28 August 2015
Six people have been arrested in the UK as part of an operation targeting users of hacking group Lizard Squad’s Lizard Stresser tool, software that allowed users to pay to take websites offline for up to eight hours at a time.
The tool worked by using Distributed Denial of Service (DDoS) attacks, which flood web servers or websites with massive amounts of data, leaving them inaccessible to users.
Operation Vivarium was coordinated by the National Crime Agency (NCA), and involved officers from various police forces and Regional Organised Crime Units (ROCUs).
Those arrested are suspected of maliciously deploying Lizard Stresser, having bought the tool using alternative payment services such as Bitcoin in a bid to remain anonymous. Organisations believed to have been targeted by the suspects include a leading national newspaper, a school, gaming companies and a number of online retailers.
The warrants executed this week included:
Two other suspected users of Lizard Stresser were arrested earlier this year:
Officers are also visiting approximately 50 addresses linked to individuals registered on the Lizard Stresser website, but who are not currently believed to have carried out attacks.
A third of the individuals identified are under the age of 20, and the activity forms part of the NCA’s wider work to address younger people at risk of entering into serious forms of cyber crime.
Those receiving visits will be told that DDoS attacks are illegal, can prevent individuals from accessing vital online services, and can cause significant financial and reputational damage to businesses. They will also be informed that committing cyber crime can result in severe restrictions on their freedom, access to the internet, digital devices and future career prospects.
Tony Adams, Head of Investigations at the NCA’s National Cyber Crime Unit:
“By paying a comparatively small fee, tools like Lizard Stresser can cripple businesses financially and deprive people of access to important information and public services.
“This multi-agency operation illustrates the commitment of the NCA and its partners to pursuing people who think they can criminally disrupt important public services or legitimate businesses.”
“One of our key priorities is to engage with those on the fringes of cyber criminality, to help them understand the consequences of cyber crime and how they can channel their abilities into productive and lucrative legitimate careers.”
With approximately 30% of UK businesses reporting that they’ve suffered a DDoS attack in the last year, the NCA and its partners continue to remind businesses to take steps to protect themselves.
The government’s Cyber Essentials Scheme provides guidance on how to guard against and mitigate threats from cyber crime. Further advice on staying safe online can be found on Cyberstreetwise.com and Getsafeonline.org.