PINDROP BLOG

U.S. Charges Two in Lizard Squad DDoS, Phone Bombing Attacks

The Department of Justice has charged two teenagers in connection with a scheme that involved hacking-for-hire activities as well as a service that would make repeated harassing phone calls to victims for a price.

The charges are related to an investigation into the Lizard Squad hacking group, which has been tied to a number of DDoS attacks. The two men charged on Wednesday in Chicago are Zachary Buchta of Maryland and Bradley Jan Willem Van Rooy or Leiden, Netherlands, both of whom are 19 years old. The pair are alleged to be involved with the operation of a site called phonebomber.net, through which customers could pay $20 to have victims harassed with repeated phone calls.

“Lizard Squad initially drew the attention of U.S. authorities during an investigation into phonebomber.net, a website that enabled paying customers to select victims to receive repeated harassing phone calls from spoofed numbers, according to the complaint.  One of the victims, who resided in Illinois, last fall received a phone call every hour for thirty days,” the Department of Justice said in a statement.

That service was just the beginning, though. The complaint against Buchta and van Rooy alleges that the pair also helped run sites that enabled users to launch DDoS attacks against any target they chose. The sites were used to run thousands of DDoS attacks, and customers also could buy stolen payment card data through the sites, according to the Justice Department’s complaint.

“Zachary Buchta, Bradley Jan Willem van Rooy, Individual A, Individual B, and others have conspired to launch destructive cyber attacks against companies and individuals around the world. They have done so first by promoting and operating the websites ‘shenron.lizardsquad.org’ (Subject Domain 1) and ‘stresser.ru’, through which they provided a cyber-attack-for-hire service and trafficked stolen payment card account information for thousands of victims,” the complaint says.

“Soon after the launch of phonebomber.net, members of Lizard Squad began denial-of-service attacks against various victims and boasted about their attacks on Twitter. In particular, during November and December 2015, the Twitter accounts @LizardLands, @fbiarelosers (i.e., Buchta), and @chippyshell (i.e., Individual A) were used to coordinate and announce a denial-of-service attack committed against Victim A, an international digital media company.”

Authorities arrested Buchta in Maryland in September, and van Rooy was arrested in the Netherlands around the same time and is still in custody there.

Webinar: Call Center Fraud Vectors & Fraudsters Analyzed