will likely never be.

        You’re better off just to scrap it & start all over.

        Can’t be done? Wrong. Check out the QubesOS operating system. Put enough thought into something & it can be created.

    • I’m more so in agreement, Quinn.

      Drew, I’m for more inspecting of digital traffic signatures. I’m fine with keeping data from the government (TOR-away). However, if a particular user gets caught by known malicious traffic signatures (digital inspection), I go for blocking that traffic.

      Claus, there’s not enough national inspecting with digital traffic signatures I move for more, in my opinion. There’s not enough (in my opinion) of it–there is an awful lot of known malicious traffic.

      I’m not currently fearing malicious traffic from any democratic government agency. I am seeing lots of maliciousness from non-democtratic, non-government locations.

    • Yes only hackers have the ability to fight hackers, But even gov’t hackers end up just mostly going after non hacking defenseless people like any other malicious hacker… its pretty sad.

  8. mitchjones the truth

    Smoked by krebs like they was hooch.

  9. Hey Brian,

    Good article, just the term “hacker” is wrong from what I think hackers are…we need hackers…but these guys are simply annoying…but I do not agree to the idea of a safe, because screened & monitored Internet…they are killing the idea of the Internet doing so…FBI, NSA and friends do not just want to find the bad guys and attempt to protect us from them…they want much more…

    Cheers
    Claus

  10. As soon as I saw the headline question, “Who’s in the Lizard Squad?” my mind ran to Leisure Suit Larry, the big cheese in the classic game Leisure Suit Larry in the Land of the Lounge Lizards (see http://en.wikipedia.org/wiki/Leisure_Suit_Larry_in_the_Land_of_the_Lounge_Lizards)

    Then I thought of Lot Lizards, an endearing term for the ladies of the night who roam the parking lots at truck stops. (Search Google for the No Lot Lizards stickers truckers use to ward them off.)

    Turns out the correct answer is two young hacker punks. Oh, well, live and learn. 😉

    • I wonder how many people actually are in lizard squad? Shadow Crew had 4000 people on their forums in 2004. I imagine groups now are much bigger.

  11. My son plays xbox and lizard squad kept hacking us. They told my son that he had to write lizard squad rules on his forehead with a marker and then post a picture for all to see, and then they would leave him alone. He did it, I think it was degrading and I hope these thrives are caught and put out of business for good.

    • I don’t think Lizard Squad would target a random kid on xbox. That was probably someone claiming to be them to scare your son.

      • I hope your weight but he has be complaining about it for the last 2 months. My son insists that it was them. How do you find out for sure?

        • Listen… Lizard Squad are jerks, but they wouldn’t do something like that. They don’t hack individuals, they hack communities. I can assure you that the person telling your son to do this was just some stuck-up troll seeking to find fun from taunting and annoying children.

          • Sure they would easily do something like that. They had zero problem ruining Christmas day for millions of kids.

      • I hope your wright but he has be complaining about it for the last 2 months. My son insists that it was them. How do you find out for sure?

    • Wow. What do you mean by “hacking” you?

  12. The voice from the BBC interview is 100% the same voice of Vinnie off the sky news clip

  13. They are highly Narcissistic criminals

  14. As always, please pay attention to the link(s) posted.. .. per info available from whois, the links posted for malware removal by supotliveconnect check out to:
    Registrant Name: Krishna Varma
    Registrant Organization: Kian Fin Serve Pvt Ltd
    Registrant Street: G 23 Ashirwad Complex
    Registrant Street: D1 Greenpark
    Registrant City: New Delhi
    Registrant State/Province: Delhi
    Registrant Postal Code: 110016
    Registrant Country: India

  15. Someone needs to help these guys’ get a date.

    • Nobody with any respectable social skills or constructive talent is going to be spending time learning to do things like this to sabotage people, let alone do it. The two mindsets are simply not compatible. It’s sad.

  16. Vouchers are for Mega, not MegaUpload which is dead since the raid on Kim Dotcom home.

  17. “But I hope it’s clear to the media that the Lizard Squad is not some sophisticated hacker group.”

    I think “sophisticated” is a relative term. Compared to the capabilities that I’ve seen from Fox News and Wired, Lizard Squad may, in fact, be sophisticated.

  18. Why in the world would you give these sleaze-bags the exposure they so desperately seek? I’m disappointed, Brian.

  19. Seems like they are now getting some good treatment, the twitter account has not tweeted from last few hours.

    now that’s like a real dox

  20. These guys look exactly how you would expect them to: awkward failures at sexual potency making up for this by crying for power from a distance behind machines.

  21. In Finland you can get 4 years max in prison for hacking. In reality only a few months in very nice prisons. They cant keep you locked up while investigating or deny access to computer.

    He cant be sent to USA for prosecution because its forbidden by law to send citizens to other countries.

  22. What a noob. I bet the British member gets v& within a few months. They are way to cocky and obviously don’t have the skill to actually remain anonymous. Consider how much effort The Jester took to evaid detection for as long as he did. Ddosing is one of the easiest to trace, even if you spoof headers, use a botnet, etc.

    I doubt Kim will hand over any details to the feds, but they won’t need it. I predict a fail.

  23. I would love to get my hands on these little punks

  24. I wonder what this article means now. I mean it’s not about them DDoS’ing Live and PSN, but they caused a massive disservice and possibly cost these companies a lot of money not to mention disappointing children everywhere for selfish reasoning. Something should be done. Not because of the gamers, but because what they did was wrong and cruel.

  25. Dumb move for Kim Dotcom to offer them money to stop. That just makes other kids more likely to do the same in hopes of a payout.

    Even more dumb is how these kids seem all too eager to get caught from their desire to get so much attention.

    I saw the same thing with lulsec and various members of anonymous. It was their desire to make a name for themselves that resulted in quite a few of them going to jail.

    I’ll chalk it up as kids being kids. Some of these kids will likely get caught, snitch on their friends, and end up in jail. Hopefully when they get older they mature up and stop doing such childish things and in the end only ruining their own lives and futures.

  26. A DDOS attack isn’t that hard to stop… Whats the problem? If there is a specific protocol or ports being used to allow the floods then close them…

  27. You gave me a good laugh with this Krebs.
    You’re clowning yourself, like always.

  28. https://i.imgur.com/MM40eZa.png some of julius’ google cloud kaiten bots