
Hackers Who Shut Down PSN and Xbox Live Now Attacking Tor - conover
http://gizmodo.com/hackers-who-shut-down-psn-and-xbox-live-now-attacking-t-1675331908
======
rcamera
Tor Devs haven't made any announcement yet, there is, however, a discussion
about it on the mailing list:

[https://lists.torproject.org/pipermail/tor-
talk/2014-Decembe...](https://lists.torproject.org/pipermail/tor-
talk/2014-December/036165.html)

If you use Tor, I would follow the suggestion by another member of the mailing
list [1], simply add to your torrc file:

    
    
      ExcludeNodes US
      StrictNodes 1
    

That will disallow using any US nodes, which works since all of LizardNSA's
nodes are currently in the US.

[1] [https://lists.torproject.org/pipermail/tor-
talk/2014-Decembe...](https://lists.torproject.org/pipermail/tor-
talk/2014-December/036192.html)

~~~
joliv
Supposed response from "lizards@riseup.net":

> Why? I assure you, our exits are just fine. What's with people responding so
> negatively to us donating 360Gbit/s of exit BW?

EDIT: From @lizardmafia:

> To clarify, we are no longer attacking PSN or Xbox. We are testing our new
> Tor 0day.

> Only hackers, miscreants and pedophiles use Tor.

~~~
linuxydave
"Only hackers, miscreants and pedophiles use Tor."

Oh please. They're trying to take the moral high ground to justify their
behaviour.

~~~
garrettgrimsley
What is trolling?

~~~
RayJoha
An excuse for being an asshole.... but real trolling is done with finesse,
intelligence, humour and a pinch of salted evil.

------
alexggordon
I'm always a little bit fascinated by these sorts of attacks.

On one hand, I guess I understand (yet don't condone) the motivation for the
'vigilante' justice they're trying to do. On the other, I really don't
understand what benefit you can get from attacking Xbox, then Sony, and
finally Tor.

When I think of the people doing this, I tend to think of them as
understanding the importance of Tor and the benefit of anonymity it brings.
However, here are people doing a DDOS attack (obviously illegal) trying to
bring down the biggest illegal goods marketplace on the internet.

Maybe I'm alone in this, but outside of attention, I really don't understand
any logical reason for this happening, and that really makes me dismiss any
message they may have. I can comprehend being motivated by anger or some
event, or just being a douchey company, but I just really don't understand
what anyone besides the US Government would gain by attacking Tor.

~~~
mrmondo
I personally think they're trying to get attention for themselves to build
reputation and perhaps land some sort of job / payout.

~~~
yeukhon
Well based on what they did, they obviously can't advertise their work. They
also won't have any interest in working for SV companies. The only kind of job
they are after is in the black market (organized crime and intelligence).

~~~
shitlord
You can't even get into intelligence anymore after doing this, lol. They'd
never pass the background checks.

~~~
yeukhon
They hire contractors. Most intelligence works are "outsourced."
[http://www.washingtonpost.com/business/nsa-leaks-put-
focus-o...](http://www.washingtonpost.com/business/nsa-leaks-put-focus-on-
intelligence-apparatuss-reliance-on-outside-
contractors/2013/06/10/e940c4ba-d20e-11e2-9f1a-1a7cdee20287_story.html)

A plausible example is hiring a team to DDoS another State-sponsored
infrastructure from outside of U.S. soil. Or hire some elite crackers to write
custom software for them.

~~~
shitlord
You still get investigated even if you are a contractor. I know many of them
firsthand, and they tell me that contractors are put under additional
scrutiny, actually. You need a high-level clearance for this sort of work done
on behalf of the government, regardless of your employer.

~~~
yeukhon
Glad to know, but I still feel some of contract works require high-level
clearance or background check.

If they just need a crack tool, they just need an agent to pay someone to
write the tool and that doesn't give away information. Maybe I am spoiled by
TV shows how they contact elite hackers in the black market.

~~~
shitlord
Yeah, there's a lot more bureaucracy involved. I know people who used to work
at these sorts of places. It's a wonder that anything gets accomplished, at
all.

------
jamescun
For Tor network status and node list:
[https://torstatus.blutmagie.de/](https://torstatus.blutmagie.de/)

All names appear to begin with LizardNSA.

It must be said, however, that all exit and non-exit nodes go through
acceptance process over 88 days

[https://blog.torproject.org/blog/lifecycle-of-a-new-
relay](https://blog.torproject.org/blog/lifecycle-of-a-new-relay)

~~~
timdorr
They claim a "0day", which may just be them coopting the term from real
hackers, but may also be a legitimate attack that gets around the approval
period.

