Recipients of new game consoles this holiday season were robbed of their holiday gaming when a group of internet miscreants known as Lizard Squad launched a massive distributed denial of service (DDoS) attack against Xbox Live and the PlayStation Network. Now we know the real reason for the attack — it wasn’t some nonsense about raising security awareness or encouraging people to spend time with their families, as some members of the group have claimed. No, this was about promoting a service. Lizard Squad appears to have launched its own DDoS tool that lets you take down any web service for as little as $6 per month.

A DDoS is the bluntest of instruments when it comes to attacking a website. All it takes is enough bandwidth to flood a target IP address with requests until it’s overloaded and affects normal operations. In the case of Xbox Live and PSN, that kept owners from setting up their new consoles, downloading games, or playing online. The tool presented by Lizard Squad is called LizardStresser, and claims to have 2Tbps of average bandwidth ready to go right now with a maximum of 30Tbps if demand requires it.

So how does taking down gaming services promote a DDoS tool? It’s right there in the introduction, which reads, “This booter is famous for taking down some of the world’s largest gaming networks such as Xbox Live [and] Playstation Network.” They were definitely showing off in order to gain notoriety for this service.

LizardStresser has eight packages that offer to attack targets for a certain number of seconds. For example, $6 per month gets you 100 seconds of DDoS. That might knock a small website with limited redundancy offline, but the big fish like PSN won’t take much of a hit. The packages go as high as 30,000 seconds, which is over eight hours for $130 per month. That’s a major outage for most web services. You can even pay $500 for “lifetime” (defined as five years) access to the top tier service.

Payments are currently only available in Bitcoin, but Lizard Squad claims PayPal support is coming. That seems highly dubious, though. PayPal regularly refuses to process payments for shady enterprises. Looking at the Bitcoin address in the blockchain also reveals no balance or transactions at this time. It’s possible Lizard Squad is using multiple Bitcoin wallets, though.

Being this high-profile might be a disadvantage for Lizard Squad. Law enforcement will surely take an interest in this service, which promotes itself as a stress testing tool for your own servers offering “the oppurtunity [sic] to make your firewalls better, not to misuse against the law.” See? Totally nothing illegal going on here at all, officer.

Lizard Squad isn’t the only group offering DDoS services, but the claimed capacity of LizardStresser is impressive. If the team manages to keep the service online and it can live up to its claims, it could cause a lot of headaches for web admins.

Now read: North Korea kicked off the internet by giant DDoS: Was it the USA, or someone else?