Squad

Two teenagers suspected of being members of the Lizard Squad and PoodleCorp hacking groups were arrested last month by law enforcement authorities in the United States and the Netherlands.

Zachary Buchta, of Fallston, Maryland, and Bradley Jan Willem van Rooy, of Leiden, the Netherlands, have been charged with conspiracy to cause damage to protected computers, which carries a maximum sentence of ten years in prison.

The suspects, both aged 19, have been accused by U.S. authorities of operating a service that allowed users to launch distributed denial-of-service (DDoS) attacks. They are also suspected of trafficking payment card information stolen from thousands of individuals.

The Lizard Squad and PoodleCorp are best known for massive DDoS attacks that disrupted the servers of several gaming companies, including the PlayStation Network, Xbox Live, EA and Blizzard. The Lizard Squad is also known for hacking the websites of companies such as Lenovo, Malaysia Airlines and Cox.

According to the Department of Justice, Buchta used the online monikers [email protected],” “pein,” “xotehpoodle” and “lizard,” while van Rooy used the nicknames “Uchiha,” [email protected],” “dragon” and “fox.”

The FBI’s complaint also mentions two other individuals associated with Lizard Squad and PoodleCorp. They have not been named, but they use the online monikers “Chippyshell” and “AppleJ4ck.”

The complaint also shows that Buchta was linked by investigators to the @fbiarelosers account, which had discussed the DDoS attacks in private conversations with other members of LizardSquad, based on messages sent via Twitter. Records obtained by investigators from Twitter, AT&T and Sprint linked the Twitter account to a phone number associated with Buchta’s residence.

Records from Comcast showed that his IP often connected to an overseas VPN service that had been used to access the @fbiarelosers account and the websites operated by Lizard Squad and PoodleCorp. The FBI determined that Buchta’s Comcast account had accessed the @fbiarelosers account at the exact time when it had been used to discuss DDoS attacks.

Van Rooy, who is currently in custody in the Netherlands, did not even bother to hide his real IP address, which he used to access @UchihaLS and other Twitter accounts associated with the Lizard Squad. Subscriber records allowed law enforcement to link the IP to a residence in Leiden.

In private conversations with other Twitter users, @UchihaLS said he lived above a police station and claimed that even if they could trace him, they would simply “think it as a hoax.” These messages and a photograph shared by @UchihaLS linked van Rooy to the account.

Last year, police in the UK questioned at least two individuals suspected of being involved with the Lizard Squad, but so far there is no news of a conviction. A teen in Finland, also suspected of being a member of the group, was convicted last year on fraud and harassment charges, but he only received a suspended sentence.

Authorities in the UK also arrested six individuals accused of using the Lizard Squad’s LizardStresser DDoS service.

Related: UK Crime Agency Website Downed by Hackers as Revenge

view counter

Previous Columns by Eduard Kovacs:

Tags:


SecurityWeek RSS Feed