Have a site you'd like to hit with a distributed denial-of-service (DDoS) attack? Lizard Squad has just the thing: a DDoS attack tool, which is now available starting at $5.99 per month.

The group, which took responsibility for the recent attack on the Xbox and PlayStation networks, is offering several packages for its Lizard Stresser product, payable via bitcoin, of course. They range from $6 per month (for 100 seconds) to $130 (for 30,000 seconds).

Some come with "lifetime" option, which really only covers the five-year expected lifespan of Lizard Stresser, according to the group's website (which we have not linked to); users can pay a one-time fee of $30 to $500.

There's even a referral system: You earn 10 percent of whatever money your friends spend. Also pick from Lizard Stresser's add-ons, for more website-takedown power.

According to VentureBeat, the site will soon accept payments via PayPal.

The Lizard Squad has been busy lately. In addition to the PlayStation and Xbox attacks, it claims to have played a part in the Sony Pictures attack.

In an interview with The Washington Post, an alleged member of the Lizard Squad (identified only as "a Ryan Cleary," but not the same one who was convicted of targeting the websites of the CIA and others) offered more details about the security breaches.

"[O]ne of our biggest goals is to have fun, of course," the hacker said. "But we're also exposing massive security issues with these companies people are trusting their personal information with. The customers of these companies should be rather worried."

Unlike the Sony Pictures hack, DDoS attacks typically just crash websites rather than allow for information leaks. Still, "Ryan Cleary" believes Sony and Microsoft's business-critical systems are not top security priorities.

"We told them almost a month before that we'd do this," he told the Post, referring to an early December tweet that promised a "Christmas present" for Microsoft. "And yet we had no difficulties dropping them."

But the collective may have dug its claws in even deeper: "Ryan Cleary" admitted to the newspaper that "we do know some people from the [Guardians of Peace]," which infiltrated Sony Pictures Entertainment.

When asked if the Lizard Squad was involved in the attack, the hacker brushed it off, saying, "we didn't play a large part in that." According to "Cleary," the group simply passed along some Sony employee logins to the GOP for their initial hack.

The Post also asked about Lizard Squad's latest target: Tor, which allows for anonymous and/or difficult-to-track activity on the Internet.

In a Friday tweet, Lizard Squad (or someone affiliated with it) clarified that "we are no longer attacking PSN or Xbox. We are testing our new Tor 0day."

Despite the message, "Cleary" said there is no actual zero-day attack (which exploits a previously unknown vulnerability). Instead, the hackers are running a huge volume of Tor nodes. As of Monday, he suggested Lizard Squad is in control of 50 percent of the overall Tor network, and more than 70 percent of exit nodes.

The goal, he explained, is simple: "make everyone understand how easy this flaw in Tor is to exploit."

In a Friday statement, however, the Tor Project said "the attackers have signed up many new relays in hopes of becoming a large fraction of the network. But even though they are running thousands of new relays, their relays currently make up less than 1 percent of the Tor network by capacity. We are working now to remove these relays from the network before they become a threat, and we don't expect any anonymity or performance effects based on what we've seen so far."

Specifically, the hackers were targeting "specialized servers in the network called directory authorities, [which] help Tor clients learn the list of relays that make up the Tor network," Tor said. As of Dec. 28, though, everything was "quiet," according to Tor.

One group that is not a fan of Lizard Squad's attacks on Tor? Anonymous.

Hey @LizardMafia don't fuck with the Tor network. People need that service because of corrupt governments. Stand the fuck down. — Anonymous (@YourAnonNews) December 27, 2014

Meanwhile, while he seemed fairly nonchalant about the massive attacks, "Ryan Cleary" did apologize for the August attack on American Airlines flight No. 362, carrying Sony Online Entertainment President John Smedley.

"Only time I think we went a bit too far was the American Airlines incident," he told the Post. "[W]e accidentally got some F-16s to escort John Smedley's plane. [T]hat was going a bit overboard."

Further Reading

Security Reviews