Alex Krasodomski

Are the members of hacker group Lizard Squad cyberterrorists or cybervandals?

Are the members of hacker group Lizard Squad cyberterrorists or cybervandals?
Text settings

Another day, another hack. This morning, Facebook and Instagram went dark. Facebook has blamed a technical glitch; ‘Lizard Squad’ celebrated another successful attack:

— Lizard Squad (@LizardMafia) January 27, 2015

Yesterday, the group claimed responsibility for defacing the website of Malaysia Airlines. One of the more active of many mysterious groups, they have claimed responsibility for a range of online mischief in the last year, from hacking into online games networks to the temporary internet blackout in North Korea in December 2014 (although the latter isn’t easy to prove). This kind of seemingly random hacking has been happening more often, and has been termed ‘cybervandalism’. A good example was the hacking of US military Central Command’s Twitter account earlier this year.

What exactly hacking is, generally speaking, is poorly understood. It is perceived as an immensely difficult thing to do, and conjures images of hunched backs, dark rooms and lots of computer screens like the Nebuchadnezzar in The Matrix. In fact, a lot of hacking is quite simple. That ‘123456’ has been in a running battle with ‘password’ as the internet’s favourite password since its inception is testament to this.  An XKCD cartoon echoes this message.

In the wake of a hack, comments are drawn from security and counter-terrorist consultancies and the story is splattered across major news channels. But is there any more to this than the antics of an attention-seeking ‘group of kids’? The files apparently taken during the CENTCOM raid were quickly dismissed as fake. Malaysia Airlines were quick to explain that the hackers hadn’t accessed customer data, and interviews with hackers claiming to be from Lizard Squad stress how enjoyable hacking is, rather than necessarily the damage they want to cause. It is a game or challenge that is fun in itself: replacing an airline’s website with a lizard in a stovepipe hat is just a marker of success, like a climber sticking a flag on top of a mountain.

But things aren’t always quite that simple; and here the official line and the hackers’ line differ. Soon after claiming responsibility for the hack, a Twitter account posted images of a passenger’s flight details. The Associated Press tracked down Amy Keh, a Malaysian who had indeed booked the flights in October. If the hackers did indeed get hold of customer data, the threat of ‘cyberterrorism’ might be greater than simply defacing a webpage. It wouldn’t be without precedent, either, of course.

For years, personal data has been leaking out from some of our most-used and often richest companies. Lizard Squad leaked the details of 13,000 PlayStation accounts a few weeks ago, and this is pretty minor by comparison with some of the larger hacks, beautifully visualized here on  As more of us spend more of our time online, and increasingly share more of our lives there, even ‘fun’ hacking can have serious consequences for people: everyone has photos and emails they’d rather remained private. Even if your password isn’t ‘password’, it is very likely your passwords are very similar, if not identical, across the websites you do use, and password reuse leaves you at risk. A list of websites that have been compromised – a hacker might say ‘pwned’ – is hosted here, and you can even check if your email address is among any that have been leaked to date.

It is probably hyperbole to describe such hacks as ‘cyberterrorism’. The demands and ideologies that tend to underpin our understanding of terrorism are rarely coherent when it comes to hacks. At their most consistent their message is an anarchic one, with enemies of internet freedom their most frequent targets. But we should also not underestimate the damage some hacks can do. As long as passwords remain unsecure and governments continue to make noises about increased internet surveillance, we will see hackers responding in the only way they know how.

In the meantime, change your password.

Alex Krasodomski is a researcher at the Centre for the Analysis of Social Media at Demos. He can be found tweeting @akrasodomski

You might also enjoy reading:

  • The real danger of #CyberJihad is that anybody can get involved