FBI Allegedly Investigating Lizard Squad Member Over Xbox Live, PSN Attacks

blottsie writes The FBI is actively investigating a member of the hacker collective that claimed responsibility for recent high-profile cyberattacks on Microsoft and Sony properties, according to multiple sources with knowledge of the investigation and the attacks. A member of the Lizard Squad hacking group, who goes by the alias "ryanc" or Ryan, allegedly garnered the attention of a special agent with the Federal Bureau of Investigation after speaking with the media about Lizard Squad's Christmas-day attacks on Xbox Live and the PlayStation Network.

Hacker Group?

[CimmerianX]

You mean "script kiddies" who are desperate for attention.

Re:Hacker Group?

[Megane]

after speaking with the media

Yep. You can have all the kiddie fun you want, but when you say LOOK AT ME! don't be surprised when you get looked at by the feds.

Re:Hacker Group?

[DaHat]

Lizard Squad != GOP... or do you have additional information?

Re:Hacker Group?

[Jeff Flanagan]

>distasteful and represents how radical left wing nuts control the media

I can't tell if you're joking, or deeply immersed in wingnut alternate reality.

Re:

[sysrammer]

Good joke. As a nerd, of course, you already know that "gop" means "Guardians of Peace" in this context.

Re:

[JaneTheIgnorantSlut]

hothardware.com is hardly "all over the news"

Re:

[Anonymous Coward]

The Feds could care less

Why do people say this, it makes no logical sense whatsoever. Are you trying to say they do actually care?
If you meant to imply they don't care, then they COULDN'T care less.

Re:

[sg_oneill]

The Feds could care less

They do when a couple of multi billion dollar multinationals with serious US investments come under attack.

Its all about the money.

Re:

[Jeff Flanagan]

Why would you expect top men to be involved in investigating the wingnut's Benghazi fake outrage. We leave that to pandering goons like Darrel Issa.

Re:

[Tokolosh]

If a company like Sony is this vulnerable to script kiddies, I want to know about it. Just imagine what professionals could do? The Lizard Squad has done us a favor.

Re:Hacker Group?

[Himmy32]

Nearly everyone is vulnerable to DDoS attacks, as long as your attacker has more bandwidth than you do. They've done nobody any favors.

Re:

[bloodhawk]

really distributing a malware infested torrent would require particular skill? script kiddies can easily launch this sort of attack nowadays, hell if they have money they don't even need to make the effort to distribute malware they could just rent a botnet from one of the underground sites.

Re:

[MPBoulton]

If a company like Sony is this vulnerable to script kiddies, I want to know about it. Just imagine what professionals could do? The Lizard Squad has done us a favor.

Agreed - Sony / Microsoft clearly wouldn't have done anything to plug these vulnerabilities themselves without the actions of these guys. Working in IT at Sony must be a really depressing place to be right now...

Re:Hacker Group?

[Opportunist]

Well, you can do a few things to mitigate a DDoS attack. Basically you have to distinguish between two kinds of DDoS. One where a flaw in a service on your side is being exploited and one where your connection is simply flooded with traffic. The first is easy to mitigate: Patch it. Ok, easier said than done in a corporate environment, but you get the idea. If your service is susceptible to a denial of service attack by, say, abusing an implementation flaw, you can actually improve on your service and mitigate the effect fairly easily.

The other would be where the attacker simply fields superior bandwidth or leverages techniques where little bandwidth use on his side leads to lot of traffic on your side. E.g. DNS-request spoofs. To mitigate that you usually need the cooperation of upstream providers, but I'm kinda certain that Sony can easily "convince" anyone they deal with that they should better aid them in their struggle. E.g. by blocking DNS replies from outside servers further upstream.

There are ways to mitigate DDoS attacks. But they all cost time and money.

Re:

[DivineKnight]

Sounds like someone has never worked IT before (a summer job for many budding programmers during their high school years). Higher level IT wouldn't happen without knowledge of scripting languages (Python, PowerShell (I guess), Perl, etc.).

As for HR, they can assume I am the postman as long as they meet my hourly rate.

Re:

[Opportunist]

There is a difference between a hack and a DDoS. A hack is breaking into your home. A DDoS is dumping a truckload of sand in front of your entrance. One requires knowledge, skill and tools, and knowing how to use them. The other requires a truck. And maybe the ability to drive stick.

Also, we're not talking about Sony HQ. We're talking about a Sony service. A service that is already paid for and that users have to pay for whether they can actually use it or not. You may draw your own conclusions, especially

Re:

[tom229]

I wanted to murder these kids on Christmas just as much as anyone else, but allow me to play devil's advocate.

Considering this was mostly likely done with a botnet, and was probably something like a NTP applification DDoS, it's a bit more complicated than your generic script kiddie DDoS carried out by 4chan. Just because a DDoS is relatively easy to do with the right tools, doesn't make it any less of a hack. You could easily argue the best hacking method available is social engineering. Which of course i

Re:

[Dutch Gun]

No, they're undoubtedly script kiddies. They did not write anything of these tools, malware, or attacks themselves. These things are all nicely packaged and easily available to anyone who wants to use them. Seriously, go look around at what's out there. All you need is a bit of technical competence, which most power-users have, and enough time to look through forums and figure out how to use all this stuff.

