Six Suspected Lizard Squad Customers Arrested, 50 Given a Lecture

The National Crime Agency is trying to intervene before young people get into serious hacking.

|
Aug 28 2015, 2:45pm

Image: A. and I. Kruk/Shutterstock

When cybercrime pops up in the news, it's often accompanied by footage of dramatic raids, or grand press conferences held by law enforcement.

This time, however, the National Crime Agency (NCA)—which is essentially the UK's version of the FBI—has taken a different approach. Officers are visiting around 50 different addresses linked to a website selling DDoS tools to give individuals an educational lecture about why they shouldn't start getting into cybercrime proper.

"Those receiving visits will be told that DDoS attacks are illegal, can prevent individuals from accessing vital online services, and can cause significant financial and reputational damage to businesses," the press release from the NCA reads. "They will also be informed that committing cybercrime can result in severe restrictions on their freedom, access to the internet, digital devices and future career prospects."

The visits are being made to potential purchasers of the "Lizard Stresser," a DDoS service made by the cybercrime collective Lizard Squad, which bombards a target website with traffic in order to crash it.

This group was behind attacks against Sony and Microsoft in 2014, and shortly after it launched a tool, allowing anyone to get similar results for a fairly small fee. The prices of the service ranged between $6 to $500, paid in Bitcoin, according to the Daily Dot. Investigative journalist Brian Krebs found that the Lizard Stresser was drawing off the bandwidth of thousands of hacked home routers.

Although six people were arrested as part of this NCA led operation, the NCA placed a great emphasis on the educational visits to dozens of others, noting that "the activity forms part of the NCA's wider work to address younger people at risk of entering into serious forms of cyber crime."

Those arrested today were three 18 year-olds, one 17 year-old, and a 16 and 15 year-old, who were all male. As for the educational visits, "A third of the individuals identified are under the age of 20," according to the NCA.

"I think it's refreshing to see law enforcement take a more proportionate, educational response to low-level cybercrime."

Tony Adams, head of investigations at the NCA's National Cyber Crime Unit, said in the press release that, "One of our key priorities is to engage with those on the fringes of cyber criminality, to help them understand the consequences of cyber crime and how they can channel their abilities into productive and lucrative legitimate careers."

One former young cybercriminal sees promise in the new approach.

"I think it's refreshing to see law enforcement take a more proportionate, educational response to low-level cybercrime," Mustafa Al-Bassam, a reformed LulzSec hacker told Motherboard in an encrypted chat.

Although Al-Bassam was given a 20-month suspended sentence for hacking offences, he has gone onto expose vulnerabilities allegedly contained in surveillance software, and recently gave a talk at the Chaos Communication Camp conference.

"It makes sense to have a more relaxed, educational response,"Al-Bassam added. "That's more likely to rehabilitate them than a criminal record that will hinder their progress in life."