16
Jan 15

Another Lizard Arrested, Lizard Lair Hacked

Several media outlets are reporting that authorities in the United Kingdom early this morning arrested an 18-year-old in connection with the denial-of-service attacks on Sony Playstation and Microsoft Xbox systems over Christmas. The arrest is one of several tied to a joint U.K. and U.S. law enforcement investigation into a group calling itself the “Lizard Squad,” and comes as the group’s attack-for-hire online service was completely compromised and leaked to investigators.

A BBC story does not name the individual, saying only that the youth was arrested at an address in Southport, near Liverpool, and that he was accused of unauthorized access to computer material and knowingly providing false information to law enforcement agencies in the United States. The notice about the arrest on the Web site of the Southeast Regional Organized Crime Unit states that this individual has been actively involved in several “swatting” incidents — phoning in fake hostage situations or bomb threats to prompt a police raid at a targeted address.

U.K. police declined to publicly name the individual arrested. But according to the Daily Mail, the youth is one Jordan Lee-Bevan. Known online variously as “Jordie,” “EvilJordie” and “GDKJordie,” the young man frequently adopts the persona of an African American gang member from Chicago, as evidenced in this (extremely explicit) interview he and other Lizard Squad members gave late last year. Jordie’s Twitter account also speaks volumes, although it hasn’t been saying much for the past 13 hours.

Update: Added link to Daily Mail story identifying Jordie as Lee-Bevan.

Original post:

An individual using variations on the “Jordie” nickname was named in this FBI criminal complaint (PDF) from Sept. 2014 as one of three from the U.K. suspected in a string of swatting attacks and bomb threats to schools and universities across the United States in the past year. According to that affidavit, Jordie was a member of a group of males aged 16-18 who called themselves the “ISISGang.”

In one of their most appalling stunts from September 2014, Jordie and his ISIS pals allegedly phoned in a threat to Sandy Hook Elementary — the site of the 2012 school massacre in Newtown, Ct. in which 20 kids and 6 adults were gunned down. According to investigators, the group told the school they were coming to the building with an assault rifle to “kill all your asses.”

In an unrelated development, not long after this publication broke the news that the Lizard Squad’s attack infrastructure is built on a network of thousands of hacked home Internet routers, someone hacked LizardStresser[dot]su, the Web site the group uses to coordinate attacks and sell subscriptions to its attacks-for-hire service. As I noted in a previous story, the attacks on Microsoft and Sony were merely meant to be commercials for this very “stresser” (a.k.a. “booter”) service, which allows paying customers to knock any Web site or individual offline for a small fee.

A copy of the LizardStresser customer database obtained by KrebsOnSecurity shows that it attracted more than 14,241 registered users, but only a few hundred appear to have funded accounts at the service. Interestingly, all registered usernames and passwords were stored in plain text. Also, the database indicates that customers of the service deposited more than USD $11,000 worth of bitcoins to pay for attacks on thousands of Internet addresses and Web sites (including this one).

One page of hundreds of support ticket requests filed by LizardStresser users.

One page of hundreds of support ticket requests filed by LizardStresser users.

Two other Lizard Squad members also have been rounded up by police since the initial Christmas Day attacks. In late December, U.K. police arrested 22-year-old Vincent “Vinnie” Omari, in connection with the investigation. Additionally, authorities in Finland questioned a 17-year-old named Julius “Ryan/Zeekill” Kivimäki, after he and Omari gave an interview to Sky News about the attacks. Sources say Kivimäki has been arrested and jailed several times in Finland on charges related to credit card theft, although he is currently not in custody.

Sources say the 18-year-old arrested this morning operates only on the fringes of the group responsible for the Christmas day attacks, and that the core members of the Lizard Squad remain at large.

Nevertheless, individuals involved in swatting need to face serious consequences for these potentially deadly stunts. Swatting attacks are not only extremely dangerous, they divert emergency responders away from actual emergencies, and cost taxpayers on average approximately $10,000 (according to the FBI).

In most states, the punishment for calling in a fake hostage situation or bomb threat is a fine and misdemeanor akin to filing a false police report. Having been the victim of a swatting attack myself, allow me to suggest an alternative approach: Treat all of those charged with the crime as an adult, and make the charge attempted murder.

Tags: , , , , , , ,

105 comments

  1. Would you happen to know if any law enforcement agencies have a copy of that list? If not, is sending it to them a reasonable course of action? Or are either or both of those questions not the kind of questions you can answer?

  2. #undoxable

  3. Jordan Cameron is some preppy kid they used as bait. Other outlets suggest the wannabe gangsters name is actually Jordan Lee-Bevan.

