Console DDoSers Lizard Squad are using insecure home routers for a paid service that floods target networks, researchers say.
The service crawls the web looking for home and commercial routers secured using lousy default credentials that could easily be brute-forced and then added to its growing botnet.
Researchers close to a police investigation into Lizard Squad shared details of the attacks with cybercrime reporter Brian Krebs.
The attacks used what was described as a 'crude' spin-off of a Linux trojan identified in November that would spread from one router to another, and potentially to embedded devices that accept inbound telnet connections.
High-capacity university routers were also compromised in the botnet which according to the service boasted having run 17,439 DDoS attacks or boots at the time of writing.
Lizard Stresser and our private ddos service is powered by 250-500k infected routers— Lizard Squad (@LizardMafia) January 10, 2015
Krebs found the booster service was located in an infamous bulletproof hosting provider in Bosnia. The host is promoted by a Darkode cybercrime forum administrator known as Sp3c1alist.
Two alleged Lizard Squad members have been questioned by police. Suspected Lizard Squad member reportedly Vinnie Omari, 22, of South-West London, was arrested on suspicion of fraud by false representation and Computer Misuse Act offense and released on bail.
Alleged member Ryan was questioned by authorities in Finland but not arrested according to local media reports. ®