Lizard Squad logo

A member of the infamous Lizard Squad and PoodleCorp hacking groups pleaded guilty this week to charges of running a DDoS-for-hire platform that he and others used to launch DDoS attacks on targets across the globe.

Zachary Buchta, 20, of Fallston, Maryland pleaded guilty in a case he was charged last year, together with a Dutch national named Bradley van Willem Van Rooy, 20, of Leiden, the Netherlands.

US authorities identified the two as members of the Lizard Squad and PoodleCorp hacking crews. Buchta operated under nicknames such as "@fbiarelosers," "pein," "xotehpoodle," and "lizard," while van Rooy used monikers such as "Uchiha," "UchihaLS," "dragon,” and "fox."

Buchta was a member of both Lizard Squad and PoodleCorp

According to a plea agreement obtained by Bleeping Computer, Buchta admitted to operating the shenron.lizardsquad.org, lizardsquad.org, stresser.poodlecorp.org, and poodlecorp.org websites, where he advertised DDoS-for-hire services.

While other users had utilized these DDoS-for-hire platforms to carry out their own DDoS attacks, Buchta was famous because of the attacks he carried out himself, while part of the Lizard Squad DDoS crew.

He often launched DDoS attacks on gaming services, with the most famous being the now notorious DDoS attacks on the PlayStation Network and Xbox Live during Christmas 2014.

Security breach led to Buchta's arrest

The Lizard Squad service was built on the LizardStresser malware. This malware later leaked online and contributed to a jump in DDoS-for-hire services. In June 2016, Arbor Networks said it discovered over 100 DDoS botnets built on variations of Lizard Squad's LizardStresser.

Later, while part of the PoodleCorp group, Buchta built the PoodleCorp DDoS-for-hire service —named PoodleStresser— using the API of a competing service called vDOS.

Hackers breached the PoodleStresser service in July 2016 and leaked its database online. The data also made it into the hands of security researchers and law enforcement officials.

The PoodleStresser data helped unmask both vDOS and PoodleCorp operations, famous being an exposé on vDOS by infosec journalist Brian Krebs.

In October 2016, a few months after the breach, US and Dutch authorities arrested Buchta and van Rooy. Israeli authorities also started investigating the two vDOS owners soon after and filed official charges in August 2017. A UK teen who was a vDOS staffer was also charged in the winter of 2016-2017 and was sentenced this week to 16 months detention, suspended for two years.

Buchta will receive his sentence on March 27, 2018. He faces a maximum prison time of 10 years, but prosecutors said they wouldn't ask for more than 30 months following the guilty plea.

Related Articles:

Dramatic Increase of DDoS Attack Sizes Attributed to IoT Devices

Andromeda Botnet Operator Released With a Slap on the Wrist

Two DDoS Friendly Bugs Fixed in Linux Kernel

Jury Convicts Anonymous Hacker Who DDoSed Children's Hospital, Later Got Lost at Sea

US Charges Three Members of FIN7 (Carbanak) Hacker Group