Over the holiday weekend, the co-founder of Lizard Squad and PoodleCorp pleaded guilty to operating a hacking-for-hire service. Here’s what you need to know about the latest cybersecurity story to hit headlines in a year packed with one digital security attack after another.
Lizard Squad, PoodleCorp and hacking-for-hire
Zachary Buchta, 20, pleaded guilty in U.S. Federal Court on Dec. 19 to one count of conspiracy to commit damage to protected computers. That charge can carry up to a 10-year prison sentence, but due to a plea agreement, Buchta will serve just two and a half years behind bars.
Buchta confessed to being a founding member of Lizard Squad and PoodleCorp, two well-known “hacking for hire” groups that harassed thousands of people, and countless companies, around the globe. These groups charged as little as $20 for targeting someone online.
If you’re a Sony PlayStation or Microsoft Xbox Live user, you likely know Lizard Squad from the group’s massive DDoS attack over Christmas 2014, which crippled both platforms during the holiday season. The group is also known for phone-bombing schemes that inundated victims with harassing phone calls (via its website phonebomber.net) and hijacking Taylor Swift's social media accounts in January 2015.
PoodleCorp claims responsibility for hitting the servers of gaming giants like Blizzard, EA and Rockstar Games. Lizard Squad also claims to have targeted prominent gaming companies. Under the terms of Buchta’s plea deal, he will pay $350,000 USD in restitution to two of the online gaming companies that he hacked.
Bradley Jan Willem Van Rooy, Buchta’s fellow Lizard Squad and PoodleCorp member based in the Netherlands, is awaiting trial on similar charges in Europe.
2017, a year of major cybersecurity issues
The charges against Lizard Squad and PoodleCorp members are the latest in a string of cybersecurity stories that dominated headlines in 2017. The year that’s now drawing to a close brought some of the most serious cybersecurity events in history, including these notables:
- WannaCry (May 2017): One of the largest ransomware attacks in history, WannaCry caused billions in damage and affected more than 100,000 organizations in 150 countries—including hospitals in England, which were forced to turn away patients and cancel surgeries during the attack. Earlier this month, the Trump Administration publicly blamed North Korea for being behind the massive attack, with governments in Australia and the U.K. following suit. North Korea’s response? “Prove it.”
- Petya/Not Petya (June 2017): Hot on the heels of WannaCry, the Petya/Not Petya malware attack affected networks around the world. Although it hit Maersk, a Danish shipping company, Merck, a U.S. pharma company and Rosnoft, a Russian oil company, experts believe it was actually a masked attack at Ukraine, which has faced a series of cyberattacks and was hit particularly hard by Petya/Not Petya.
- S. Voter Records (June 2017): Personal information of more than 200 million U.S. registered voters was exposed online because of a security setting improperly configured at Republican data firm Deep Root Analytics.
- Russian social media meddling (Summer-Fall 2017): In September, Facebook identified more than 450 accounts linked to a Russia-based troll group that worked to stir up political unrest online around the U.S. presidential election. More than 126 million users saw the content; Facebook recently launched a tool to help you determine if you were one of them.
- Equifax (September 2017): In September, a hack in Equifax’s system jeopardized the safety of 143 million customers' personal information. Social security numbers, addresses, and more than 209,000 credit card numberswere stolen, along with nearly 190,000 credit dispute files.
- Uber Data Breach (November 2017): In October 2016, data was stolen from 57 million Uber users. However, the global rideshare company waited more than a year to disclose the massive data breach—putting it in hot water with consumers as well as the U.S. government, which is currently investigating the incident.
With ransomware, phishing and other cyberattacks dominating the news in 2017, there’s never been a more crucial time to get savvy on security. Read up on creating safer passwords and other cybersecurity tips on our blog.