UK police arrest suspected Lizard Squad member

British and US police may be closing in on cyber-vandal group that said it hit Sony and Microsoft games networks over Christmas, helped the Sony Picture hack and has launched a low-cost DDoS attack tool.

UK police arrest suspected Lizard Squad member
UK police arrest suspected Lizard Squad member

Thames Valley police have arrested a 22-year old man from Twickenham who is reportedly a leading member of the Lizard Squad group of hackers.

The arrest came just days after Lizard Squad admitted carrying out a major DDoS attack on the Sony Playstation and Microsoft Xbox games networks over Christmas, and said it helped in the massive breach of Sony Pictures now being attributed to North Korea.

Last week, Lizard Squad also launched a DDoS attack tool, claiming bizarrely that the games network attacks were a marketing ploy to help sell the tool.

But since the ‘Lizard Stresser' tool went on sale online last Tuesday, for between £4 to £325 (US$ 6 to and US$ 500) – as reported by SC US – its website has gone down.

According to a 31 December tweet on the @LizardMafia Twitter account associated with the group, the reason is “switching servers... will be back online soon”.

But along with this site problem, UK police have reportedly arrested Vinnie Omari who, according to both UK national and specialist media, is a Lizard Squad spokesman and was seized after a raid on his home by the South East Regional Organised Crime Unit (SEROCU).

Thames Valley police, acting on behalf of SEROCU, would only say that they arrested a 22-year-old from Twickenham on 30 December and released him on bail until 10 March.

The police said he was seized “on suspicion of fraud by false representation and Computer Misuse Act offences” relating to an investigation into cyber-fraud offences committed between 2013 and August 2014 in which victims reported money being stolen from their PayPal accounts.

But Omari reportedly told the UK Daily Mail that he is the man involved. The Mail also quoted him as saying he was simply a spokesman for Lizard Squad, and played no part in the DDoS attacks on Sony and Microsoft.

According to the Daily Dot website, Omari said he was the subject of the police raid and provided a photo of the search warrant he received, issued by Reading Magistrates Court.

“They took everything,” Omari allegedly told the Daily Dot in an email. “Xbox one, phones, laptops, computer USBs, etc.”

Omari raised his profile in a 27 December Sky News video interview, where he spoke as a “computer security analyst” about the competition and thirst for fame between rival hacking groups.

Likewise, Lizard Squad raised its own profile last week when it accepted responsibility for the Christmas Day attacks on the Sony and Microsoft games networks, and also claimed a role in the hugely damaging breach of Sony Pictures Entertainment.

According to the Washington Post on 29 December: “A person identifying himself as a Lizard Squad administrator said the group provided a number of Sony employee logins to Guardians of Peace, the organisation that allegedly broke into Sony's network and prompted the film studio to initially withdraw ‘The Interview' from release.”

The FBI has reportedly started investigating the group after its latest set of claims and activities, and last week Lizard Squad's Twitter account also said a member called ‘Ryan' is being held by police in Finland.

Law enforcement action against Lizard Squad has been welcomed within the cyber-security community.

Mark James, a security specialist at ESET, told SCMagazineUK.com via email: “It was only going to be a matter of time before some of the people (allegedly) responsible for the attacks on Sony were rounded up and arrested.

“When you target such high-profile companies it goes without saying they are going to fight back and more and more resources are now available for tracking and locating those people involved in cyber-crime.

“Contrary to people's belief, it's not easy to be anonymous when you have those resources to hand. Getting convictions is a lot harder though and only time will tell if it goes any further.”

Commenting on the DDoS service the group is trying to sell, James told SC: “Lizard Squad has made it quite clear it is for DDoS, not for testing networks as such tools should be used for.

“These types of tools have been around for a long time, from creating viruses to subscription-based malware and they often come to light then slip into the dark recesses of the web.

“Attacking companies from the supposed anonymity of the internet is one thing - selling and maintaining a tool is a completely different matter and will be a lot harder to stay anonymous for very long.”

Commenting on Lizard Squad's Playstation and Xbox network attacks, TK Keanini, CTO at Lancope, said: “I was personally affected by this outage and I was furious - so were many others on online forums. These gaming networks are the social universe for so many communities and for it to have happened during the holidays when families have the time to play was just horrific.

“We need to treat these networks just like any other communication network because that is what they are. If the mobile carrier went down for 2-plus days, I'm sure it would have gotten much more attention.”

Keanini added: “The barrier to entry for this type of attack has been lowered. This means below-average talent will be able to pull off attacks of this scale until defenders can make it more difficult.

“Fundamentally this calls for a change in architecture where no one resource can be exhausted and take down the entire service. When people build online services, they need to model this DDoS in a way that they are resilient to it.”

Commenting on the alleged arrest of Vinnie Omari, a Thames Valley police spokesperson told SCMagazineUK.com via email: “We do not name (people) on arrest and we cannot comment on the specifics of the investigation. The SEROCU Cyber Crime Unit is not investigating the Sony Playstation or Xbox hacking incident. Our investigation is in response to cyber-fraud offences.”

Sign up to our newsletters