FBI Allegedly Investigating Lizard Squad Member Over Xbox Live, PSN Attacks

blottsie writes The FBI is actively investigating a member of the hacker collective that claimed responsibility for recent high-profile cyberattacks on Microsoft and Sony properties, according to multiple sources with knowledge of the investigation and the attacks. A member of the Lizard Squad hacking group, who goes by the alias "ryanc" or Ryan, allegedly garnered the attention of a special agent with the Federal Bureau of Investigation after speaking with the media about Lizard Squad's Christmas-day attacks on Xbox Live and the PlayStation Network.

Hacker Group?

[CimmerianX]

You mean "script kiddies" who are desperate for attention.

Re:Hacker Group?

[Megane]

after speaking with the media

Yep. You can have all the kiddie fun you want, but when you say LOOK AT ME! don't be surprised when you get looked at by the feds.

Re:Hacker Group?

The Feds could care less until the morons said they were going to harm movie theaters.

Now there's more "TOP" men being thrown at this than Colorado, Bengazi, and the Boston Bomber combined in order to wag the dog some more and distract the public from real issues.

Re:Hacker Group?

They made no claim of attacking movie theaters to my knowledge (I think you've confused the other Sony attack with this one). They did threaten a plane with a Sony exec on it not too long ago however.

Re:Hacker Group?

The Feds could care less

Why do people say this, it makes no logical sense whatsoever. Are you trying to say they do actually care?
If you meant to imply they don't care, then they COULDN'T care less.

Re:Hacker Group?

[Tokolosh]

If a company like Sony is this vulnerable to script kiddies, I want to know about it. Just imagine what professionals could do? The Lizard Squad has done us a favor.

Re:Hacker Group?

[Himmy32]

Nearly everyone is vulnerable to DDoS attacks, as long as your attacker has more bandwidth than you do. They've done nobody any favors.

Re:Hacker Group?

[MPBoulton]

If a company like Sony is this vulnerable to script kiddies, I want to know about it. Just imagine what professionals could do? The Lizard Squad has done us a favor.

Agreed - Sony / Microsoft clearly wouldn't have done anything to plug these vulnerabilities themselves without the actions of these guys. Working in IT at Sony must be a really depressing place to be right now...

Re:Hacker Group?

You can't do much against DDOS. Except kill the botnet control servers. But that woulda be hackin', innit?

Re:Hacker Group?

[DaHat]

Lizard Squad != GOP... or do you have additional information?

Re:Hacker Group?

well the kids can learn the game of don't drop the soap.

Re:Hacker Group?

[Opportunist]

There is a difference between a hack and a DDoS. A hack is breaking into your home. A DDoS is dumping a truckload of sand in front of your entrance. One requires knowledge, skill and tools, and knowing how to use them. The other requires a truck. And maybe the ability to drive stick.

Also, we're not talking about Sony HQ. We're talking about a Sony service. A service that is already paid for and that users have to pay for whether they can actually use it or not. You may draw your own conclusions, especially concerning how much of a fuck Sony gives about this being available or not.

Re:Hacker Group?

We do know that Lizard dorks and GOP aren't the same. What has been reported though is that there have only been assumptions that the threats were made by the same people that hacked Sony. There was never any proof that any of the latter communications were actually FROM the GOP. It could have been anyone. Do recall that for the first week there was NO MENTION at all of The Interview by the hackers or people posing as them. Until some news commentators speculated that "it could be North Korea in retaliation for The Interview" there was no mention of it by the "hackers". Later, they started saying, "yeah, we don't want that released" and "9-11 style" stuff. But nobody has shown it was even the same people. It could have been the Lizard dicks for all we know...

Re:Hacker Group?

[Stan92057]

http://ddosprogram.com/

Anybody that is nobody can get the software to do an attack. No reason in this gods green earth software of this nature should be in the public domain.

Re:Hacker Group?

A DDoS is obviously not a "hack", however capturing enough bandwidth to provide what is estimated to be one of the largest DDoS attacks ever, may in fact require some genuine skills.

