Q&A with hackers who say they helped break into Sony
WASHINGTON — Lizard Squad. That's the hacker group whose name is suddenly on everyone's lips after it took credit for ruining Christmas for PlayStation and Xbox gamers everywhere.
But in an unusual interview, a self-proclaimed member of the “cyberterrorist” group said Lizard Squad also played a role in the massive attack against Sony Pictures Entertainment. A person identifying himself as a Lizard Squad administrator said the group provided a number of Sony employee logins to Guardians of Peace, the organization that allegedly broke into Sony's network and prompted the film studio to initially withdraw “The Interview” from theaters.
If true, it would be the first open acknowledgment by a Lizard Squad member that the group was involved in the Sony attack. The administrator also conceded that the group went too far in August, when it tweeted a bomb threat to American Airlines, prompting the midflight diversion of a jet carrying Sony executive John Smedley by F-16 fighters. He also shed more light on the group's membership, saying most are based in the European Union and Eastern Europe and therefore aren't too worried about FBI investigations into Lizard Squad.
To help show he was a controlling member of the Lizard Squad, the individual published a confirmation tweet from a Twitter account closely associated with the group, @LizardMafia (a message that I saw but unfortunately didn't screen-capture before it got deleted). The administrator gave his name as “a Ryan Cleary,” but further questioning revealed he was not the same Ryan Cleary who was convicted of hacking into the CIA and other agencies as part of the hacking group LulzSec. While we may never be able to prove for certain that @LizardMafia and its affiliated website actually speak for the real Lizard Squad — or that Lizard Squad is in fact behind the attacks against Sony and Microsoft — I was at least able to determine that “Ryan Cleary” commands a substantial following of people who believe he represents Lizard Squad.
What follows is an edited transcript of our conversation, which was conducted in a private online chat room.
Brian Fung: So, I guess one of the first questions everyone will want an answer to is ... how can we be sure you're Lizard Squad?
Ryan Cleary: Uh, it says this (chat room) on the Twitter account. (At this point, Cleary turns to another administrator in the chat room and asks him to add a “confirmation file” to the Lizard Squad website.) Also, I emailed you to come here.
Q. But let's just say I was some random person who doesn't know a thing about Lizard Squad — wouldn't I assume that somebody unconnected to Lizard Squad could have just made up your email address? Or made up the Twitter account but separately from the folks who are actually running Lizard Squad?
A. Well, you could verify the email based on the Twitter account. (Cleary turns to the other administrator and again asks for a file to be added to the website for verification.) There should be a verification tweet for you on @lizardmafia: https://twitter.com/LizardMafia/status/548564027522445313
Q. All right, thanks.
A. OK. Verified enough?
Q. I think so. So the big question surrounding this latest PlayStation Network/Xbox Live incident is, why, and why now? What do you hope to accomplish with it?
A. Well, one of our biggest goals is to have fun, of course. But we're also exposing massive security issues with these companies people are trusting their personal information with. The customers of these companies should be rather worried.
Q. In this case it seems less like a leak of personal information than an attack that simply makes the services crash. What does overloading a system have to do with security flaws?
A. Quite a bit. It tells you how much money they've put into securing their systems. Not having people take down your business critical systems like this should be one of your top security priorities. Which it clearly isn't.
Q. So if I understand correctly, you're saying Sony and Microsoft's systems should be able to scale to handle all this incoming traffic.
A. Absolutely. We told them almost a month before that we'd do this. And yet we had no difficulties dropping them.
Q. How much data are, or were, you throwing at them per second?
A. About 1.2 (terabits per second).
Q. Are you guys gamers yourselves?
A. Not really, no. Unless this counts as a game. I guess this is kind of a game for us.
Q. Tell me more.
A. Well, it's often sort of like a game of chess. Your opponent does something to prevent your attack, and you alter your attack to get around your opponents' defenses.
Q. What do you think Sony and Microsoft's countermove will be?
A. Good question. So far only Sony has actually tried to defend against us. They made a deal with a large DDoS protection company, Prolexic, after apparently deciding they stood no chance against us in-house.
Q. Microsoft put up no resistance?
A. None we could detect. And if we can't tell they're trying to stop us, does it even matter?
Q. What kind of group are you, would you say? If you had to describe yourself?
A. Well, we've been humorously describing ourselves as a cyberterrorist group. I mean, referring to us as a hacker/hacking group would probably be the simplest choice.
Q. Some reports suggest you've got links to Guardians of Peace, and possibly to the Islamic State. Can you talk about that for a minute?
(Another long pause, about five minutes.)
A. Well, we do know some people from the GOP (Guardians of the Peace). We do not have any links to the IS (Islamic State).
Q. But you didn't work with Guardians of Peace to breach Sony's network and gain access to the emails, etc.? In other words, you know some people but weren't involved in the Sony hack surrounding “The Interview”?
(A seven-minute pause.)
A. Well, we didn't play a large part in that.
Q. What part did you play?
A. We handed over some Sony employee logins to them. For the initial hack.
Q. Like, a lot of them? And how did you come by them yourselves?
A. We came by them ourselves. It was a couple.
(Another pause that's punctuated by several connection errors.)