Confusion reigns over Lizard Squad role in Sony-Pyongyang cyber affair

Conflicting reports place digital bandits on either side of escalating row over cyber-attack

Tags: Cyber crimeDDoSNorth KoreaSony CorporationUSA
  • E-Mail
Confusion reigns over Lizard Squad role in Sony-Pyongyang cyber affair According to some, Lizard Squad could have helped Guardians of Peace in its crippling attack on Sony Pictures, but others think the group took down North Korea’s Internet service. (hackread.com)
By  Stephen McBride Published  December 24, 2014

Online media and cyber security analysts differ on the role of cyber gang Lizard Squad in the escalating squabble between Washington and Pyongyang regarding last month's cyber attack on Sony Pictures Entertainment, with some suggesting the group was part of the plot to cripple Sony's network, and others crediting the group for bringing down North Korea's Internet services.

The US blames North Korea for Sony's woes, a charge vehemently denied by Kim Jong Un's isolated government. Both have pledged retaliatory strikes: the US for the hack, North Korea for the accusation.

Yesterday, when news broke that North Korea's entire Internet had been taken down, early speculation that the US government was the responsible party was pushed aside by cyber security analysts from Trend Micro and Incapsula in separate statements, where they suggested almost anyone could have taken North Korea's Internet offline with a simple DDoS attack.

"Even if North Korea had 10 times their publicly reported bandwidth, bringing down their connection to the Internet would not be difficult from a resource or technical standpoint," said Ofer Gayer, security researcher at Incapsula, in an emailed statement to ITP.net.

Following this statement, Incapsula speculated that tweets from Lizard Squad's @LizardUnit account may mean it was taking credit for North Korea's outage.

The cyber-security specialist believes Twitter posts such as "175.45.176.1 = North Korea off button" and "North Korea #offline" mean Lizard Squad "seems to be not so coyly taking credit for the attack... true to form, they took credit publicly, which is typical behaviour for a hacktivist group", according to an email sent to ITP.net. The @LizardUnit account has since been suspended by Twitter.

The 175.45.176.1 IP address matches North Korea's single point of failure and the country's lone service provider STAR-KP. It is this weakness that cyber security analysts point to when explaining why a non-state actor could easily have taken North Korea's entire Internet down.

Meanwhile, Vox cited ICT security company IntelCrawler as claiming Lizard Squad may have colluded with Guardians of Peace, the group that took responsibility for the attack on Sony Pictures. This view appears to be at least partially based on the fact that Lizard Squad earlier this month claimed responsibility for attacks on Sony's PlayStation Network and, in August, tweeted a bomb threat to a commercial flight that was carrying Sony Online Entertainment president John Smedley, forcing the flight to make an unscheduled landing. However, according to IntelCrawler, Lizard Squad recently tweeted that is was "working together with #GoP on a Christmas project".

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code