  4. I can agree that being swatted is pretty much an attempt on a life due to potential for very large accidents to take place. I never thought of the possibility of charging swatting-related offenses as attempted murder, but it does seem worthy of it. The last swatting-related arrest was charged with domestic terrorism if I remember correctly, got a very long sentence. Excited to see how this trial goes down and if they can find any evidence leading to such a conviction. Needless to say the FBI are taking the LizardSquad attacks VERY seriously, they really put it in a hornet’s nest with this one.

    A question I have that you may be able to answer is this: will Jordan also be tried for the other LizardSquad attacks before the Xbox and Playstation attacks on Christmas? I remember them doing attacks before the Christmas events took place.

  5. Brian, Please look into the Vir-Sec Inc’s technology. You won’t regret it. This company has what it takes to stop these cyber breaches. I understand they will offer a free demo of their technology.

    • Brian Fiori (AKA The Dean)

      Interestingly a Google search this morning suggests Vir-Sec’s site may be hacked at the moment.

  6. “Treat all of those charged with the crime as an adult, and make the charge attempted murder.”

    While that’s an interesting idea, Brian, I think it would probably fail the first time a 13 year old was caught.

    It might work for 16+ year olds though.

    Another idea that has been used by the fire department in a couple of states I know of is to charge the parents the cost of the swat event, or $10K whichever is higher. ;^)

    • Age really doesn’t matter. We have had 8 year olds tried as adults for murder charges. The charge definitely fits the crime. The parents of these kids failed as parents and the children must pay the price. If you can’t afford to do the time don’t do the crime.

    • I say charge them. It puts them on the radar as potentially bad. Though old habits die hard, it may wake them before its too late. It scares the crap out of them and they may puke out all the names of the so called brainless ring leaders.

      If the so-called leaders don’t have a clue on how to secure a website, its only a matter of time before the feds know who these individuals are.

      If these people are 16-18+, one would think they would THINK. All they have to do is read the news about all the hackers that are successfully taken down and arrested. Some of them are the best at what they did. Now their life is jacked, branded untrustworthy and probably never find a decent, well paying job.

  7. Am so happy for this idiots go in jail for long years and 1thing for sure in the jail u guys gonna cry every day and night when ur inmates using u as a women

  8. I’m confused. Krebs you list a different name than other outlets and plus GDK Jordie is still on social media. Are you sure your sources are correct?

  9. First, there is a reason we don’t charge children as adults… because they are children (and have the mentality of one). The idea that any crime committed by a child can somehow earn them an adult sentencing is insane. Increasing the punishment for their actions will not decrease the amount it happens because they are already not considering the consequences they are acting without regard to what happens to them and probably in the moment (because they are children).

    Second, while I understand the dangers involved in Swatting and do believe a specific crime should be created for the act, attempted murder is a bit of a stretch. Making it a felony, however, would sort of achieve what you want… because in many states in the US if someone is killed in the process of a felony, even if you did not murder them… you will be charged with murder.

    • Travis, they can be charged as adults and punished as children. They can be evaluated and handled appropriately. You sound like you are saying, “kids will be kids” and they should just get a free pass. I guess in your mind a kid should never be punished for anything since they are just kids.

    • The Phisher King

      It depends on the child and it depends on the crime.
      For first time offenders committing crimes that did not result in death, serious physical, emotional or financial harm, then yes I agree with you, there is nothing to be gained from that, you are just teaching them how to be better criminals.
      A child that has repeatedly committed the same or similar crimes can and probably should be treated as an adult the next time around.
      Even a child knows that murdering or seriously injuring someone else is wrong and is against the law, so for very serious crimes there is justification for potentially trying them as an adult.

  10. Are they ever going to disclose the list because I want to know whether or not Anti-GamerGate was responsible for 8-chan’s DDoS

  11. I can’t ever agree with trying anyone who is clearly not an adult as an adult

    • The 18-year-old arrested is no longer a “child” and by societal norms is considered an adult. If there is some form of mental retardation involved, he is still an adult, though with diminished mental capacity.

      • Although I empathize Brian on punishment deserved, clearly most under 26 of age are not “fully developed” when it comes to, how you say, the grey matter.
        I suspect those involved-caught, of possible skill, will be indoctrinated into serving the FBI/Europol/Interpol for further depth. Yes?
        And for what punishment can be dealt? To isolate them, dehumanize and reprogram as an instrument against the very thing they propagate.

        (btw-when Xbox and PSN were down, my friends and I played CAH. I actually had more fun without those game services. Who knew!)