But it appears this is all running from Google's Compute Engine. They can
easily shut it down, although they're probably using stolen credit cards, so
there's no real traceability there.

~~~
spacefight
So the question is, why is Google not shutting them down now.

~~~
Forbo
Have they taken any action that would be cause for a shutdown? Does Google not
allow you to run Tor relays on their service? Genuine questions, I'm not
familiar enough with the service.

~~~
criley2
Stolen credit cards is probably high on the list.

You'd think Google wouldn't want to give away free computer resources to these
'hackers' since the banks will almost assuredly take back any mis-gotten money
from stolen credit cards.

~~~
chii
does it really work like that? i thought the banks had to cop the losses due
to fraud.

------
dirkk0
I don't get it.

They attack the PSN and XBox networks. Kim Schmitz gives them 3000 vouchers
for Mega to save christmas (what?) and/or the world. Then they claim, he's the
reason they stopped the attacks.

And then they target their next victim. My point is: one might not like Kim
but he is way too smart to expect such a barter to be successful.

So, given his own background, what makes him this? A stupid hero? Or is there
a much smarter option?

~~~
chc
It was a chance to inject Mega's name into a big story. Before, the story was
"Hackers steal Christmas." Now, the story is "Mega saves Christmas."

Also, he probably wanted to play some video games and it's not like Mega
vouchers cost him all that much, particularly considering this is basically an
advertising expense.

~~~
higherpurpose
New headline: _Mega Helps Destroy Tor Network_

Seriously, he just ended up passing the hot potato to someone else. That
someone else is now Tor. I think I would've preferred to let Microsoft deal
with the DDoS (they have the means).

Giving in to criminals's demands really ends up making things _worse_ in the
long term, whether it's bank robbers, CryptoLocker creators or the owners of
botnets that can DDOS sites.

~~~
itsame
You say that as if these guys wouldn't have touched Tor if Kim Dotcom didn't
intervene. This is just what they do, whether or not they were given the
vouchers. If not today, eventually they would probably have set their sights
on Tor anyhow.

------
yeukhon
The thing I fear the most is cyber retaliation. So many of us have accounts on
the Internet that matter to us day to day. If they are reading this (I am damn
sure they are), and if they don't like you, they will try to take over your
accounts and make fun of you. Fear is the most destructive and most effective
weapon and such weapon is most terrible when targeting at individuals.

But I still have to drop a line: please arrest these "hackers" / "crackers" /
cyber criminals.

~~~
balls187
Luckily, you're not important enough for people to target.

Luckily, neither am I.

~~~
yeukhon
Well, you never know. They certainly can target you because you are working
for X company and X company sounds awesome enough to exploit and place on the
front page.

------
deanclatworthy
So from what I've read so far they are trying to deanonymize TOR users by
having a large number of relays in the network. This isn't an unknown attack
vector. But surely the NSA could easily do the same. What's to say that half
the relays aren't already NSA owned?

~~~
rohit89
Does this mean that if agencies from different countries get into an arms-race
trying to take control of the network in such a way, it would actually make
tor stronger?

~~~
bhouston
But remember that the us, UK, canada, and australia and some other are major
cooperators and likely won't compete.

------
higherpurpose
Kim Dotcom gave them 3000 Mega accounts yesterday, and now they seem to have
created 3000 relays. Is the number just a coincidence, or are they doing it
through those accounts somehow?

[http://torrentfreak.com/kim-dotcom-stops-xbox-and-
playstatio...](http://torrentfreak.com/kim-dotcom-stops-xbox-and-playstation-
attacks-141226/)

~~~
timdorr
Those are simply file hosting accounts, so there's ability to run something
like a Tor node from them.

More likely is they're using the same botnet that was attacking PSN/XBL to run
Tor relays.

~~~
AlyssaRowan
No, they're all on Google Compute Engine. (Which means one person could very
easily stop this cold…)

------
comex
It's unfortunate that they're attacking Tor, but at least this type of attacks
is being demonstrated now by someone presumably only out for lulz, rather than
potentially by more malicious entities in the future.

~~~
r00fus
How do you honestly know that? Everything can be pseudonymous or anonymous and
behind several layers of indirections. Real names could be used so dox-ing can
reveal "something" but in effect could simply be a steganographic ruse.

Given the resources of large intelligence operations funded worldwide, would
can you be sure one or more aren't really behind Lizard (or LulzSec or
Anonymous even)?

