Two charged in Chicago with operating cyber-attack-for-hire websites

They marketed themselves as modern-day extortionists, hackers-for-hire whose black hat computer skills could shut down company web sites and harass unsuspecting people around the world, federal prosecutors say.

For a $20 fee, the hackers were willing to target anyone and offered assurances of privacy to their customers. One of their first victims, who lived in the Chicago area, started receiving expletive-laden phone calls every hour, on the hour. The calls went on for 30 straight days.

"Your target will be left with only 3 options," the hackers boasted on their web page, phoneBomber.net. "Change their number, Bend to your whim, deal with a ringing phone for the length of our attack :\"

On Wednesday, federal authorities announced charges in Chicago against two 19-year-old men who allegedly orchestrated attacks with the online monikers of Lizard Squad and PoodleCorp. Authorities alleged they shut down the web networks of gaming companies and engaged in so-called phone bombing schemes like the one used in Illinois. The loosely based crew also sold stolen payment card account information on thousands of victims, prosecutors said.

Zachary Buchta, of Fallston, Md., and Bradley Jan Willem van Rooy, of the Netherlands, were each charged in a criminal complaint unsealed Wednesday with conspiring to cause damage to protected computers. The charge carries a maximum of 10 years in prison.

Buchta, who was arrested at his home last month but later released on a recognizance bond, appeared Wednesday before U.S. Magistrate Judge Jeffrey Gilbert. While awaiting trial, he will be allowed to live with his mother in Maryland, the judge said, but he was forbidden from accessing the internet or having any contact with van Rooy, who is in custody in the Netherlands.

The charges stem from an international investigation and are among the first brought in the U.S. against alleged members of Lizard Squad. A California man was previously charged with cyber crimes affiliated with the group, court records show.

In addition, a 17-year-old boy in Finland was convicted in 2015 and sentenced to two years in jail for orchestrating a series of computer attacks connected to Lizard Squad, according to news reports.

Although the hacker group has been known in the security industry for some time, it rose to prominence over Christmas 2014 when it launched a crippling attack on Sony PlayStation and Microsoft Xbox Live gaming networks, according to news reports.

In January 2015, Lizard Squad made headlines by hijacking social media accounts of Grammy-winning pop singer Taylor Swift. The group sent tweets from Swift's account instructing her millions of fans to follow two Lizard Squad-related Twitter accounts, then threatened to release nude photos of the superstar in exchange for bitcoins.

Swift shut the extortion attempt down, however, by announcing to fans that there were no nude photos. "My twitter got hacked but don't worry," she wrote to fans on Tumblr, according to one news account. "Twitter is deleting the hacker tweets and locking my account until they can figure out how this happened and get me new passwords. Never a dull moment."

The 61-page complaint unveiled Wednesday alleged Buchta and van Rooy operated websites that enabled paying customers to select victims to receive repeated harassing phone calls from spoofed numbers.

In October 2015, they boasted online that the person in Illinois had become their "first victim," according to the complaint. That day, the victim, identified in the complaint only as Victim O, started receiving hourly phone calls with the same recorded message.

"When you walk the (expletive) streets, (expletive), you better look over your (expletive) back because I don't flying (expletive) if we have to burn your (expletive) house down," the message said, according to the complaint. "If we have to (expletive) track your (expletive) family down, we will (expletive) your (expletive) up (expletive)."

Soon after the launch of phonebomber.net, Buchta, van Rooy and other members of Lizard Squad began "denial-of-service attacks" that flood a targeted website with traffic, eating up the network's bandwidth and effectively shutting it down, the complaint stated. The two boasted about the attacks on social media, authorities said.

According to the complaint, FBI agents interviewed Buchta at his Maryland home as far back as 2014. He denied any involvement in cyber-attacks.

The next year, agents interviewed an associate of Buchta's as part of a separate investigation into "swatting calls" — a reference to people who make phony 911 calls about active shooters and other calamities to incite an emergency response, according to the complaint.

That associate — identified in the complaint only as Individual C — told authorities Buchta was a "co-leader" of Lizard Squad, according to the complaint.

Before the charges were unsealed Wednesday, the magistrate judge approved the seizure of four domain names associated with the alleged conspiracy: shenron.lizardsquad.org, lizardsquad.org, stresser.poodlecorp.org, and poodlecorp.org, according to court records.

As of Wednesday afternoon, the Twitter account affiliated with the group was still active. Its profile photo featured a lizard dressed in a tuxedo, wearing a top hat and monocle. In the background was a B-movie poster depicting dinosaurs devouring people and the slogan, "Giant lizards shall soon rule the Earth."

The last tweet came on Sept. 21, a week before Buchta's arrest.

jmeisner@chicagotribune.com

Twitter @jmetr22b

Copyright © 2017, The Virginia Gazette
63°