On Christmas Day, a dedicated denial of service (DDoS) attack from a group calling themselves the Lizard Squad brought down Xbox Live for most of the day, and Sony’s Playstation network for quite a bit longer. The Lizard Squad said they did it for the lulz, but later announced that they were marketing a “stresser” service, in effect renting out their botnet.
Later, in the first few days of 2015, the Lizard Squad apparently launched the same kind of attack on KrebsOnSecurity, a website run by security researcher and journalist Brian Krebs. While it took the site offline, it also gave Krebs an opportunity to analyze the attack. What he found was that the attack was using a type of malware that targets home routers with default security settings (ie: “admin/password”), and then fans out to look for and infect other routers with the same insecure settings.
The botnet used more than just home routers, including commercial routers at universities and companies, but the success of the malware to find and infect lots of insecure routers contributed to the strength and widespread nature of the attacks.
Krebs says that the hackers, who he refers to as “a group of young hoodlums” have shown themselves to be pretty unsophisticated, and he lay out a number of details about their operation, including the location of their stresser (or “booter”) service in Bosnia, some of their administrator names, and the location of the botnet controller, also in Bosnia in the “same small swath (of) internet address space” as the LizardStresser website.
Krebs goes on to write up “Router Security 101”, which hopefully you have already followed long ago but is well worth the time to read. Basically, make sure you have changed your default username and choosing a strong password, setting up encryption on your wireless router, and switch to using OpenDNS.Further reading: Lizard Squad, Microsoft, Xbox Live