      • Sure maybe an 18 year old should be tried as an adult… but that’s not what this post is suggesting. It says very specifically:

        Treat all of those charged with the crime as an adult, and make the charge attempted murder.

    • I personally feel excusing the severity of punishment for a deliberate and organized crime regardless of age reprehensible. The age of reason when morality begins to establish is far younger than 18. Additionally there was a point in history someone would be expected to be in charge of a family and a livelihood well before 18. So if our children aren’t capable it can only be that we have failed them as a society. If the nature of the crime warrants an adult prosecution, so be it. By arbitrarily diminishing the severity and responsibility for the crime it only creates a false sense of empowerment in youth.

  12. How ironic that an article lamenting the dangers of ‘hacking’ then has an ad with a personalized code for a ‘pocket hound’ that shuts down cell phones. So if a man or woman have a heart attack in a mall, or a movie theater and go to call 911 when seconds/minutes matter – nope, your phone was hacked by pocket hound all because some immature p.o.s. doesn’t want to be annoyed and is “taking a stand” the wrong way – the way that could cost a life. Sad.

    • It’s not ironic at all. Take a moment to look at or research the technology in that ad and you’ll discover that it has nothing to do with shutting down phones. Its purpose is merely to detect mobile phones in environments where their use is restricted by security policy.

      • Well I guess thats better than shutting down the phones, because the FCC recently made it a unlawful to shut down phones through any sort of blocking.

        Phone detectors are used in the military alot. They want to ensure that phones aren’t taken into secure places where they should not be.

        • They didn’t “recently” make it illegal to block cellphone signals. It’s been illegal to do so for over an entire decade, possibly more.

  13. Of course they stored the user/pass in plain text. You can’t trust anyone in this group with anything. While you were being tempted by their service they were likely pilfering any account for data which used the same password. Steer Clear!

    • Possibly, although i generally look for the more direct/simpler analysis – which is: they were probably halfwits

  14. That Youtube interview with Jordie aka GDKJordie was so cringeworthy.

    Guy is just a child from the UK acting like he is a black gangster from Chicago. Weird as heck. Please lock him away for a few years and let him mature.

    • If he’s lucky, Jordie will be extradited to the USA to face multiple terrorism charges for his prank threat on Sandy Hook Elementary and others. Then he can meet some real GDK gentlemen during his stay at a federal penitentiary and regal them with tales of his cyber-gangsterism. I’m sure they would be thrilled.

  15. You should publish a list of all the websites that were targeted by Lizard Squad!

  16. Daily Mail’s link misses the http://,

    nice article Krebs!, nice to see another skiddy busted

  17. this article is a bunch of crap. KrebsOnSecurity is trying to bolster sales. Anything they say needs to be backed up by FACT! They have nothing! Other than a big mouth and nothing to show that will confirm there totally BS claim. KrebsOnSecurity go peddle your crazy somewhere else.

    • Are you saying KrebsOnSecurity should peddle “the crazy” somewhere OTHER than KrebsOnSecurity.com? It seems you are the one who is crazy.

  18. Excellent article, that was a good read. Now let Justice do the rest.

    I was wondering if there’s a way to find out whether my website was attacked by the “Lizard squad” (and if that is the case, which “customer” paid for the attack).

    We were attacked a couple of weeks ago by a seemingly large botnet and someone made a random claim that this was the actions of the Lizard Squad. I am curious…

  19. Please just give any of them you catch to me, then step back ! I will do the rest ! I will get information on any and all associates they know, and give it to you, and publish it publicly so everyone knows exactly who they are, where they live, and how to get hold of them, in order to get revenge for all the damage done to those innocent people by the criminals ! We need to send an unmistakeable message to anyone else out there who has ideas of doing such damage to innocent people, whether just for fun, or for profit ! Hackers should be made to pay the most painful penalties possible for their actions, regardless of their ages !

    • So you’re saying “hackers” (hopefully a very specific use of the term) are horrible life forms, yet you’re talking about “doxing” them and posting their info publicly? Doesn’t make a lot of sense, as doxing leads to other negative events such as swatting (which wastes police resource and potentially risks lives), pizza-bombing, which wastes food or family’s money, and much more. It doesn’t just affect the target.

      I mean, I understand the Lizards are a bunch of children who get bullied in real life and take it out on random internet moon-men, but it seems your “unmistakeable message” as you’ve put it is sort of fighting fire with fire.

      Just wait for them to slip up. Government agencies worldwide are targeting these guys. They know they’ve messed up big-time. No need for the message to be sent, there’s already a big one on the way. A message with enclosed search warrant and handcuffs. It just got stuck in the mail for a while, but it’ll come out in the wash. :)

  20. Something is seriously wrong with this story.
    How did this group call a threat into the Sandy hook school in Sept of 14 when the school was demolished Oct-Dec of 13?

