Article Lead Image

Berit Watkin/Flickr (CC BY 2.0)

An interview with Lizard Squad, the hackers who took down Xbox Live

We interviewed two hackers claiming to rep the group that took down Xbox Live and PSN on Christmas.

 

William Turton

Tech

Posted on Dec 26, 2014   Updated on May 29, 2021, 9:41 pm CDT

Vinnie Omari was still a bit drunk when he initiated what could be the biggest distributed denial-of-service attack in history. He woke up around 1pm on Christmas Day, he told me, reeling from a long night getting “shitfaced” to celebrate his 22nd birthday. He quickly ate Christmas dinner and sat down at his computer. It was going to be a long day: Omari and his friends were about to ruin the holiday for console gamers the world over by taking down Xbox Live and Playstation Network services. 

The attacks worked. It was a complete worldwide outage. No one was able to connect to the online services on an Xbox One or Playstation 4. Omari’s group, working under the name Lizard Squad, quickly gained international media attention, as well as plenty of angry messages from kids who couldn’t play with their new Christmas gifts.

The attacks eventually paused after Omari and his friends received MegaPrivacy vouchers from multimillionaire investor and Mega founder Kim Dotcom—vouchers that could quickly be sold on an underground black market. The hackers claim the vouchers are worth $300,000.

Soon after they received the vouchers and Kim Dotcom claimed to have stopped the hack, Lizard Squad started the attack again. They tweeted about it incessantly.

Omari told the Daily Dot his group has already sold 300 of the 3,000 vouchers they received from Kim Dotcom at $50 a pop. While we were unable to independently verify claims of the voucher sales, those numbers would mean that the group raked in $15,000 in the hours after the attack ended. 

(Sorry, this embed was not found.)

The group has been teasing plans to target PSN and Xbox Live for months.

According to Lizard Squad, their attacks against Microsoft and Sony maxed out at 1.2 terabits per second. If true—we were unable to verify—that’s about three times larger than the previous record, an attack aimed at Cloudflare’s content delivery network in February, which exceeded 400 gigabits per second, according to Ars Technica. Microsoft and Sony have yet to release any details about the size of the hack.

Omari isn’t his real name, it’s an alias. The other hacker we spoke with goes by “Ryan Cleary,” mocking the LulzSec hacker who was convicted of possessing child pornography last year. As members of a new and notorious hacker group, it’s important to keep their true identities unknown. To verify their relationship to Lizard Squad, I asked them to make specific changes to their website, post in an IRC chat, and send tweets from Lizard Squad Twitter accounts. 

Lizard Squad quickly rose to fame after claiming responsibility for attacks on Blizzard and Playstation Network earlier this year, as well as grounding Sony Online Entertainment President John Smedley’s flight after issuing a bomb threat. Lizard Squad also took responsibility for taking down North Korea’s Internet earlier this week, and targeting the Vatican a few months ago. The group has been teasing plans to target PSN and Xbox Live for months.

The hackers said they wanted to exploit the “incompetence” of Microsoft and Sony.

There was one question on the mind of every gamer this Christmas: Why? Why would anyone ruin Christmas by taking down these gaming networks? The simplest explanation, Lizard Squad told me, was that they did it for the lulz. The hackers also said they wanted to exploit the “incompetence” of Microsoft and Sony, and to prove that anyone who promised to stop them was a liar.

“Microsoft and Sony are fucking retarded, literally monkeys behind computers,” Omari said. “They would have better luck if they actually hired someone who knew what they were doing. Like, if they went around prisons and hired people who were convicted for stuff like this, they would have a better chance at preventing attacks.”

“If I was working [at Microsoft or Sony] and had a big enough budget, I could totally stop these attacks,” Cleary claimed. “I’d buy more bandwidth, some specific equipment, and configure it correctly. It’s just about programming skill. With an attack of this scale, it could go up to the millions. But that’s really no problem for Sony and Microsoft.” 

What made Lizard Squad so successful? Without specifying how exactly, Cleary claimed that the group has direct access to the infrastructure of these networks, putting little between the hacks and their targets. “We’ve just got a bunch of people with really particular skill sets, and we’ve been working to get access to some of the core routing equipment of the Internet,” Cleary explained, excitement in his voice. “We’ve got some devices that are connected to the undersea cables that facilitate the Internet connects between the United States and Europe. We have access to some of the devices that are in the middle of the ocean that have something like 100-gigabit-per-second Internet connections. Not even the Russian government is doing attacks our size—they were only managing 100 gigabits per second against some Estonian websites.”

Cleary and Omari both jokingly said they suffer from an “undoxability syndrome.”

While Lizard Squad was taking down Microsoft and Sony, a war was brewing. A rival group known as the Finest Squad seemed hellbent on stopping the Christmas Day attack, but they failed. Omari said the opposition only made them more determined to take down PSN and Xbox Live. “We wanted to show that Finest couldn’t do anything. Without access to Microsoft and Sony’s servers, there’s no way they could have prevented it,” says Omari. “They are just a group of wannabe hackers.” Finest Squad then set up a website that claimed to reveal the personal information of members within Lizard Squad. “The website is so far off it’s hilarious. Either the information is extremely outdated or straight-up wrong,” said Omari. 

Cleary and Omari both jokingly said they suffer from an “undoxability syndrome.” They called their DDoS methods sophisticated. 

“There’s plenty of people saying we’re not hackers and DDoS isn’t hacking. For attacks of this scale, you can’t really do them without either having access to insane amounts of funding or being able to gain access to the computers via hacking,” Cleary said. “You can’t just do DDoS attacks from your home computer. It doesn’t work.” 

Throughout our interview, he played Snapchats of people angrily asking him why he would take down Xbox Live or Playstation Network. Some begged him to stop the attacks. 

(Sorry, this embed was not found.)

The attacks continue. Today the group is claiming responsibility for an attack on Tor, the anonymous Internet service. Next up, Omari claims that Lizard Squad will invade the mainstream media, making interview appearances on BBC Radio 1 and CNN tonight. 

Photo via Berit Watkin/Flickr (CC BY 2.0)

Share this article
*First Published: Dec 26, 2014, 5:28 pm CST