Home / / Confusion reigns over Lizard Squad role in Sony-Pyongyang cyber affair

Confusion reigns over Lizard Squad role in Sony-Pyongyang cyber affair

Conflicting reports place digital bandits on either side of escalating row over cyber-attack

Confusion reigns over Lizard Squad role in Sony-Pyongyang cyber affair
According to some, Lizard Squad could have helped Guardians of Peace in its crippling attack on Sony Pictures, but others think the group took down North Korea’s Internet service.

Online media and cyber security analysts differ on the role of cyber gang Lizard Squad in the escalating squabble between Washington and Pyongyang regarding last month's cyber attack on Sony Pictures Entertainment, with some suggesting the group was part of the plot to cripple Sony's network, and others crediting the group for bringing down North Korea's Internet services.

The US blames North Korea for Sony's woes, a charge vehemently denied by Kim Jong Un's isolated government. Both have pledged retaliatory strikes: the US for the hack, North Korea for the accusation.

Yesterday, when news broke that North Korea's entire Internet had been taken down, early speculation that the US government was the responsible party was pushed aside by cyber security analysts from Trend Micro and Incapsula in separate statements, where they suggested almost anyone could have taken North Korea's Internet offline with a simple DDoS attack.

"Even if North Korea had 10 times their publicly reported bandwidth, bringing down their connection to the Internet would not be difficult from a resource or technical standpoint," said Ofer Gayer, security researcher at Incapsula, in an emailed statement to ITP.net.

Following this statement, Incapsula speculated that tweets from Lizard Squad's @LizardUnit account may mean it was taking credit for North Korea's outage.

The cyber-security specialist believes Twitter posts such as "175.45.176.1 = North Korea off button" and "North Korea #offline" mean Lizard Squad "seems to be not so coyly taking credit for the attack... true to form, they took credit publicly, which is typical behaviour for a hacktivist group", according to an email sent to ITP.net. The @LizardUnit account has since been suspended by Twitter.

The 175.45.176.1 IP address matches North Korea's single point of failure and the country's lone service provider STAR-KP. It is this weakness that cyber security analysts point to when explaining why a non-state actor could easily have taken North Korea's entire Internet down.

Meanwhile, Vox cited ICT security company IntelCrawler as claiming Lizard Squad may have colluded with Guardians of Peace, the group that took responsibility for the attack on Sony Pictures. This view appears to be at least partially based on the fact that Lizard Squad earlier this month claimed responsibility for attacks on Sony's PlayStation Network and, in August, tweeted a bomb threat to a commercial flight that was carrying Sony Online Entertainment president John Smedley, forcing the flight to make an unscheduled landing. However, according to IntelCrawler, Lizard Squad recently tweeted that is was "working together with #GoP on a Christmas project".

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.

CHANNEL AWARD 2018