The Lizard Squad’s “Lizard Stresser” Service Runs On Hacked Routers

Security expert Brian Krebs has analyzed the Lizard Stresser, an attack tool created by the so-called Lizard Squad hacker collective and touted as a test for webmins who needed to see what happens to their services under duress. His discovery? The network of attack computers actually consists of insecure and compromised home routers.

This is the network used to take down the Playstation Network and Xbox Live over the Christmas holiday. With the assistance of a group of security researchers, Krebs found that the Lizard Squad was in control of a large botnet made of hacked routers and other commercial servers.

Writes Krebs:

The malicious code that converts vulnerable systems into stresser bots is a variation on a piece of rather crude malware first documented in November by Russian security firm Dr. Web, but the malware itself appears to date back to early 2014 (Google’s Chrome browser should auto-translate that page; for others, a Google-translated copy of the Dr. Web writeup is here).The botnet is not made entirely of home routers; some of the infected hosts appear to be commercial routers at universities and companies, and there are undoubtedly other devices involved. The preponderance of routers represented in the botnet probably has to do with the way that the botnet spreads and scans for new potential hosts. But there is no reason the malware couldn’t spread to a wide range of devices powered by the Linux operating system, including desktop servers and Internet-connected cameras.

He also makes some excellent recommendations to ensure router security including changing the default password – a no-brainer – and using OpenDNS to prevent malicious web calls to your router.

This means the Squad, which called the Xbox and Sony hacks a marketing stunt, is essentially selling access to hacked machines as a service.

In short, hundreds, even thousands, of compromised routers are being used to attack servers around the world for good or ill, a bit of news that should give us pause. If anything, we should probably all pay it forward and secure our less tech-savvy friends’ routers for them in preparation for further malware attacks in the same vein.