Re:Hacker Group?

[marsu_k]

Indeed<voice>.

Re:Hacker Group?

[Opportunist]

Well, you can do a few things to mitigate a DDoS attack. Basically you have to distinguish between two kinds of DDoS. One where a flaw in a service on your side is being exploited and one where your connection is simply flooded with traffic. The first is easy to mitigate: Patch it. Ok, easier said than done in a corporate environment, but you get the idea. If your service is susceptible to a denial of service attack by, say, abusing an implementation flaw, you can actually improve on your service and mitigate the effect fairly easily.

The other would be where the attacker simply fields superior bandwidth or leverages techniques where little bandwidth use on his side leads to lot of traffic on your side. E.g. DNS-request spoofs. To mitigate that you usually need the cooperation of upstream providers, but I'm kinda certain that Sony can easily "convince" anyone they deal with that they should better aid them in their struggle. E.g. by blocking DNS replies from outside servers further upstream.

There are ways to mitigate DDoS attacks. But they all cost time and money.

Re:Hacker Group?

[Opportunist]

So you support locking kids up in prisons where they have to expect physical harm for little more than a service interruption? What's your demand for theft? Stoning?

Re:Hacker Group?

[sg_oneill]

The Feds could care less

They do when a couple of multi billion dollar multinationals with serious US investments come under attack.

Its all about the money.

Re:Hacker Group?

[JaneTheIgnorantSlut]

hothardware.com is hardly "all over the news"

Re:Hacker Group?

[gnasher719]

So you support locking kids up in prisons where they have to expect physical harm for little more than a service interruption? What's your demand for theft? Stoning?

Not "little more". Just a service interruption. But a "service interruption" that was destroying Christmas fun for a few million people.

There was very little damage done to each person. Maybe a minute of jail sentence worth of damage. Multiply by a million, and you get two years.

If you don't realise what a DDoS attack does, then obviously you don't belong in jail. You belong into a home for seriously mentally handicapped people.

Re:Hacker Group?

[jeffmflanagan]

Why would you expect top men to be involved in investigating the wingnut's Benghazi fake outrage. We leave that to pandering goons like Darrel Issa.

Re:Hacker Group?

[jeffmflanagan]

>distasteful and represents how radical left wing nuts control the media

I can't tell if you're joking, or deeply immersed in wingnut alternate reality.

Re:Hacker Group?

No, there isn't. A "hack" is "anything hackers did", and "hackers did it" always applies when nobody knows for sure who did what or what happened. And no, those "hacks" you speak of, typically don't require much more than rattling the doors, windows, crevises, sheds, and other virtual property of the mark until you find a suitable spot to apply a standard-pattern exploit to. This can be fully automated, and indeed usually is. The only difference is that a DDoS is distinctive enough ("our intarwebz tubes got stuffed full of crap!") to warrant its own name, but you still don't know who did it, thus it was "them hackers in them thar intarwebz" again.

So no, since they have been rudely stripped of their original meaning, "hack" and "hackers" have become entirely meaningless, used for anything, anywhere, for any reason. Down to "night guard stuffing USB keylogger in the backs of employer's computers". And so no, you do not get to reinvent meaning where you've fscked up so badly before. Therefore your attempt at redefinition is hereby [x]denied.

Re:Hacker Group?

[westlake]

You mean "script kiddies" who are desperate for attention.

Fine distinctions of this sort may still matter to the geek, but no one else gives a damn any more.

Re:Hacker Group?

You mean "script kiddies" who are desperate for attention.

Far from a script kiddie. You don't have access to the kind of bandwidth they are pushing by using your home ISP or a simple botnet. They have compromised some important routers which they are using to flood.

Re:Hacker Group?

http://ddosprogram.com/

  Anybody that is nobody can get the software to do an attack. No reason in this gods green earth software of this nature should be in the public domain.

It won't do you any good unless you have access to multiple systems with solid bandwidth. You try this from a comcast with your 50mbit link and you won't even register as traffic.

Re:Hacker Group?

