An amorphous hacker collective known as Lizard Squad may have played a role in the massive cyberattack against Sony, according to the cybersecurity firm IntelCrawler. The group has attacked Sony previously and appears to have some links to Guardian of Peace, the previously unknown hacker group whose name has appeared on released Sony documents.
This does not necessarily rule out North Korea's involvement in the attack. Rather, if Lizard Squad was in fact involved, it appears most likely that they worked with the North Korean government in some capacity, or that they conducted separate but overlapping attacks.
Who is Lizard Squad?
Lizard Squad is an informal hacker collective that has been described as "vocal, taunting and a bit obnoxious." The group has a history of attacks that appear driven by a desire for mayhem for the sake of mayhem, and that frequently focus on Sony.
In August, Lizard Squad launched a massive DDoS (distributed denial of service) attack on Sony's Playstation Network that brought down the network. The group also tweeted a bomb threat to a commercial flight, knowing Sony Online Entertainment president John Smedley was on board, forcing the flight to make an emergency landing.
Cole Stryker, the author of a book on hacking culture, previously told ABC News that Lizard Squad is known as "very trollish, prankstery." He added of the group's members, "I don't believe this person genuinely wants to be involved in geopolitics. I think this person is just having a laugh."
In other words, the group has no clear agenda or record other than hacking to hack, and often targeting companies involved in video games — especially Sony.
What's the evidence Lizard Squad hacked Sony?
IntelCrawler, the cybersecurity firm, told Bloomberg News that Lizard Squad has close links with Guardians of Peace. That latter group is very clearly responsible for at least some of the Sony hacks; it trickled out documents to reporters and emblazoned its name on some hacks.
IntelCrawler found a history of the two groups cross-posting on one another's forums, using similar language and slang (hacker communities tend to develop highly specific in-jokes and phraseology). Lizard Squad, on its now-suspended Twitter account, even said that it was "working together with #GoP on a Christmas project."
Hacker groups are highly informal; if these two did indeed work closely together, they may also share a number of members.
An interesting wildcard detail, though — and a possible datapoint against Lizard Squad cooperation with North Korea — is that the Washington Post's Brian Fung found some evidence of Lizard Squad's members winkingly celebrating the attack this week that brought down North Korea's internet connections. Group members referred to the country's networks as a "piece of cake" compared to Xbox, which the group had hacked earlier.
How Lizard Squad might have worked with North Korea
Vox's Timothy B. Lee suggested this theory earlier, writing that one possible explanation is that North Korea only got involved in the attacks after the initial attack. Perhaps an outside group compromised Sony's network and then sold control and data to the North Korean government. Or perhaps the group sometimes does work for the North Korean government, but North Korea only became directly involved after the initial announcement. That would explain why they seemed to use some of the same tools and infrastructure.
If there was such a third-party group facilitating the attack, it's starting to look like that group might have been Lizard Squad.
That would explain the marked shift in tone from the Sony hackers, who after a couple of weeks very suddenly pivoted from releasing embarrassing Sony internal emails to focusing obsessively on The Interview, the Sony film about North Korean leader Kim Jong Un's assassination.
In those initial weeks, the hackers showed a remarkable understanding of how to manipulate the American media into covering the emails. It was always strange to imagine North Korean hackers being that savvy about American media.
At the same time, in the later weeks, the hackers showed an overwhelming obsession with The Interview that seemed to very heavily suggest North Korean involvement. And it was difficult to miss that the hackers, whoever they were, used the same software that North Korea used in earlier attacks on South Korea.
There is one detail that the FBI presented, in its report, as proof of North Korean involvement that now looks like it might point to North Korean collaboration with an outside group like Lizard Squad: During the hack, North Korean computers communicated with some of the same servers that the Sony-hacking malware communicated with. Maybe that link wasn't just North Korea unilaterally hacking Sony, but working as well with a group like Lizard Squad.