Lizard Squad Offering Its DDoS Tool For Monthly Fee

While I can't honestly say that the Lizard Squad ruined Christmas this year, the hacking group prevented me from playing my freshly acquired copy of Bungie's Destiny for the PlayStation 3. The inability to play the game was a bummer to say the least, and at first I grew furious with Sony and Bungie over the connection issues. I couldn't even install the necessary patches to get the game up to speed.

But as reports began to surface that both PlayStation Network and Xbox Live were suffering Distributed Denial of Service (DDoS) attacks, all I could do was shake my head. Really people? Why disrupt these networks on Christmas Day? The answer is simple: Lizard Squad was demonstrating its DDoS tool, a tool the group is now offering for a low monthly starting price of $5.99. Now anyone can cause havoc on the Internet.

Oh boy.

The tool is called the Lizard Stresser, and it comes with eight different price plans. The price goes up as the duration of the attack goes up. For example, the starting price pays for an attack that lasts for 100 seconds. Want something longer? Try 1500 seconds for $28.99 per month. The most expensive package is the 30,000-second monthly subscription, which will cost $129.99 per month or $500 for a "lifetime" subscription.

The group also provides add-ons, such as the concurrent "dual boot" for $299.99 and a 5x concurrent "dual boot" for a meaty $1139.99. All fees and purchases are made using Bitcoin; however, the group plans to add PayPal support in the near future. Payments through VPNs aren't supported, so customers will need to find a different way to hide their purchases.

According to VentureBeat, the Lizard Stresser has been used three times since the Lizard Squad began offering the subscription plans about ten hours before this report.

So what's a DDoS? This attack requires access to a botnet, which is a network of computers controlled by the DDoS author. Those who use the new tool will be able to flood a specific server to the point that normal traffic cannot access the targeted service, such as PSN and Xbox Live. Typically, a DDoS attack is used as part of a protest. (Anonymous comes to mind.)

Recently, one of the group's members contacted Daily Dot and said the Christmas Day hack was merely a marketing scheme. "Playing games on a Twitter is fun, but it comes down to the money. The objective here, for me at least -- can't speak for others -- is money." Other members of the group said they attacked the gaming networks for the "lulz" (aka "for laughs").

Xbox and PlayStation customers sure weren't laughing on Christmas Day.

Regardless, the big story here is that a DDoS tool will be made available to anyone on the Internet. The Lizard Squad plans to let its tool take the stage while the group fades back into the background. The group has already promised it won't attack PSN and Xbox Live again, but that won't thwart disgruntled gamers with a little bit of cash in their pockets.

Follow Kevin Parrish @exfileme. Follow us @tomshardware, on Facebook and on Google+.

  • saymi
    It can help companies test how resilient they are to attacks.
  • thefiend1
  • maxiim
    wonder how many gullible folks are going to get infected to the seven hells with this
  • Urzu1000
    This is excellent news for major companies. A massive DDoS stress-test for their servers, for a few bucks. Pity the hackers get the money, but who cares? Improve, step forward, repeat.
  • yumri
    Think of the company to company aggressive attacks against one another to beat the small ones back when they are just getting big enough online to make their own mark?
    That is one of the things that instantly come to mind with this article.
  • Quixit
    I'm taking bets on how long it takes for them to be caught. I suspect they've already been infiltrated and are being pumped for information as I type.
  • hoofhearted
    I don't get it. How is it that someone doing something that is illegal able to use paypal or bitcoin? Can't the FBI just make paypal or bitcoin give them up?
  • back_by_demand
    Sure, try to force Bitcoin to give up who the money goes to
    Good luck with that
  • bit_user
    So, on what site are they selling it? Would be neat to turn their own tool against them. Or just DDOS them with something else. But I'm guessing it's probably on Tor (or something like that) and not easy to attack without taking out a large part of the entire network.

    In the end, ISPs need to get better at foiling DDOS attacks. Like smart routers that can track the frequency of requests from each IP to pick out which ones are participating in the attack and block them. Then, communicate those block to upstream ISPs, so they can be blocked closer to the source. In fact, I thought such techniques were being used for years.
  • coolitic
    DDOS "products" always offer their "services" as stress testers. While it can be used for that purpose, they're generally intended to cause havoc.