14 DAY TRIAL // Lizard Stresser, the distributed denial of service (DDoS) utility made available by a group called Lizard Squad, is taking its power from thousands of poorly secured home routers.
Lizard Squad started to capture headlines in August 2014, when they disrupted the service of PlayStation gaming network and issued a bomb scare to American Airlines, saying that the flight carrying the president of Sony Online Entertainment, John Smedley, from Dallas to San Diego, had explosives on board.
On Christmas day, they initiated another major DDoS attack, knocking offline the gaming networks of both Sony and Microsoft. It appears that the deeds were just a marketing ploy to launch their Lizard Stresser booter, which can be rented by anyone for denial of service activity.
Made public at the end of December 2014, the tool has become the preferred method of various individuals for taking down online resources.
In a recent attack, anonymous image board 8chan (infinite chan) became a victim. In the early days of 2015, the website of security blogger Brian Krebs was also taken down with the help of Lizard Stresser.
Thousands of routers are compromised at the moment
The blogger started to investigate the attack and learned how the DDoS worked. He has discovered that it relies on compromised routers whose access is protected with the default credentials provided by the manufacturer.
The malware that turns the devices into a bot army controlled through Lizard Stresser also includes functions for scanning the web for other weakly protected routers, in order to spread to them.
Krebs says that the network of infected devices includes home routers, as well as commercial ones installed at educational institutions and companies. He alleges that other types of devices are likely to be involved, since the malware can infect a large number of gadgets running Linux operating system.
In an on-camera interview, a member of Lizard Squad calling himself Ryan said that the group had access to about 100,000 Linux devices that could be used for carrying out DDoS attacks.
On January 9, 2015, Lizard Squad tweeted that their private DDoS service was commanding more than 250,000 routers.
Stronger router access protection required
Although law enforcement is working on identifying the infected systems and taking them offline, users should revise the security settings of their routers and change the default access credentials with a custom username and a strong password.
The encryption scheme used for the connection between the client and the server should be at least WPA, if WPA 2 is not supported. WEP has been unreliable for a long time and it is no longer recommended.
Another step towards increasing router security is to ensure that the latest firmware version available is installed. Once the device is installed, most users no longer check for new software releases, leaving the devices open to attacks leveraging old vulnerabilities.
It is also recommended to disable the Wi-Fi Protected Setup (WPS) feature, which helps connect a client based on a PIN code. On some routers, an individual could gain unauthorized access to the network by running a brute-force attack.
Lizard Stresser and our private ddos service is powered by 250-500k infected routers
— Lizard Squad (@LizardMafia) January 10, 2015