  21. Equating swatting with attempted murder is admitting the SWAT teams are reckless and should not be trusted with firearms.

    • lol. i think you failed basic logic, or maybe were not ever taught it. you’re confusing the intent of the swatter with the very real and dangerous job of the SWAT team guys, and completely missing the point.

    • Try again, genius.

      The reason is because SWAT raids are dangerous. Not that SWAT are reckless or can’t be trusted, but that the very nature of their job is dangerous and places those on the receiving end of the prank (the one being swatted) in a situation where harm could and can to come to them.

      Imagine if they did this to some wacko that had a bunch of guns and thought he was being invaded? It could easily cause a shootout. There was a man OK that shot a police chief after his house was raided due to a bomb threat. It turns out that the call, which claimed to be from the man and from his home phone, was not actually made from his home phone.

      So, not only does this “prank” put the one being pranked at serious risk, it also puts the officers responding at risk.

      • except SWAT no-knock raids, generally conducted in the wee hours of the morning often result in dead dogs, dead children and dead unarmed suspects. The police are never held accountable for these crimes (basically acting as judge jury and executioner) and they continue unabated. The job of a law enforcement officer is not to punish, it is to arrest and present the accused and evidence to the Justice system for trial. That seems to no longer be the case in the US as people not convicted of any crimes are killed summarily and routinely in the name of so called justice. Most of these armed raids are against people not even wanted for violent offenses. So, he is right. Sending in SWAT is many times exactly like just sending a death squad.

  22. Prision is a joke of punishment, free housing, food, sex, TV. That’s not punishment (maybe the sex is for some)
    I think it would be fair, for each SWATting call placed, you get one finger removed. If you are part of a group, each person in the group looses a finger for each swatting. If nothing else this will slow down hackers. Not to mention make life hard for them, including wiping their butt.

  23. Great investigative article Mr. Krebs – I’ve enjoyed your articles on Lizard Squad as they’ve been the most thoroughly researched and have provided the most detail on these annoying “hackers” or script kiddies whichever you prefer.

    I had followed the drama via twitter (Jordies, Finest Squad, etc) and other sources since early December when I first learned of them due to the DDOS attack that prevented me from even logging on to Xbox live.

    Keep up the good solid writing and investigative work as it a million times better than most of the garbage called “news” that spews on the net that amounts to nothing more than a re-print of an initial news article – re-linked a hundred times over.

  24. Will this database ever be released in full or in part, or is there too much sensitive information in it?

    • Has a lot of IP addresses and bitcoin addresses… plaintext passwords of all users… e-mail addresses of those who actually used real e-mails (lol). Definitely too much to release. Some people are selling the database, but I think it’s kind of pointless really.

  25. Been following your post on the Sony hack, and this morning saw your work on the BBC. Well done Brian, great work. Moral of the story is, young scriptkiddies shouldn’t mess with a real IT professional.

    • Maria your freaking funny you sit there and talk like that but yet you probably have no idea wtf any of this is except for a few google searches.

      I have been in these circles for years before the internet aka Dialup BBS systems good ole 9600 baud days.

      Years ago early 90’s yahoo was taken down by 1 single DoS attack yes DoS not DDoS the kid in Modesto California who was arrested for the incident was in fact framed as I proved to the feds because I had a guilt lingering over me for this kid when I knew who really did this.

      The attack came from 1 dual trunked OC32 in China the person who actually took yahoo down spoofed this cocky kids IP because the kid pissed us off on a IRC network called DalNet.

      None of us ever have been or ever were caught or put in jail that stupid ignorant kid threw his list away and stuck to his story that he was guilty so he could have street cred instead of admitting he was a retard and in fact pissed off the wrong people.

      Keep talking trash about “script kiddies” and IT people because one day someone out there will come back at you and say who is laughing now.

      I do not roll with these circles any more as I have a family to worry about and I cant be bothered to act childish but there are plenty more people to fill my shoes.

      • “I do not roll with these circles any more as I have a family to worry about and I cant be bothered to act childish but there are plenty more people to fill my shoes.”

        Yet you just threatened someone in a blog comment…..

    • Unfortunately, most skiddies have a better understanding of the security landscape compared to people in important positions in corporate companies…

  26. HA HA!.,,, mess with my son’s Christmas, hope you spend your next one in the slammer. Jerk

    Read more: http://www.businessinsider.com/lizard-squad-arrest-southport-2015-1#ixzz3Qw3sBRYq