Two More Arrested in Connection with the Lizard Squad

The December 2014 attacks on the Xbox Live and Playstation gaming networks were infamous, premeditated, and claimed by a group calling itself the Lizard Squad.

The sinister nature of attacking networks used by children, particularly on Christmas day when many were getting new consoles as gifts, gave rise to the infamy of the Lizard Squad group. Since then, a few arrests have been made, notably in Britain and Finland. Also since then, the group for a time ran a DDoS-for-hire service and at one point defaced Google’s Vietnamese portal.

Now, two hackers are in custody, charged in Chicago’s federal court on two specific counts among the myriad of computer crimes that the group has been credited with: trafficking in stolen payment accounts and conspiring to launch global cyber attacks. Both of the people in custody are aged 19. One is from the Netherlands, by the name of Bradley van Rooy, and the other is from Fallston, Maryland, by the name of Zachary Buchta. The criminal complaint against them specifically mentions attacks on “gaming companies,” which while not being specific enough to say it was related to the Christmas attack, is most likely in reference to it.

Two other people are listed in the criminal complaint, but these individuals are not named and it is not made clear as to why. The reason could be that the individuals are minors, or it could be that they have not yet been identified by the authorities themselves, or it could be that they are co-operating. Their screen names are provided though: Chippyshell and AppleJ4ck.

The 61-page complaint is an interesting piece of computer crime history in and of itself. It details how one accused Lizard Squad member boasted of an account on the group’s Shenron distributed denial-of-service attack site Shenron that had earned him nearly $100,000. The complaint also details the evolution of “PoodleCorp,” an apparent offshoot of Lizard Squad which has not garnered quite as much attention. On page 31, the author of the complaint goes into how as recently as July of this year an operation called Poodle Stressor was put into play, complete with tiered pricing for DDoS services. The “Botnet Package 2” is the most expensive one shown, costing around $700 a month.

The complaint also states that the FBI has veritable informants, one of whom provided them with a database containing information about the users of the service. It says that at least 1,500 users were in the user database. To the extent of its ability, the FBI investigated the payments made to the service, but eventually the service stopped accepting Paypal, instead encouraging people to use Paypal to buy Bitcoin and give them Bitcoin.

In the case of the Maryland teen, the FBI was able to conclusively establish that Buchta was using a European VPN in the neighborhood of hundreds of gigabytes per month. This particular bit of the story might be interesting to privacy advocates. The FBI was able to get logs of Buchta’s internet activity from his provider through a court order, and then link that to VPN usage. They were then able to link the access of various social media accounts used by Buchta with those used by the VPN. This all paints a picture of Buchta being the alleged hacker. For example:

… records indicate that the Buchta Comcast Account was used to access @fbiarelosers when that account was used to discuss the ongoing denial-of-service attack against Victim B […]

More to the point, the feds were able to link Buchta to a high-level account on the Shenron DdoS-for-hire service, and the complaint spends several pages establishing as much. Buchta made his first appearance in a Chicago federal courtroom on October 5th, while van Rooy remains in the Netherlands. Both face up to ten years in prison if convicted.

Featured image from iStock.



P. H. Madore has covered the cryptocurrency beat over the course of hundreds of articles for Hacked's sister site, CryptoCoinsNews, as well as some of her competitors. He is a major contributing developer to the Woodcoin project, and has made technical contributions on a number of other cryptocurrency projects. In spare time, he recently began a more personalized, weekly newsletter at