During an ongoing investigation into the hacking group “Lizard Squad,” Chicago authorities charged two suspects for computer hacking. The suspects ran a “cyber-attack-for-hire” website that allowed attacks to be launched worldwide, federal authorities announced.
Both suspects, a 19-year-old from Maryland and a 19-year-old from the Netherlands, were arrested in September. Zachary Buchta of Maryland made an initial court appearance in early November. U.S. Magistrate Judge Jeffrey T. Gilbert allowed Buchta to free on an unsecured bond with restriction to computer access.
Bradley Jan Willem Van Rooy of the Netherlands has not faced a judge or made a court appearance to this date. He remains in custody awaiting further notice from international authorities.
The investigation began after the DDoS attacks against Sony servers were initiated. Two computer hacking groups are tied to the PlayStation Network denial of service attacks: Lizard Squad and PoodleCorp. Both Van Rooy and Buchta were connected to Lizard Squad and PoodleCorp, law enforcement announced.
In addition to the denial of service attacks against the PlayStation Network, the suspects are linked to phonebomber.net and “Shenron.”
Phonebomber.net was a website that let customers pay for phone harassment directed towards select victims. Prior to the site being seized, it claimed to feature random numbers that prevented the victim from blocking calls. FBI agents noted the contents of the site’s landing page:
phonebomber.net (phonebombermlyerhx.onion) is a no-registration phone bombing service. We will call your target once per hour with one of our pre-recorded messages for $20 a month. Since our calls come from random numbers, your target will be unable to block our calls. Your target will be left with only 3 options: Change their number, Bend to your whim, Deal with a ringing phone for the length of our attack :\ For the extortionists amongst us we’ve added an option to cancel the calls at the click of a button, giving you complete control over the length of the attack. . . . Since there is no registration, all purchases are untraceable. The only data a hacker / feds would be able to exfiltrate from our database are the phone numbers currently being called, and the last 30 days of targets. Rest assured your privacy is respected here and purchase in confidence
The criminal complaint details one specific instance that demonstrated how the website was being used. An Illinois resident received a phone call every hour for 30 days.
Upon answering the phone, the following prerecorded message was played. “When you walk the fucking streets, Motherfucker, you better look over your fucking back because I don’t flying fuck if we have to burn your fucking house down, if we have to fucking track your goddamned family down, we will fuck your shit up motherfucker.”
Zachary T. Fardon, US Attorney for the Northern District of Illinois, explains that after Phonebomber.net launched, the larger DDoS attacks started. Buchta, Van Rooy and other Lizard Squad members began denial-of-service attacks and bragged about them on social networks.
The attacks targeted various victims, including gaming, entertainment and media companies. Sony was one of the main targets.
The FBI, DoJ, and Dutch law enforcement traced social media usernames back to Buchta and van Rooy. Buchta went by “@fbiarelosers,” “pein,” “xotehpoodle,” and “lizard.” And van Rooy operated under “Uchiha,” “@UchihaLS,” “dragon” and “fox.”
The Shenron service followed phonebomber.net. As noted by investigators, Shenron enabled customers to issue denial-of-service attacks with no effort whatsoever. Pricing was based on the attack quality. For instance, for $19.99/month, customers could launch attacks that lasted 1,200 seconds. The attacks were carried out at “150Gbps” and an unlimited number of attacks could be launched. Different packages and plans existed at different price points.
Both men have been charged with conspiring to cause damage to protected computers. The conspiracy charge carries a maximum sentence of ten years in prison.