Lizard Squad Member Said Group Provided Log-Ins Used In Sony Attack

David Bloom
Updated

An administrator of Lizard Squad, the anonymous hacking group that claimed credit for the last week’s attacks on Sony’s PlayStation Network and Microsoft’s Xbox Live, says in an interview that the group provided the hackers behind the massive cyber attack on Sony Pictures with log-in information from “a couple” of Sony employees, information used in the initial attacks that exposed a vast trove of sensitive corporate data.

The claims came in a Q&A with a Washington Post reporter in a private chat room with a person self-identified as “a Ryan Cleary,” a reference to another person of that name previously convicted of hacking into the CIA as part of LulzSec, a different hacker group.

Separately, cybersecurity firm Norse announced the results of its own unofficial investigation into the Sony hack. The company, which first spotted the computer break-in last month, identified six people, including a laid-off former tech specialist who’d worked a decade at the company as having “direct involvement in the attack.” Others involved were from Canada, Thailand and Singapore.

The FBI has blamed North Korea’s leaders for ordering the attack after they became angered with The Interview, a Sony comedy that features the assassination of North Korean autocrat Kim Jong-un, but many outside technical observers speculated that the scope and extended duration of the Sony Pictures attack required someone to have insider connections to Sony systems. Norse said it would turn over its findings to the FBI today.

As for the Lizard Squad, “Cleary” said its members know some of the members of Guardians of Peace, the group claiming responsibility for the Sony Pictures attack, but his group had little to do with the attack other than providing the log-ins.

“Cleary” also said the PlayStation Network/Xbox Live attacks were designed to spotlight security weaknesses in the two networks, which are used by millions of gamers to play each other, to buy or stream films and TV shows, and to share content they’ve created. Lizard Squad had warned a month ahead of time that it would attack PSN and Xbox Live, but had no problems taking down the systems when it came time. That ease, “Cleary” wrote, tells “quite a bit” about the companies’ commitment to security.

“It tells you how much money they’ve put into securing their systems,” wrote “Cleary.” “Not having people take down your business-critical systems like this should be one of your top security priorities. Which it clearly isn’t.”

The Lizard Squad used distributed denial-of-service attacks (called DDoS for short) to prevent gamers from signing in. With such attacks, a network of computer servers sends massive amounts of traffic to a site, overwhelming its ability to let legitimate users in. “Cleary” said Lizard Squad was sending 1.2 terabits per second, a massive amount of information, at the PSN/Xbox Live networks during the attacks.

“Cleary” said Sony has since hired a large firm specializing in defending against such DDoS attacks, but that Lizard Squad had been unable to detect any changes at Microsoft.

Brian Krebs
Brian Krebs

Prominent computer-security writer Brian Krebs wrote on his blog, identifying two young European hackers who gave interviews Friday to the BBC as alleged members of Lizard Squad. Krebs identified one as a U.K. “security consultant” named Vinnie Omari, 22. The other was a 16-year-old from Finland identified as Julius Kivimaki, who had been arrested a year ago for running a huge “botnet” of 60,000 hacked servers (the kind used in DDoS attacks).

The group called off its attacks on Sony and Xbox after online activist and Megaupload founder Kim DotCom provided them with $300,000 worth of $99 vouchers for his newest content-hosting service, Mega. According to Krebs, Omari subsequently surfaced on a hacker site looking to sell off some of the vouchers and make a profit from the Sony attack.

Since ending the Sony/Xbox attack, Lizard Squad said in both the interview and on Tweets that it has been probing vulnerabilities in the Tor network of anonymous email servers. The Tor service is used by many, including human-rights activists, to avoid government or other surveillance of their communications.

“Cleary” also said the group went “a bit too far” when it tweeted in August that explosives might be on a plane carrying John Smedley, president of Sony Online Entertainment. The plane was diverted from San Francisco to Phoenix and escorted to the ground by fighter jets. The incident happened after another distributed denial-of-service attack on PlayStation networks that month.

“Ryan Cleary” told the Washington Post reporter, Brian Fung, that most of the group lived in the European Union or Eastern Europe, and that “law enforcement really isn’t that big of a deal for us here.”

UPDATE: Drama Alert, a gamer-oriented YouTube site, aired an 18-minute video yesterday with call-ins from Kim DotCom and reputed members of Lizard Squad, Finest Squad and one offshoot of Anonymous, all hackers groups involved on one side or another in the PSN/Xbox Live dispute. The video is below, but in it, among some highly technical conversations and plenty of recriminations and dissing, the Lizard Squad people say their systems are based in the former Soviet republic of Moldova and that they used a variety of DDoS attacks over more than a day to cripple the networks.

Several of the hackers said that the Sony and Microsoft networks continued to have problems for days after, however, because of the “aftermath,” including having millions of gamers trying to get back on, creating in effect another inadvertent DDoS attack in the cleanup period, along with other complications. One of the Anonymous members told the Lizard Squad representatives that their attack, on a gamer network on Christmas, would hurt the image of hackers for years to come.

Drama Alert host Keemstar asked one of the Anonymous hackers if a DDoS attack can be stopped. Yes, he says, but it requires a sophisticated approach and a lot of money to pay for the computer talent, bandwidth capacity and on-the-fly technology to figure out which incoming requests are fake and which ones are legitimate. A Lizard Squad member agreed, but said the cures aren’t sophisticated, but indeed do require an investment in money and capacity that any major company should do for “business-critical” operations like the gamer networks. Here’s the video for the more tech-minded among you:

Related stories

'The Interview' Scalping Plan Backfires: Man Wants His $650 Back

'The Interview' Reports $15M In Online Sales And Rentals

'The Interview' Arrives On iTunes

Get more from Deadline.com: Follow us on Twitter, Facebook, Newsletter