Security expert Brian Krebs has analyzed the Lizard Stresser, an attack tool created by the so-called Lizard Squad hacker collective and touted as a test for webmins who needed to see what happens to their services under duress. His discovery? The network of attack computers actually consists of insecure and compromised home routers.
This is the network used to take down the Playstation Network and Xbox Live over the Christmas holiday. With the assistance of a group of security researchers, Krebs found that the Lizard Squad was in control of a large botnet made of hacked routers and other commercial servers.
He also makes some excellent recommendations to ensure router security including changing the default password – a no-brainer – and using OpenDNS to prevent malicious web calls to your router.
This means the Squad, which called the Xbox and Sony hacks a marketing stunt, is essentially selling access to hacked machines as a service.
In short, hundreds, even thousands, of compromised routers are being used to attack servers around the world for good or ill, a bit of news that should give us pause. If anything, we should probably all pay it forward and secure our less tech-savvy friends’ routers for them in preparation for further malware attacks in the same vein.