The National Crime Agency (NCA), which is like a British version of the FBI, arrested six UK teenagers for allegedly using a DDoS-for-hire service to attack corporate websites. During Operation Vivarium, warrants were executed for six male teenagers – ages 15, 16, 17 and three 18-year-olds – accused of using the hacking group Lizard Squad's Lizard Stresser tool, which is capable of knocking websites offline for up to eight hours at a time.
Lizard Squad took down Microsoft Xbox and Sony PlayStation networks on Christmas day; shortly thereafter, Lizard Squad released its Lizard Stresser service. According to Krebs on Security, the Lizard Stresser service "draws on Internet bandwidth from hacked home Internet routers around the globe that are protected by little more than factory-default usernames and passwords."
Not too long after the DDoS service went live, someone leaked the internal database, which was populated with unencrypted usernames and passwords belonging to Lizard Stresser users.
A Lizard Squad member who helped develop Lizard Stressor said that leak was intentional; the hacker, using the alias of AntiChrist, told the Daily Dot: "The first one had cleartext [passwords] on purpose so we could steal people's accounts, twitters etc." NCA used the leaked database to arrest six UK teenagers during Operation Vivarium.
AntiChrist added, "With the leaked database they just looked at the emails of the people. Usually kids using stressers don't bother to hide themselves. I'm surprised they even did this, what a waste of taxpayer money lol."
In other words, Lizard Squad members were unscathed while law enforcement went after Lizard Stresser customers.
Bloomberg reported that Amazon, Microsoft, and Sony were among the companies targeted during Lizard Stresser DDoS attacks. NCA did not list the targeted websites. Instead, NCA said:
Those arrested are suspected of maliciously deploying Lizard Stresser, having bought the tool using alternative payment services such as Bitcoin in a bid to remain anonymous. Organizations believed to have been targeted by the suspects include a leading national newspaper, a school, gaming companies and a number of online retailers.
Law enforcement officials will be visiting another 50 registered Lizard Stresser users "who are not currently believed to have carried out attacks." When the cops come knocking, they will tell Lizard Stressor customers "that DDoS attacks are illegal, can prevent individuals from accessing vital online services, and can cause significant financial and reputational damage to businesses. They will also be informed that committing cybercrime can result in severe restrictions on their freedom, access to the internet, digital devices and future career prospects."
A third of those registered DDoS service users are under the age of 20.
After NCA announced Operation Vivarium, Lizard Squad tweeted that the group was "tempted" to "setup a free version of Lizard Stresser" to aggravate law enforcement.
Additionally, Lizard Squad claimed it would respond to the raid by restarting operations.