The notorious Lizard Squad hacking gang who brought down the PlayStation Network and Xbox Live over the Christmas holiday, ostentatiously courted the media about their antics, and recently launched a DDoS service, may have bitten more than it can chew.
Vinnie Omari
On Monday, British police arrested 22-year-old Vinnie Omari at his home in London, and confiscated computer equipment, mobile phones and even his Xbox One on suspicion “of fraud by false representation and Computer Misuse Act offence.”
A statement released by the Thames Valley Police Department, doesn’t link Omari to the Christmas attacks against PSN and Xbox Live, but says Omari’s arrest is in connection with PayPal fraud:
The arrest yesterday (30/12) is in connection with an ongoing investigation in to cyber fraud offences which took place between 2013 and August 2014 during which victims reported funds being stolen from their PayPal accounts.
What is frankly bizarre is that Omari appeared on a segment of a Sky News report just a few days before his arrest, commenting on the Lizard Squad attacks. Sky News described Omari as an “online security analyst” who is “well-connected with the [hacking] community.”
You can watch the full Sky News report, which includes an on-screen interview with a member of Lizard Squad (more about him below) here.
If Omari is genuinely a member of the Lizard Squad hacking group, drawing attention to himself by offering his services to a TV news report seems particularly daft. But then the Lizard Squad appears to be very keen on generating publicity.
As cybercrime blogger Brian Krebs reports, BBC Radio 5 conducted an interview with two Lizard Squad members (“Member 1” and “Member 2”) on December 26th.
You may find Member 2’s voice familiar. He has a British accent, claims to work in computer security, says he is 22 years old with a 10-year-old Minecraft-loving brother. I’m not an expert on voice forensics, so I couldn’t say if it’s possible that Member 2 is Vinnie Omari. You should listen and decide for yourself.
No charges appear to have yet been filed against Omari, who has been released on bail until March 2015.
Julius Kivimäki
Meanwhile, the Finnish media is reporting that another suspected member of Lizard Squad has been questioned by the authorities in Helsinki.
Finnish police, who have been working closely with the FBI on the case, believe that the person they are investigating is the Lizard Squad member who wasn’t afraid to show his face on camera when interviewed by Sky News about the attacks on the gaming networks.
The Lizard Squad member that Sky News interviewed used the pseudonym “Ryan” or “Ryan Cleary” – a name which surely wasn’t chosen at random, as it is shared with a British man who was affiliated with the notorious LulzSec hacking gang.
The real Ryan Cleary was sentenced in 2013.
So who is the Lizard Squad “Ryan”? Well, Brian Krebs believes the hacker to be a Finnish teenager named Julius Kivimäki, who allegedly previously caught the attention of the authorities for running a botnet and possessing stolen credit card details.
It seems to me that Lizard Squad is desperate to emulate LulzSec. More fool them.
Let’s hope that Lizard Squad copies LulzSec successfully in one area at least, and that the computer crime-fighting authorities apprehend the culprits, and justice is done.
Hacking is very easily cured, give the defective monkeys the bill for their damage and make them pay it off their entire useless life.
Any of the big malware outbreaks causes well in excess of a billion dollars damage, just give the hacker the bill. Give then a couple of dollars a day to live on then take the rest, if they don't work they get put in general population prison with no protection.
Kevin Mitnick.
Not only was he made an example of (I'll not get in to his foolishness to be caught twice, nor will I get in to his situation being sensationalised by the media) by the US government (some examples: no rights to evidence, scare-mongering in the courts (by the feds), 5 years in prison (which was a lot for this in those days, as I seem to remember he was released in 2001 (and if he was arrested in 2002 instead he'd have been in a world of more trouble)))… he then got out of prison and started his own company teaching some things (under the guise of security as a notorious 'hacker' (an exceptional social engineer)), already had a lot of attention (something he likes, or so he acts like that)… and well, there's more things too, of course. Bottom line is: this is not any different from other crimes – you won't get rid of the problem. You can only do as much as you can to protect yourself but there will never be stopping it, no matter what you use to deter them: as long as humans exist there will be those who want to wreak havoc. That's just the way it is. (I do agree though that there is a problem with the way they handle it – and give them attention, often in a postive light – and it includes punishment… and I also agree that they don't make criminals pay back what they caused in damage, but… that aside, it won't deter 100% of the cases).
Interesting that you would have this article today, Graham. A long time friend (from what some might call the underground although we weren't exactly out to break the law and we didn't) was showing one of Sky News article to me, yesterday. He also was (like me as ever, and same with him) and is ever annoyed with the media's abusing (that) word in so many ways (sometimes it is 'good', sometimes it is 'neutral' and usually it is 'bad' yet.. originally it was only 'good' and it applies to non computer things too). I long ago accepted it as it is and while is annoying I just ignore it more or less (just shift the perspective and it works out okay)… but because he wanted to write something about it (and he realised how difficult it is, which is why I told him my take on it)) – and this will add to the story in a rather crazy way – he started to dig up information on the author of one of the Sky News articles (not sure which one).. and I'll just let his wording speak for it:
"The reporter who wrote the article and gave Lizard Squad members facetime on Sky News .. has liked the facebook pages of Lizard Squad from his personal facebook account"
(I'm noting the pun there… )
Boggles the mind. Interestingly, he also linked to me an article from Krebs as well:
http://krebsonsecurity.com/2014/12/lizard-kids-a-long-trail-of-fail/
… has some interesting bits as well. Including the whois lookup of at least one of them (or one of their domains (makes me wonder about their others…)) as well as that one is possibly in Australia (possibly = definite). In any case, as you put it on welivesecurity, they are playing with fire. That fire will burn much more than they think (or if they think they certainly don't care). The interesting thing is (and amazing), each decade that passes, the penalties of these things increases by a lot… and yet these things are far more wide-spread too.
I think in many respects they are worse than LulzSec. Of course, in the end even a successful DoS attack is fire .. a DDoS attack is… if you will excuse the pun and extension of the analogy, a battle amplified past the border ('country' or 'router', choose your poison).
This is a wild goose chase. We are laughing…
It's not who laughs first, but who laughs last that counts.
It remains to be seen who laughs last. ;^)
This kids are having fun.
Apparently, you think it's fun to make others miserable at Christmas time….so you're one of those….good luck! You'll need it, Ebenezer….
"That's life!
And as crazy as it seems,
some people get their kicks
by stomping on a dream.
But I'm not gonna let it,
let it get me down.
'Cause this fine old world
just keeps spinning around."
"That's Life" ~Frank Sinatra