Hacked Wi-Fi Routers Causing Latest Lizard Squad Attacks

Notorious hacking group Lizard Squad has apparently been using unsecured home internet routers to power its LizardStresser service, new research has discovered.

LizardStresser, which offers paying customers the chance to take down websites using DDoS (Distributed Denial of Service) attacks, was reportedly run by the group as part of a widespread ‘marketing campaign’ for Lizard Squad.

Hackers were easily able to gain access to thousands of routers in homes, universities and businesses due to users not changing their factory passwords, instead relying on combinations such as ‘admin/admin,’ or ‘root/12345’.

The hack affected routers across the globe, with internet users now being urged to change the default credentials on their home router – including the user name and password – as well as encrypting the connection if they are using a wireless router.

Taken down

The information was uncovered by noted security blogger Brian Krebs on his KrebsOnSecurity site, which worked with a group of researchers associated with law enforcement officials and ISPs to help take infected systems offline, and thus disrupt the LizardStresser botnet.

Lizard Squad, which was behind the attacks on Sony’s PlayStation Network and Microsoft’s Xbox Live servers over the Christmas period, charged customers anywhere between $6 and $500 to use the service depending on the scale of the target (see picture above).

KrebsOnSecurity was one of the first sites taken down in 2015 by a series “large and sustained” DDoS attacks, one of 17,439 attacks or boots run by LizardStresser to date.

According to Krebs, the malware used by Lizard Squad to build its network of “stresser bots” has been online since early 2014, and can affect commercial routers at universities and companies as well as homes.

“In addition to turning the infected host into attack zombies, the malicious code uses the infected system to scan the Internet for additional devices that also allow access via factory default credentials, such as ‘admin/admin,’ or ‘root/12345’,” wrote Krebs.

“In this way, each infected host is constantly trying to spread the infection to new home routers and other devices accepting incoming connections (via telnet) with default credentials.”

Poor Wi-Fi routers

The news follows a similar warning from antivirus provider Avast last December, which warned that the security of home routers is often shockingly behind modern standards.

Speaking to TechWeekEurope, company COO Ondrej Vlcek said that Wi-Fi routers were facing a range of attacks as hackers look to go after smaller targets, with recent research carried out by Avast finding that nearly three out of four internet-connected households in the UK was at risk of getting attacked through their wireless router.

Commenting on the latest attack, Vlcek said Lizard Squad’s use of hundreds of thousands of home routers to power their service proves how vulnerable home routers currently are and to what extent they can be abused.

“The target is not the routers themselves, they are simply used as a means to reach the ultimate target. We have identified critical vulnerabilities in many of the world’s most used routers and it’s frightening to think that hackers have access to an army of routers spread all over the world that they can take control of via botnets to launch massive DDOS attacks against major sites. This is just the beginning of router hacking and it is therefore vital that people properly protect themselves.”

What do you know about Internet security? Find out with our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

6 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

7 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

8 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

10 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

13 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

13 hours ago