Users of DDoS-as-a-Service are arrested in the UK

Back in January I told you about DDoS-as-a-Service, brought to you by the nefarious hacking group known as Lizard Squad. (See Looking for a Cheap Service for DDoS Penetration Testing? How Does $2.99 Sound to You?)

Lizard Squad has a tool called Lizard Stresser that anyone can rent to, um, perform penetration testing against a website—presumably a website owned by the person doing the testing. A “test” sends high volumes of traffic to a targeted website, in effect creating a denial of service of that site.

Now there is news that National Crime Agency (NCA) in the United Kingdom has arrested six teenagers who all used Lizard Stresser against targets that included a national newspaper, a school, gaming companies and various online retailers. The teens paid for their use of the DDoS tool with alternative payment services like Bitcoin in an attempt to remain anonymous. (Looks like that “remain anonymous” part didn't work very well, as the NCA and other law enforcement agencies managed to learn precisely who carried out the DDoS attacks.)

NCA officers also are visiting an additional 50 or so people who registered on the Lizard Stresser website but who are not suspected of carrying out DDoS attacks. These individuals will be warned that DDoS attacks are illegal and that there would be serious repercussions if they were to launch an attack.

Approximately 30% of UK businesses report that they have suffered a DDoS attack in the past year. The National Crime Agency and its partners encourage businesses to take steps to protect themselves. Even a short duration attack of a few hours or less can be detrimental to businesses that provide a service via the Internet.