Skip to navigationSkip to content

Your router could be behind Lizard Squad’s attacks

AP Photo/Mike Fiala
Change that default password, pronto.
By Alice Truong

Deputy editor

Published This article is more than 2 years old.

Lizard Squad, the online group that claimed responsibility for the attacks on PlayStation’s and Xbox’s networks last month, is using thousands of hacked Internet routers to run a new attack service it’s selling to consumers.

Last month, the group launched Lizard Stresser, which is capable of launching denial-of-service attacks for as little as $3 a month. So far, Lizard Squad has taken credit for temporarily bringing down image site 8chan and security blog Krebs on Security.

According to the blog, Lizard Stresser is taking advantage of the fact many online users—including some companies and universities—never change their routers’ user names and passwords, and using malicious code to control this network of bots (a good reminder to change those default passwords).

Bots, which are used for both good and evil, now make up about half the web’s traffic, according to content delivery platform Incapsula. And impersonator bots—capable of launching denial-of-service attacks—now account for a quarter of bot traffic. By Incapsula’s count, they’re the only category of bots steadily rising in traffic in the last three years.

📬 Kick off each morning with coffee and the Daily Brief (BYO coffee).

By providing your email, you agree to the Quartz Privacy Policy.