So you support locking kids up in prisons where they have to expect physical harm for little more than a service interruption? What's your demand for theft? Stoning?

Yes. Because they didn't just take down Sony and Xbox Live. They disrupted every ISP in between them and the original point of attack which caused problems for people who don't own a console system.

Re:Hacker Group?

[RatBastard]

I'm sorry, should we not punish them for breaking the law becuase they didn't cause physical harm or loss of property?

Re:Hacker Group?

[ultranova]

You mean "script kiddies"

Terrorists. There are bound to be a few muslims in an international group like that.

Re:Hacker Group?

[Opportunist]

Oh the humanity, your Christmas was ruined. Any other first world problems that plague you?

Re:Hacker Group?

[Opportunist]

Odd. I didn't notice any degradation of service. Then again, I'd be very surprised if it was but a burp compared to the amount of spam that clogs the pipes.

Re:Hacker Group?

Yep, idiots like you.

Re:Hacker Group?

[bloodhawk]

really distributing a malware infested torrent would require particular skill? script kiddies can easily launch this sort of attack nowadays, hell if they have money they don't even need to make the effort to distribute malware they could just rent a botnet from one of the underground sites.

Re:Hacker Group?

[TheUz]

>Oh the humanity, your Christmas was ruined. Any other first world problems that plague you?

Actions have consequences. A malicious act will invoke measures to cease that act.

This is not a first world problem. This is a behavior problem.

Re: Hacker Group?

Working in IT anywhere must be as depressing as hell.

Real hackers work as developers or software engineers. IT is for the data janitors. The modern equivalent of working as a file clerk or in the typing pool.

If it doesn't piss you off when an HR type assumes you work in IT because you're capable of programming, turn in your nerd card. You can apply for a 'geek' card, whatever the heck that is.

Re:Hacker Group?

Haha, republican retard detected.

Re: Hacker Group?

[DivineKnight]

Sounds like someone has never worked IT before (a summer job for many budding programmers during their high school years). Higher level IT wouldn't happen without knowledge of scripting languages (Python, PowerShell (I guess), Perl, etc.).

As for HR, they can assume I am the postman as long as they meet my hourly rate.

Re:Hacker Group?

"If you don't realise what a DDoS attack does, then obviously you don't belong in jail. You belong into a home for seriously mentally handicapped people."

they used to call it the 'slashdot effect' but then people stopped reading the stories.

Re:Hacker Group?

No, no we shouldn't tar and feather them. A reasonable penalty that fits the crime maybe.

Re:Hacker Group?

[sysrammer]

Good joke. As a nerd, of course, you already know that "gop" means "Guardians of Peace" in this context.

Re:Hacker Group?

[arth1]

Not "little more". Just a service interruption. But a "service interruption" that was destroying Christmas fun for a few million people.

There was very little damage done to each person. Maybe a minute of jail sentence worth of damage. Multiply by a million, and you get two years.

It wasn't just the gaming service that got hit. Sony Entertainment Network including "Video Unlimited" (formerly known as Qriocity) went down too. People who had paid up to $9.99 to rent a movie could not watch it in the 24 hours before it expired.

Same with Music Unlimited which is a subscription service, and where based on earlier incidents, people will NOT get reimbursed by Sony for several days of outages.

Re:Hacker Group?

The real problem is that we expect physical harm to people in prison.

I don't know how prevalent it is, but people joke about it all the time. (e.g. Enjoy PMITA prison).

And if one doesn't get raped, you can expect fights and to possibly be shanked while the guards look the other way.

Maybe I've watched too much TV and too many movies, but this stuff does happen. I just don't know how often.

The sheer psychological harm this would cause me and many other people who have never even been arrested if we were suddenly sent to prison would be devastating.

And then of course you've got the whole problem of getting a job when you get out.

Re: Hacker Group?

Thank you for the sensible comment. I was getting sick or reading all the alarmists on here.

Re:Hacker Group?

[Opportunist]

I'm sorry, I didn't know our justice system became binary with nothing between "let them go free" and "lock them up as Bubby's new bride and throw away the key".

