# LizardSquad



## RTGHM (Dec 29, 2014)

So, they're using Google servers for 99% of their attacks.

More info: http://pastebin.com/eXZtifjd (includes huge "bot" ip list)


----------



## HalfEatenPie (Dec 29, 2014)

How reliable is this source?

I dislike the entire "With this being said and my extenstive research into botnet culture."  It's like asking us to "trust him because he's a pro researcher".  Also, he spelled extensive wrong...

I don't know.  This kinda sounds fake in my opinion...


----------



## comXyz (Dec 29, 2014)

It's a normal DDOS using Google Fetcher, just need to block this User Agent and problem solved: Feedfetcher-Google


----------



## RTGHM (Dec 29, 2014)

HalfEatenPie said:


> How reliable is this source?
> 
> I dislike the entire "With this being said and my extenstive research into botnet culture."  It's like asking us to "trust him because he's a pro researcher".  Also, he spelled extensive wrong...
> 
> I don't know.  This kinda sounds fake in my opinion...


I didn't make the document, simply passing it along. If you hop in the IRC channel there you can see what is listed does exist.


----------



## HalfEatenPie (Dec 29, 2014)

RTGHM said:


> I didn't make the document, simply passing it along. If you hop in the IRC channel there you can see what is listed does exist.


Oh yeah I'm not accusing you of being the author.  Was simply curious as to where the source is from.

While I won't deny those services do not exist under those IPs, my skepticism is behind the claim he presents as data (e.g. What reasoning helped him come to the conclusion that it was Kaiten?) 

tldr, I guess I'm kinda anal and want this peer reviewed or verified by a third party or at least another individual.


----------



## TekStorm - Walter (Jan 2, 2015)

Like why, do they have something against sony, so they are a big company making a butt load of cash, the lizardsquad doesnt have anything better to do than to stop the simple man from enjoying himself. If they hate sony so much buy them out and close them down.


----------



## Francisco (Jan 3, 2015)

TekStorm - Walter said:


> Like why, do they have something against sony, so they are a big company making a butt load of cash, the lizardsquad doesnt have anything better to do than to stop the simple man from enjoying himself. If they hate sony so much buy them out and close them down.


"The lulz" is the usual explanation.

One or two of them got arrested but for unrelated charges (fraud, stealing from peoples paypal's, etc).

They likely didn't have beef, they just want to cause as much noise as they can. What better way to do it than to beat up 2 services dominated by pent up teenagers? There was at least once case of a kid calling 9/11 about XBOX LIVE being down.

Francisco


----------



## RTGHM (Jan 3, 2015)

Francisco said:


> "The lulz" is the usual explanation.
> 
> 
> One or two of them got arrested but for unrelated charges (fraud, stealing from peoples paypal's, etc).
> ...


I believe they're trying to act like hackers, but don't have any real skills. Denial of service isn't hacking, the media falsey reports them as "hackers" for being able to go to a "hacking" website and pay for a service to do it. Regardless, I don't believe law enforcement really cares. Vinnie Omari got arrested, and Julius (zeekill/ryan/ryanc).


----------



## Francisco (Jan 3, 2015)

RTGHM said:


> I believe they're trying to act like hackers, but don't have any real skills. Denial of service isn't hacking, the media falsey reports them as "hackers" for being able to go to a "hacking" website and pay for a service to do it. Regardless, I don't believe law enforcement really cares. Vinnie Omari got arrested, and Julius (zeekill/ryan/ryanc).


That's another big issue but news will always try to make things easier to understand.

Was RyanC the same one that was wrecking LE's face?

Francisco


----------



## RTGHM (Jan 3, 2015)

Francisco said:


> That's another big issue but news will always try to make things easier to understand.
> 
> 
> Was RyanC the same one that was wrecking LE's face?
> ...


Yep, that's him.

Also, I think the media just needs to have a actual technical expert whom can "translate" all the technical details, to something even the _stupidest_ of people can understand.

You know, sure the Lizard's managed to drop Microsoft, and PSN - however they were just using google cloud servers, with stolen credit cards, and probably a few others like amazon, etc. Nothing very technical about it.


----------



## drmike (Jan 4, 2015)

CNN is running a piece about Brian Krebs, the security fellow some of us are familiar with.  Krebs supposedly went after and outted some of the LizardRetards.  So now they are going after him.

http://money.cnn.com/2015/01/02/technology/security/krebs-lizard-squad/index.html

His site was put offline a big it seems.   Who knows what is next.

His site:

http://krebsonsecurity.com/


----------



## RTGHM (Jan 4, 2015)

drmike said:


> CNN is running a piece about Brian Krebs, the security fellow some of us are familiar with.  Krebs supposedly went after and outted some of the LizardRetards.  So now they are going after him.
> 
> http://money.cnn.com/2015/01/02/technology/security/krebs-lizard-squad/index.html
> 
> ...


Krebs makes valid points - they're not even skids - it'd be insulting to call them skids. Skids can at least open the terminal and run a few commands, I prefer Krebs at his blackhat talk "the noob persistent threats" or NPT.

Their stresser got hacked for copy & pasting vulnerable code - they know nothing. Pointless, pointless little kids.


----------



## drmike (Jan 4, 2015)

I am always cautious about calling lads like this skids or newbs/noobs.

Much of what goes on in such circles is data collections and redistribution.  Very few true learners and tinkerers there like most interests.  Most folks do the little dance and emulate. 

Now the rest of the antics out of these folks, it's a bit much.  Leveraging ill gotten accounts to perform attacks.  Meh.  That's so 1984ish.

Unsure why KimDotCom got involved handing these guys credits to his shitware... but it's questionable and a brow-raiser.  Not good PR for Kim in circles he wants to be avoiding (i.e. legal).


----------



## RTGHM (Jan 4, 2015)

drmike said:


> I am always cautious about calling lads like this skids or newbs/noobs.
> 
> Much of what goes on in such circles is data collections and redistribution.  Very few true learners and tinkerers there like most interests.  Most folks do the little dance and emulate.
> 
> ...


I can't wait till someone else attacks Microsoft/Sony, and then Kim Dotcom removes them all, making lizards cry.

Additionally, Lizard's IRC is hosted on Darkode's servers, and their website is hosted in the UAE on Darkode's servers. Sp3cal1st the admin of DK bumps them up, for no apparent reason besides they can hit websites offline. Quite sad, as darkode is pretty much dead. No real activity on it. This is sp3c's way of getting more traffic to site, getting more members, to bring it back from the dead.


----------



## stim (Jan 6, 2015)

I don't know how accurate this is, but quite impressive display of real-time attacks on a honeypot:

http://map.ipviking.com/


----------



## RTGHM (Jan 6, 2015)

stim said:


> I don't know how accurate this is, but quite impressive display of real-time attacks on a honeypot:
> 
> http://map.ipviking.com/


It's pretty good honeypot.


----------



## TurnkeyInternet (Jan 6, 2015)

I love that http://map.ipviking.com/ site - we have it up on one of our LCD's in the noc room - looks impressive during tours


----------



## fixidixi (Jan 6, 2015)

Well it seems like this:

China -> Us mostly

I guess there are just as much of the stuff the  other way around


----------

