Feds Accuse Two 19-Year-Olds Of Hacking For Lizard Squad and PoodleCorp
The arrests of the two teenagers might be part of a larger law enforcement clampdown against the hacking groups who specialize in DDoS attacks.
Image: Natalia Yudenich/Shutterstock
The FBI is accusing two teenagers, one from the US and one from the Netherlands, of being members of the hacking groups Lizard Squad and PoodleCorp, which have gained notoriety for targeting online gaming services such as Blizzard's World of Warcraft, and League of Legends, among others.
On Wednesday, the US Department of Justice announced that 19-year-olds Zachary Buchta, from Maryland, and Bradley Jan Willem Van Rooy, from the Netherlands, had been charged with computer crimes associated with a series of distributed denial of service (DDoS) attacks launched against gaming services, and for selling DDoS-for-hire services and stolen credit cards.
Buchta is accused of being the person behind the Twitter accounts @fbiarelosers (which is now deleted but whose bio read "retired," according to an archived version of the account dated July of this year), @xotehpoodle, and the online monikers "pein" and "lizard." Van Rooy is accused of being behind the semi-official Lizard Squad account @LizardLands, among other aliases.
In an affidavit attached to the criminal complaint, an FBI agent who investigated the case said that the authorities have identified four individuals connected to Lizard Squad, its apparent heir PoodleCorp, and their DDoS-for-hire services Shenron Stresser and Poodle Stresser.
Last year, other members of Lizard Squad were also arrested, and the arrest of the two teenagers appears to be part of a larger law enforcement operation against the people behind Lizard Squad and PoodleCorp.
Earlier this week, an individual with control of the Twitter account @PoodleCorp, which the FBI itself identifies as the "official" account for the group, told Motherboard that "the poodles are dropping like flies," and "are lying dormant" after a series of raids.
"We have been forced to shred drives etc. There have been a few raids. Can't press charges without evidence though. And you know how long they take?" the hacker, who identified as "XO" and proved to be in control of the @PoodleCorp account, told me. "Will be many months before they decide to try and press charges. If they even do."
"The poodles are dropping like flies."
It's unclear if the hacker who spoke to Motherboard and identified as "XO" is Buchta, who the FBI accuses of being behind the "@xotehpoodle" and "xo" aliases. Buchta was arrested last month in Maryland, according to the DOJ, and was scheduled to appear before a judge in Chicago on Wednesday. Buchta could not immediately be reached, and the hacker who identified as "XO" did not respond to a request for comment
A hacker who goes by the name Cripthepoodle, who claimed to be once part of PoodleCorp in an interview last week, described Buchta and Van Rooy as "old friends that I don't like anymore."
"They deserved it for being dumb," Cripthepoodle told me in a Twitter chat, before adding that the FBI was at his school.
"The FBI just came to my school and pulled me out of class.... wtf im worried," he wrote in a tweet, before telling me in a private message: "Gtg [Got to go]."
Van Rooy apparently taunted the authorities online and posted messages saying him and the rest of Lizard Squad would never be arrested. On May 15, 2015, the Twitter account LizardLands, allegedly controlled by Van Rooy, boasted about the fact that the members of Lizard Squad were still at large.
"Almost 1 year ago the FBI stated that they would arrest us. There still hasn't been a single indictment," the tweet read.
Then earlier this year, on April 13, he challenged the authorities.
The two were careless in private. Van Rooy allegedly joked in a private message that he'd never get raided because he was too close to a police station, and even sent a picture of the station to an unidentified Twitter acquaintance.
"Living above a police station, they'll never swat/raid me. Even if they would trace down my shit, they'd leave the address cuz of that reason ^^" he said, according to the FBI agent's affidavit.
Buchta discussed ongoing cyberattacks in direct messages sent by his alleged account @fbiarelosers. The FBI was able to link this account to Buchta because the Google Voice number he used to register the account was linked to his real cellphone, which he provided to the feds during an interview related to a separate case in 2014. The FBI also found his home IP address and an IP address for his VPN provider to connect to the Twitter account.
Last month, the PoodleCorp account tweeted that on October 21, the hacking gang would put the videogame Battlefield "in the oven." After these arrests, and those that are yet to come, perhaps these attacks are over.
Correction: a previous version of this article stated that Battlefield is Blizzard's online gaming portal. It's actually a separate game.