Alias?

[ArcadeMan]

An alias is supposed to be a cover for your real name. If your name is Ryan C. and you choose "ryanc" as your alias, you're too dumb to be a hacker.

Re:Alias?

[Lunix+Nutcase]

Or it would be a great alias for getting a Ryan C in trouble.

Re:Alias?

Plot twist: His name is Bryan.

Re:Alias?

[ArcadeMan]

Cryan R. maybe.

Re:Alias?

Ryan C. is a pretty good alias when your name is Julius Kivimäki.

Re:Alias?

Bryan Cranston perhaps.

Re:Alias?

[Opportunist]

Still not the best idea to hold your face in front of a camera. So he wins on the alias front, but loses on the cam-whore front.

Re:Alias?

Lamont Cranston is his real name. Bryan's just one of many shadowy aliases.

Re:Alias?

His name isn't really Ryan C. Its Julius Kivimäki (also known as zeekill). He uses ryan or ryanc as a nick in IRC usually. The dude is pretty stupid and seems to think he's outside the jurisdiction of the law.

Re:Alias?

[arth1]

He's not outside the jurisdiction of the law, but he's outside the jurisdiction of US law.
Like most European countries, Finland will not extradite minors (or adults for crimes done when a minor). He's 16, so at least he doesn't have to fear the American vengeance system.
But a couple of years of rehabilitation in a Finnish penitentiary is not impossible, and perhaps likely if he's really done all he's bragged about.

Lesson - if you can't afford to lose,

then you can't afford to gamble.

Anonymous did FBI's job for them

[bigdady92]

https://www.youtube.com/watch?v=kwxLEdKbtRk

All known people in Lizard Squad Identified. Their personal information, their schools, their emails, IP's, address', everything is out there for the world to see.

Majority of these !@#$!@$%!$!$ are kids who deserve punishment of some sorts. Not full physical violence by beating them in the face with a shovel, oh no. Community service like picking up trash and taking care of people in an old folk's home, humiliating and humbling works. Punish them as their lives are now completely screwed for the next 3-5 years.

Anonymous has it's moments. This is one of them.

Re:Anonymous did FBI's job for them

Is this Reddit Boston Bomber quality identification? Or is it accurate?

Re:Anonymous did FBI's job for them

[CaptainDork]

Anonymous has it's moments.

Especially the moments where the only people with talent (but not enough to go undetected) were captured.

Anonymous ... isn't so much.

Re:Anonymous did FBI's job for them

No, I think they DO need their face beat in with a shovel....

Re:Anonymous did FBI's job for them

https://www.youtube.com/watch?v=kwxLEdKbtRk

All known people in Lizard Squad Identified. Their personal information, their schools, their emails, IP's, address', everything is out there for the world to see.

Majority of these !@#$!@$%!$!$ are kids who deserve punishment of some sorts. Not full physical violence by beating them in the face with a shovel, oh no. Community service like picking up trash and taking care of people in an old folk's home, humiliating and humbling works. Punish them as their lives are now completely screwed for the next 3-5 years.

Anonymous has it's moments. This is one of them.

I could make a video of people I dislike and post it on the internet. I would then make up a story how these people are responsible for taking down critical networks and work as a team in a hacker group. Before anyone knew it was fake these people would get hurt.

Vanity

...Definitely my favorite sin.

1. pull off a monstrously costly hack.
2. Let the Nork's start to take the blame.
3. Give an interview?! ...

There's shooting yourself in the foot and there's jumping into a bonemeal grinder in your swim trunks.

FBI's 4-step process for solving crimes

[mandark1967]

1 - Accuse wrong person
2 - Wait for culprit to confess all over the internet and others to post identification of culprits
3 - Arrest (proof of guilt, optional, but not necessary)
4 - Profit!

See that?! They're so thorough they take the ??? outta step 3!

Re:FBI's 4-step process for solving crimes

You mean "Arrest both people anyway, and put them through pointless trials while the FBI fakes evidence and solicits false testimony"

Re:FBI's 4-step process for solving crimes

[__aanbvm4272]

You forgot #5 And then recruit those dumb kids.