------
ChristianBundy
UDPATE: Lizard Squad is currently being interviewed on BBC Live 5 right now:
[http://www.bbc.co.uk/radio/player/bbc_radio_five_live](http://www.bbc.co.uk/radio/player/bbc_radio_five_live)

~~~
deanclatworthy
I didn't catch the interview, did they mask the voices? Presumably the filter
they would use could be undone fairly easily, in the same way that the "swirl"
filter paedophiles were using got them caught [1].

The way in which these people are acting right now is just asking for a
mistake. I would guess they have made some huge opsec mistakes already.
There's a supposed dox on them already (find it yourself on Twitter).

[1] [http://thelede.blogs.nytimes.com/2007/10/08/interpol-
untwirl...](http://thelede.blogs.nytimes.com/2007/10/08/interpol-untwirls-a-
suspected-pedophile/)

------
jayrox
first off, quit calling them hackers. they aren't hackers. they are script
kiddies.

~~~
wyager
What makes you say this? Do we know exactly what they've done?

~~~
onewaystreet
Lizard Squad has access to a large botnet which they used to DDoS Sony and
Microsoft and now to create a large number of TOR relays. It's not hacking.
It's not even being a script kiddie.

~~~
ck2
It's organized crime.

------
abritishguy
They appear to be using Google Compute instances (based upon the IP addresses)
to create TOR relays but since they are not exit nodes I'm not really sure
what they are hoping to achieve.

~~~
abqio
They're set up to be exit nodes, they just don't have the exit flag yet.

~~~
mperret
Quite a few seem to have the exit flag now. Only glanced through the first 500
or so, but it looked to be about 50 which had the exit flag

~~~
ChristianBundy
How is that possible? I was under the impression that it took a long time to
be a real exit node.

~~~
AlyssaRowan
No _stable_ flags. No guard flags, either.

Google will probably shut them down quicker than the consensus gives them
those. They are _tiny_ ; it's an attempted Sybil, but it's worse than GCHQ's
one that used Amazon nodes.

Edit: Down.

------
jwcrux
I'd be curious if this would be considered against the google compute engine
ToS.

If so, it'd be simple for Google to wipe them. Otherwise, I have no doubt the
tor directory authorities will be keeping an eye on these for malicious
activity and will mark them as Bad Relays if any is detected.

------
linksbro
Seems like it's coming to an end?
[https://twitter.com/CthulhuSec/status/548612570102640640](https://twitter.com/CthulhuSec/status/548612570102640640)

~~~
linksbro
Their exits seem to be gone, too:
[https://globe.torproject.org/#/search/query=LizardNSA&filter...](https://globe.torproject.org/#/search/query=LizardNSA&filters%5Bflag%5D=Exit)

------
mattdeboard
This group has been DDOSing game networks for quite awhile now, a year at
least? Are they just super skilled at covering their tracks, are they not
being investigated, is federal law enforcement not good at tracking this down
yet, or what? I don't understand how a major crime spree is being conducted in
public and gleefully boasted about for this long.

~~~
AlyssaRowan
Would it be unreasonable to draw parallels to Lulzsec?

~~~
mattdeboard
I forgot who these guys were, but yeah I reckon.

IIRC LizardSquad did allegedly "disband" awhile back, I think when some heat
got applied to them, but I don't know. They were repeatedly DDOSing the
servers of a game I play so I started following their exploits. I do hope law
enforcement catches up with these guys sooner rather than later.

~~~
mschuster91
> I do hope law enforcement catches up with these guys sooner rather than
> later.

Me not. Sony and MS need to be taught that online DRM is a massive customer
experience clusterfuck, and they will only listen and learn one way: hit 'em
in their pockets. Only when enough customers are angry and demand refunds that
it hurts their bottom lines, then maybe online DRM measures will be finally
allowed to rot in hell.

~~~
afro88
Maybe I missed it - where do they say they're DDOSing because of online DRM?

And if they are, how does online DRM justify illegal activity? I'm not going
to flood someone's shop so they can't open for business because I don't like
their product.

If you don't like it, don't buy it, and educate consumers on why they
shouldn't buy it either. Boycotts are the most direct way to harm a company's
bottom line.

~~~
mschuster91
If boycotting and consumer education worked, we would not have this
discussion. Console and title sales are through the roof, despite tech-savvy
people and press all over the world calling bullshit on DRM.

