Unlike the Sony breach in November, the group that took down Sony’s and Microsoft’s game network on Christmas (see article) seems to be very interested in getting attention. Hopefully enough so that the FBI finds them, but that is another story.
What is more important is that the people who did this, according to Brian Krebs, are not on the high end of the hacking community at all and may have been doing this as a sales pitch for their new business.
Their new business is a DDoS (like they did to Microsoft and Sony, apparently) service for hire. For $5.99 a month you can knock your favorite site offline for 100 seconds at a time (not sure if you can just keep doing this). For $129 a month, you get a DDoS attack that lasts for more than 8 hours at a time. They currently have over 132,000 followers on Twitter, so they are getting some attention.
According to Brian, they lifted (stole?) the entire source code for this service from TitaniumStresser, one of their competitors. They also exposed a database with information on all of their current users (1,700) accidentally.
One of the Lizards, Vinnie Omari yapped enough to get picked up by the London cops. I suspect they have a few questions for him.
The more important point here is that *IF* it turns out that you can really “take out” anyone you want for $129 a month, are more people going to do that?
According to Vinnie, he got drunk celebrating his 22nd birthday the day before Christmas, woke up on Christmas still half drunk and decided to take down Sony’s and Microsoft’s game networks for laughs – and because it would annoy a lot of people (they have around 150-200 million users).
If anyone can take down a major online service for $130, what should we expect to happen in 2015? I don’t know, but if I had a business that provided online services to customers, I would certainly be concerned and I might want to think about some preparation. Would a competitor or disgruntled customer decide to take my site down – for laughs?