The U.S. Justice Department has charged two 19-year-old men alleged to be core members of the hacking groups Lizard Squad and PoodleCorp. The pair are charged with credit card theft and operating so-called “booter”or “stresser” services that allowed paying customers to launch powerful attacks designed to knock Web sites offline.
Federal investigators charged Zachary Buchta of Fallston, Md., and Bradley Jan Willem Van Rooy of Leiden, the Netherlands with conspiring to cause damage to protected computers.
According to a statement from the U.S. Attorney’s Office for the Northern District of Illinois, Buchta, “who used the online screen names “@fbiarelosers,” “pein,” “xotehpoodle” and “lizard,” and van Rooy, who used the names “Uchiha,” “@UchihaLS,” “dragon” and “fox,” also conspired with other members of Lizard Squad to operate websites that provided cyber-attack-for-hire services, facilitating thousands of denial-of-service attacks, and to traffic stolen payment card account information for thousands of victims.”
The PoodleCorp’s “Poodlestresser” attack-for-hire service appears to have drawn much of its firepower using an application programming interface (API) set up by the proprietors of vDOS — a similar attack service that went offline last month following the arrest of two 18-year-old Israeli men who allegedly ran vDOS.
vDOS was hacked earlier this summer, and a copy of the user database was shared with KrebsOnSecurity. The database indicates that Poodlestresser was among vDOS’s biggest clients, and that KrebsOnSecurity was a frequent target of the attack-for-hire services. Continue reading →