This isn't hacking. It barely qualifies as clever. It's electronic vandalism, plain and simple.

Re:

[Opportunist]

So you support locking kids up in prisons where they have to expect physical harm for little more than a service interruption? What's your demand for theft? Stoning?

Re:Hacker Group?

[gnasher719]

So you support locking kids up in prisons where they have to expect physical harm for little more than a service interruption? What's your demand for theft? Stoning?

Not "little more". Just a service interruption. But a "service interruption" that was destroying Christmas fun for a few million people.

There was very little damage done to each person. Maybe a minute of jail sentence worth of damage. Multiply by a million, and you get two years.

If you don't realise what a DDoS attack does, then obviously you don't belong in jail. You belong into a home for seriously mentally handicapped people.

Re:

[Opportunist]

Oh the humanity, your Christmas was ruined. Any other first world problems that plague you?

Re:

[TheUz]

>Oh the humanity, your Christmas was ruined. Any other first world problems that plague you?

Actions have consequences. A malicious act will invoke measures to cease that act.

This is not a first world problem. This is a behavior problem.

Re:

[arth1]

Not "little more". Just a service interruption. But a "service interruption" that was destroying Christmas fun for a few million people.

There was very little damage done to each person. Maybe a minute of jail sentence worth of damage. Multiply by a million, and you get two years.

It wasn't just the gaming service that got hit. Sony Entertainment Network including "Video Unlimited" (formerly known as Qriocity) went down too. People who had paid up to $9.99 to rent a movie could not watch it in the 24 hours before it expired.

Same with Music Unlimited which is a subscription service, and where based on earlier incidents, people will NOT get reimbursed by Sony for several days of outages.

Re:

[Opportunist]

Odd. I didn't notice any degradation of service. Then again, I'd be very surprised if it was but a burp compared to the amount of spam that clogs the pipes.

Re:

[RatBastard]

I'm sorry, should we not punish them for breaking the law becuase they didn't cause physical harm or loss of property?

Re:

[Opportunist]

I'm sorry, I didn't know our justice system became binary with nothing between "let them go free" and "lock them up as Bubby's new bride and throw away the key".

Re:

[marsu_k]

<voice style="Teal'c">Indeed [krebsonsecurity.com]<voice>.

Re:

[westlake]

You mean "script kiddies" who are desperate for attention.

Fine distinctions of this sort may still matter to the geek, but no one else gives a damn any more.

Re:

[ultranova]

You mean "script kiddies"

Terrorists. There are bound to be a few muslims in an international group like that.

Alias?

[ArcadeMan]

An alias is supposed to be a cover for your real name. If your name is Ryan C. and you choose "ryanc" as your alias, you're too dumb to be a hacker.

Re:

[Lunix Nutcase]

Or it would be a great alias for getting a Ryan C in trouble.

Re:

[ArcadeMan]

Cryan R. maybe.

Re:

[Anonymous Coward]

Ryan C. is a pretty good alias when your name is Julius Kivimäki [krebsonsecurity.com].

Re:

[Opportunist]

Still not the best idea to hold your face in front of a camera. So he wins on the alias front, but loses on the cam-whore front.

Re:

[arth1]

He's not outside the jurisdiction of the law, but he's outside the jurisdiction of US law.
Like most European countries, Finland will not extradite minors (or adults for crimes done when a minor). He's 16, so at least he doesn't have to fear the American vengeance system.
But a couple of years of rehabilitation in a Finnish penitentiary is not impossible, and perhaps likely if he's really done all he's bragged about.

Anonymous did FBI's job for them

[bigdady92]

https://www.youtube.com/watch?v=kwxLEdKbtRk

All known people in Lizard Squad Identified. Their personal information, their schools, their emails, IP's, address', everything is out there for the world to see.

Majority of these !@#$!@$%!$!$ are kids who deserve punishment of some sorts. Not full physical violence by beating them in the face with a shovel, oh no. Community service like picking up trash and taking care of people in an old folk's home, humiliating and humbling works. Punish them as their lives are

Re:

[Anonymous Coward]

Is this Reddit Boston Bomber quality identification? Or is it accurate?

Any other sauce than video?

[grimJester]

I'm not going to watch a 22 minute video on this. Seriously, that's the suckiest way of presenting info like this one could imagine.

Re:

[Talderas]

Info about cam-whores presented by cam-whores.

Re:

[CaptainDork]

Anonymous has it's moments.

Especially the moments where the only people with talent (but not enough to go undetected) were captured.

Anonymous ... isn't so much.

FBI's 4-step process for solving crimes

[mandark1967]

1 - Accuse wrong person
2 - Wait for culprit to confess all over the internet and others to post identification of culprits
3 - Arrest (proof of guilt, optional, but not necessary)
4 - Profit!

See that?! They're so thorough they take the ??? outta step 3!

Re:

[__aanbvm4272]

You forgot #5 And then recruit those dumb kids.

FBI conclusion reached

[Dishwasha]

ryanc is indeed a dumb@$$