Any other sauce than video?

[grimJester]

I'm not going to watch a 22 minute video on this. Seriously, that's the suckiest way of presenting info like this one could imagine.

Re:Any other sauce than video?

[Talderas]

Info about cam-whores presented by cam-whores.

FBI conclusion reached

[Dishwasha]

ryanc is indeed a dumb@$$

Who believes the FBI?

Is this the same FBI that said it was NK that ripped Sony a new ahole?

Accents

They sounded British on the radio interview. So with the greatest of respect the FBI can fudge off. Hand over any information and he'll be prosecuted in the UK.

it's always haxx0rz with the media... and the feds

Calling script kiddies exactly that just doesn't sound scary enough, don't you know.

"Hackers" means "cyberbogeymen" now, and so that's a much better term to scare everyone with. Also much better to save face from the embarrasment of having failed to secure your systems and having left all sorts of juicy things online that never should have been online ever in the first place. Gotten "pwnz0rred" by s'kiddies? No, gotten "pwnz0rred" by (obviously 16 y/o, no matter) EBIL HAXX0R SUPERMEN. Much better story. Also much better story for the feds so they can show they're really on top of this super dangerous intarwebz fulla pedoterrorcrims thing. Heck, even the security industry plays along by donning white and black hats and calling each other out over whether the other guy has enough of that all-important "ETHICAL"ness.

So haxx0rz it is, first, second, last, left, right, up, down, top, bottom, strange, and love, all the way baby. Media, feds, bigcorp PR flaks, "electronic armies", none can live without bogeymen.

Re:it's always haxx0rz with the media... and the f

[tom229]

I wanted to murder these kids on Christmas just as much as anyone else, but allow me to play devil's advocate.

Considering this was mostly likely done with a botnet, and was probably something like a NTP applification DDoS, it's a bit more complicated than your generic script kiddie DDoS carried out by 4chan. Just because a DDoS is relatively easy to do with the right tools, doesn't make it any less of a hack. You could easily argue the best hacking method available is social engineering. Which of course is a method that requires very little technical knowledge and tools.

I predict.

First, it's stupid, I say again... STUPID to perform any kind of hack under a name with so few members. It will take all of five minutes to pattern match all the Lizard Squad members up.

One of the nice things about Anonymous, there are hundreds of thousands, even millions that associate to that name.

BUT , BUT They told me

they had proof North Korea did it!

Re:it's always haxx0rz with the media... and the f

Whoosh. None of that is "hacking" for a good and simple, fundamental reason. That is, in the original definition. The current one is exactly "anything we don't understand on teh intarwebz" equals "hacking", and so doers of that, those ebil cyberbogeymen of teh intarwebz, are "hackers". Trying to make any more sense itself makes no sense, it only looks pathetic.

There's a good reason why the jargon file starts off its definition with "originally, making furniture with an axe". This itself is a very hackish, HHOS type definition. Operative word is making, and none of what you talk about is constructive. It is fundamentally destructive. I really don't care how hard it was to go there. Praising wilful vandalism because it supposedly requires "r33l sk1llz, m4n", is more than a little naïve.

Re:it's always haxx0rz with the media... and the f

[Dutch+Gun]

No, they're undoubtedly script kiddies. They did not write anything of these tools, malware, or attacks themselves. These things are all nicely packaged and easily available to anyone who wants to use them. Seriously, go look around at what's out there. All you need is a bit of technical competence, which most power-users have, and enough time to look through forums and figure out how to use all this stuff.

This isn't hacking. It barely qualifies as clever. It's electronic vandalism, plain and simple. Frankly, this nonsense only works because there are millions of users who are seemingly willing to click on any random shit and get their computers infected with all sorts of nasty malware, and it's easy to subvert those computers into your own personal botnet army. Nearly any competent programmer I personally know of could do this if they really wanted to spend the time and effort doing so, but we choose not to, for pretty obvious reasons.