It's time for more drastic measures.

~~~
afro88
[http://www.ethicalconsumer.org/boycotts/successfulboycotts.a...](http://www.ethicalconsumer.org/boycotts/successfulboycotts.aspx)

There's some successful boycotts, when there's a hell of a lot more on the
line than just the inability to play COD. They're not doing anything illegal,
and they don't need to.

> Console and title sales are through the roof, despite tech-savvy people and
> press all over the world calling bullshit on DRM. It's time for more drastic
> measures.

It's never time for more drastic (illegal) measures if someone provides a
product you don't like. They're providing a shitty "feature" that frustrates
you when your shitty internet connection is down. If it frustrates you so
much, don't use it, get your friends not to use it, blog about it, post about
it, spread the word. Look what happened to Sim City last year.

------
tw04
PLEASE stop calling them hackers. They're DDoS kiddies who have now switched
to spinning up TOR on their botnet. THESE ARE NOT HACKERS.

~~~
droopyEyelids
At this point Hack is just a marketing/media term and Lisp nerds from MIT no
longer have any say in the matter. Let it go.

~~~
tw04
That kind of attitude is why we have people denying global warming. Terms have
meaning, allowing idiots to try to muddy the waters hurts all of mankind. It
has nothing to do with "Lisp nerds from MIT".

~~~
smtddr
The whole argument of what "hacker" means in tech circles versus what it means
to the mainstream is beyond a dead horse. That's like trying to make the word
"gay" mean "happy" again.

~~~
ddingus
It still does mean happy!

Nothing has changed there. We've just added homosexual to the list of things
associated with the word "gay."

When "gay" is used in the "happy" sense, context is what differentiates it
from the more recent homosexual sense.

"hacker" is no different.

Really then, it's about more effective writing, insuring the context of
"hacker" is clear from the surrounding context.

What we lost in both instances was easy, utilitarian use of the word as more
words are now required to convey information accurately.

~~~
Aldo_MX
To be honest, I never knew that "gay" meant "happy" until I watched The Three
Caballeros in English

~~~
ddingus
You and a whole lot of other people, until they see something presenting it.

I had to explain the shift to my kids once. It was sort of interesting after
that time. We notice it, and they will often comment on something picking up a
new meaning now.

That suggests to me a lot of people remain unaware of "overloading" words in
that way.

------
s_q_b
They're trying a correlation attack on the network. Create enough entries and
exits, then matching traffic by time, size, and shape.

~~~
gburt
Do you know this? It seems obvious to me, but calling it a "0day" suggests
that maybe the attack is (at least marginally) more sophisticated than the
obvious correlation attack. Not to mention, as far as I can see, we have no
idea.

~~~
s_q_b
To date, no one to date has presented a reliable, scalable, consistent passive
correlation algorithm.

------
tanglesome
What a great bunch of guys! And, oh by the by, PSN is still down and Xbox Live
is still having trouble.

------
LISPmasta
Yeah I'm sure some rando bitch named Kate from gizmodo knows about DDoS. Any
fucking moron can read twitter, thanks for "writing" an article about
__nothing__. Seriously this site has zero standards compared to how it used to
be.

------
lizards
I like lizards in general, but I am not too pleased about lizards that are
hacking. It is, quite frankly, a disgrace.

Please be aware that the lizard community as a whole is appalled by these
circumstances.

I hope that this whole bag of shenanigans does not prejudice your fine selves
against lizards - whether they be lizards of the past, present, or future.

Thank you for your time.

~~~
angersock
Do they run SUSE? This is important.

------
chatmasta
how many bottles of mountain dew?

------
hwach
Wold at arms

------
alexivanovs
This is fun to watch, even funnier when you realize that any talk around this
is just that - talk. But, I'm intrigued for the future, this type of hacking
is starting to make its comeback, and that's a _cute_ thing.

------
yedpodtrzitko
This isn't Fox News, can we call the things correctly, thus "crackers" in this
case, pls?

~~~
sanswork
The crackers instead of hackers war was lost 15 years ago.

~~~
cbd1984
Yeah, like how 'gay' can mean 'stupid' in some contexts and moaning about it
is pointless.

~~~
sanswork
Yeah, like how 'gay' can mean 'homosexual' in some contexts instead of
'happy'.

------
a-ghost-fart
A bunch of children who don't know how to use Tor (take a look at the dox from
TheFinest) decide to try and compromise Tor.

Colour me surprised.

Given that a bunch affiliated with the group's names, addresses, numbers and
the like have been compromised, this doesn't seem like a very smart plan.

~~~
ChristianBundy
Link to dox: [http://thefinest.com/](http://thefinest.com/)

Is it just me, or are there huge parallels between gang culture and hacker
culture?

------
sjreese
Sony - had this coming - fake security experts said the NK could do nothing -
Now look - Ha! they stole the Admin password Ha! it was "lena" but we will
kill their "NK" internet and stop them cold from further take-downs. Ha Ha he
he ho ho ho..

