Six suspects are accused of paying to mount denial-of-service attacks on prominent organisations
Six British teenagers suspected of using an online cyber-attack tool mounted by hacker group Lizard Squad have been arrested and released on bail, according to the National Crime Agency (NCA).
Police said the culprits, all of whom are aged between 15 and 18, were held as part of an operation called Vivarium targeting users of Lizard Stresser, a tool brought into operation last December and offering denial-of-service attacks against a target of the user’s choice for a small fee.
Lizard Stresser came to public attention shortly after Christmas 2014, when it was used by Lizard Squad to disrupt the Microsoft Xbox Live and Sony Playstation Network online gaming services. In early January the tool was hacked, with users’ identity data published online, and it disappeared shortly afterward, although the group has said it plans a relaunch.
In all, the tool was online for about two months, during which time it was used by more than 176 subscribers to launch more than 15,000 attacks against nearly 4,000 targets, according to a recent study by researchers from George Mason University, UC Berkeley’s International Computer Science Institute and the University of Maryland.
“By paying a comparatively small fee, tools like Lizard Stresser can cripple businesses financially and deprive people of access to important information and public services,” stated Tony Adams, senior operations manager at the NCA’s national cybercrime unit.
The NCA said the six people arrested are suspected of paying for Lizard Stresser services using Bitcoin.
Vivarium was coordinated by the NCA and involved several police forces across the country.
The latest arrests included an 18-year-old from Huddersfield, an 18-year-old from Manchester, a 16-year-old from Northampton and a 15-year-old from Stockport. Two other 17-year-old suspects, one from Cardiff and one from Northolt in north-west London, were arrested earlier this year as part of the operation, the NCA said.
Two other 18-year-olds, one from Manchester and one from Milton Keynes, were interviewed under caution, according to the agency.
Officers are also visiting around 50 addresses of individuals whose names were listed as customers in the leak of Lizard Stresser user data to deliver warnings, the NCA said.
“One of our key priorities is to engage with those on the fringes of cyber criminality, to help them understand the consequences of cyber crime and how they can channel their abilities into productive and lucrative legitimate careers,” Adams stated.
He said the suspects are believed to have targeted “a leading national newspaper, a school, gaming companies and a number of online retailers”.
None of those arrested are accused of being Lizard Squad members.
In a Twitter post, the hacking group called the operation a “joke”.
“Because of these raids, we’re tempted to set up a free version of Lizard Stresser just to piss them off,” the group tweeted.
Are you a security pro? Try our quiz!