Inside Lizard Squad, the Hacking Group That Targeted Taylor Swift
America’s Sweetheart is under attack.
On Tuesday afternoon, Taylor Swift’s Twitter account, boasting a mammoth 51.4 million followers, was reportedly hacked by a self-described “cyber caliphate” called Lizard Squad, which released the following tweets from her account:
The two accounts requesting follows, @veriuser and @lizzard, have since been removed by Twitter. Later, the black hat hacking group threatened to post nude photos online of the “Shake It Off” singer. Swift, for her part, is calling BS on the existence of nudes.
She also addressed the hacking in a post on her Tumblr, writing, “My Twitter got hacked but don’t worry, Twitter is deleting the hacker tweets and locking my account until they can figure out how this happened and get me new passwords. Never a dull moment.”
For those unfamiliar with Lizard Squad, they’re a hacking collective known for wreaking havoc on primarily gaming servers via distributed denial-of-service (DDoS) attacks. Back on August 24, Lizard Squad claimed responsibility for taking down the PlayStation network and also claimed that a plane carrying John Smedley, the president of Sony Online Entertainment, had a bomb onboard—causing the airplane to divert to a different city.
On August 30, the group posted the following message on Pastebin explaining their reasoning for the cyberattack, as well as that they would be disbanding:
We set out on our journey 2 weeks ago with the plan to cause havoc within the gaming community. Our motives varied throughout this adventure. Originally it was to see if we could evade being caught and to experience the raw thrill of anarchy, not being bound to phony laws. We've been called everything from an organized criminal "gang" to complete assholes, really we are just a bunch of guys with too much free time. Throughout our journey we met new people, gained new members, learned new things. People tried taking swings at us (and missed). We proved that even though we are little in this very big world, that a small group of friends who work together can cause a lot of havoc without legal repercussions. Today we will be disbanding, behind the green reptiles and other bullshit, we have lives believe it or not, things to do, people to meet. Goodbye.
The note was signed by the 8 members of Lizard Squad, who go by the aliases: dragon, Komodo, ryan, sp3c, abdilo, Chameleon, Vagineer, and Gecko. Shortly thereafter, amid rumors that the FBI was on their tail, a tweet from the group claimed that the authorities had arrested two of their members.
Despite Lizard Squad’s alleged disbanding, the group appeared to resurface on December 1, attacking the Xbox Live server with a DDoS, with users attempting to connect to the service receiving an error code. A week later, they reportedly attacked the PlayStation Network again, with anyone attempting to access the PlayStation Store getting the error message: “Page Not Found! It’s not you. It’s the internet’s fault.”
Then, on December 22, Lizard Squad seemed to up the ante. In the wake of the Sony hack by Guardians of Peace—purportedly issued by the North Korean government—the group alleged that they took down the Internet in North Korea with a DDoS attack. Lizard Squad posted several IP addresses on Pastebin allegedly belonging to North Korea. They also tweeted a web address called the “North Korea off button” accompanied by a follow-up message: “Xbox Live & other targets have way more capacity. North Korea is a piece of cake.”
If that weren’t enough, on Christmas Day, Lizard Squad claimed to have performed DDoS attacks on the Xbox Live and PlayStation Networks in an attempt to disrupt online gaming over the holidays. The attacks continued until the next day, when MegaUpload founder Kim Dotcom stepped in to save online gaming, allegedly offering Lizard Squad 3,000 vouchers for his content hosting service which, at a value of 99 cents each, comes out to $300,000.
That day, BBC Radio aired an interview with two members of Lizard Squad who went by the names “Member 1” and “Member 2.” One of them with a British accent claimed to be a 22-year-old who works for a cybersecurity firm and says, “I wouldn’t call myself a top-grade hacker… but I do know some of my stuff, and this proves it.” He said there were “no more than 10 members” in Lizard Squad, that they only did this to cause disruption, that it “took just a couple of days to plan out,” and that there was no Lizard King, just “someone decides or comes up with an idea, and if everyone likes it, we just go ahead with it.”
The man in the BBC Radio interview appears to be Vinnie Omari, a 22-year-old Brit who describes himself as a “security analyst,” and even conducted an on-camera interview on Dec. 27 with Sky News.
Meanwhile, Member 1 from the BBC Radio interview appears to be a Finnish teen by the name of Julius Kivimaki, who goes by the online alias “ryan.” He claimed to be 16, and that the youngest member of Lizard Squad was only 13 in an interview with Sky News:
And just yesterday, the Lizard Squad Twitter handle @LizardMafia tweeted out a photo of the same teenager from the Sky News interview:
Kivimaki was allegedly the teenager arrested by Helsinki Police back in October 2013 on suspicion of operating a massive botnet consisting of 60,000 hacked Web servers around the world, being part of an "international hacker group," and being in possession of 3,000 stolen credit cards. The Helsinki Police reportedly worked in concert with the FBI to track him down.
Lizard Squad has also claimed responsibility for a Sybil attack against the Tor network, allowing the group to control a small slice of the network and unleash nodes with the names “LizardNSA.” They also said they were the ones who hacked the website to Malaysia Airlines on January 26, disrupting the ticketing service. Users were redirected to a page featuring an image of a lizard in a tuxedo and the message: “Hacked by Cyber Caliphate.”
And just this morning around 1 a.m. ET, Lizard Squad claimed to have breached a number of social networks, including Facebook, Instagram, Tinder, AIM, and Hipchat. Facebook and Instagram indeed reported mild outages, and Tinder sent out a strange tweet before acknowledging that their servers were briefly down as well.