Looking for a Cheap Service for DDoS Penetration Testing? How Does $2.99 Sound to You?

Linda Musthaler
By | January 19, 2015

Posted in: Network Security Trends , Gaming DDoS Protection

Lizard Squad, the hacking group that takes credit for attacking the Sony PlayStation Network and the Microsoft Xbox network back in December, now wants to be your commercial provider of a sort of "penetration testing" toolkit. CNN recently reported that anyone can rent the Lizard Squad tool called Lizard Stresser for as little as $2.99 to launch a DDoS attack on any IP address. Presumably you would use it against your own website if you are truly doing penetration testing, as Lizard Squad recommends.

CNN reports that customers can use Lizard Stresser to take down IP addresses for between 100 seconds (for just $2.99!) to as much as 8 hours (for the low, low price of $69.99). Of course, taking down a website that you don't own is not legal, so Lizard Squad suggests you use the service only against your own digital properties for testing purposes.

The attacks (or "tests" if you prefer) average 5 Gb per second of traffic, with a maximum of 20 Gb, aimed at the specified target. That's quite a powerful attack. As proof of the effectiveness of Lizard Stresser, look no further than the PlayStation and Xbox "proof of concept" demonstrations last month. You might even think of those attacks as "marketing campaigns" since they did garner worldwide attention, although it's not likely that either Sony Entertainment or Microsoft would see it that way.

Lizard Squad even offers tech support for non-technical people who may not be familiar with the idea of this type of penetration testing. Confused users can open a trouble ticket to ask for help online.

Before you rush to sign up for this inexpensive service – to test your own systems, of course – there are two things to keep in mind. First of all, Lizard Squad's infrastructure might be a little bit unstable. Security expert Brian Krebs reports that the underlying infrastructure of the DDoS service consists of a botnet made up of home routers, commercial routers at universities and companies, and other unknown devices. Some people affectionately call the botnet the Lizard Lair.

Second, this infrastructure is not the most secure network ever built. It has been hacked and the previous customers who have already used the DDoS service – more than 14,000 people – have had their identities revealed. It seems that Lizard Squad made the mistake of storing all their usernames and passwords in plain text.

In the immortal words of the fictional Forrest Gump, "stupid is as stupid does."

You May Also Be Interested In: