The Andersons are Christmas traditionalists. Dan says it’s more his wife Paige than him, but secretly he also loves all the fuss.
So, there they were on the sofa in their pajamas in front of the twinkling Christmas tree before the sun had risen over a chilly morning in Buffalo, New York. Thirty-two-year-old Dan was proud and smug as he handed over his gift to Paige—a “fancy new Kindle Voyage.” She loved it. Then it was his turn, and he excitedly ripped into the wrapping paper watched over by his confused dogs—one of which was tellingly named after Dan’s favorite computer-game character (Vivi from Final Fantasy). As the present revealed itself, the avid gamer saw the instantly recognizable and much-loved logo—it was a brand-new PlayStation 4. Straight away he unpacked it, rigged it up to the TV, and switched it on. The plan was to get it fired up and download LittleBigPlanet 3 to play for a few hours before meeting up with family.
Paige had been looking forward to it since she bought the new console. However, it wasn’t to be. “We didn’t even make it as far as starting to download the game, because it wouldn’t let me log in to PlayStation Network,” Dan said. “Nothing was online at all, so we couldn’t even try and download games.” Disappointedly they headed out for the day’s events and couldn’t try again until that evening, when they discovered that the network was still down. A $400 gift they couldn’t play. Dan had to work the next day too, so he couldn’t even try it then. He was gutted.
Five hundred and fifty miles north, in Toronto, 16-year-old Mustafa Aijaz was pumped. Christmas Day—particularly the evening—was the best game time of the year. It’s always been a bit of a holiday within the holiday for serious players. The tradition revolves around a phenomenon called “Christmas Noobs.” At Christmas, so many new players receive new games and consoles that online games are flooded with a tidal wave of gamers who often fumble their way through the top games and act like cannon fodder for the waiting legions of seasoned veterans. Mustafa and his mates were skilled at Call of Duty: Advanced Warfare. “We were all ready for a night of easy wins, quick XP [experience points] farming, and were looking forward to leveling up like crazy.” So, they waited like crocodiles anticipating herds of migrating buffalo to enter the river. But just as the bullets started flying they were all unceremoniously chucked out of their matches and knocked offline. “None of us could log back in, and party chat was down too, so we couldn’t even talk to each other to figure out what was happening,” Mustafa said.
It was all over social media: A group of hackers called Lizard Squad were bragging about their massive DDoS attack on Xbox Live and PlayStation Network—the crucial services that linked tens of millions of gamers to the Microsoft and Sony servers. Mustafa had seen that the group had already carried out smaller-scale attacks and had for weeks been taunting and threatening a big attack. Apparently it was all linked to some silly and incomprehensible spat with a rival but minor hacking group. Mustafa was angry but also fascinated by the attack and the incredible reaction online. “The fallout was instantaneous. People were furious,” he said.
PlayStation Network at the time had about 110 million subscribers, and Xbox Live had roughly 48 million. Xbox was back to normal within 24 hours—on Boxing Day. But PlayStation struggled for longer. It didn’t just affect existing subscribers. Before you can use any new games, consoles, or vouchers, you need to register them via the gaming company’s servers. It was a catastrophe for the games industry, especially Sony, which had already been having a tough time after a different cyberattack the previous month.
Services were down around the world. Error messages in dozens of languages were being posted as screenshots on YouTube and Twitter. There was nothing anyone could do until the engineers at Sony and Microsoft figured it out or Lizard Squad stopped the attack.
Late in the evening on Boxing Day, BBC Radio 5 Live aired an interview with two members of the group. They showed zero remorse for the impact they’d had on people around the world. Twelve hours later I walked into the newsroom and was given the seemingly impossible task of “getting a Lizard” on the evening TV bulletin at Sky News.
It took hours of trawling Twitter and speaking to dozens of wannabes and fakes, but I eventually succeeded in finding contact details for a British man called Vinnie Omari. Incredibly, he lived a few miles from our newsroom in west London. He agreed to come to us for the interview and was pale, skinny, wore all black and talked fast. He was at pains to distance himself from the gang but left the studios promising that a Lizard Squad hacker called “Ryan” would be in touch. I had no idea at the time of course that this “Ryan” was Julius Kivimäki—an already infamous teenage hacker and delinquent from Finland. It was later that afternoon—at around 3 pm —that “Ryan” called through on Skype. Just in time for us to edit our conversation with him into our news piece.
The 17-year-old looked very young and pale and had a shaved head and soft features. In spite of everything, he was polite and seemed in no rush. But he was also utterly unremorseful and arrogant, struggling to stifle a smirk throughout the interview. When I started by asking him why he wanted to ruin Christmas for tens of millions of people, he gave me the same boilerplate answer about the boys doing it to amuse themselves and embarrass these tech mega corps. “These companies make tens of millions every month from just their subscriber fees, and they should have more than enough funding to be able to protect against these attacks.” We went back and forth for about 15 minutes without him giving any hint of regret or awareness for how many people had been affected by his stunt.
“I’d be worried if those people didn’t have anything better to do than play games on their consoles at Christmas Eve and Christmas Day,” he said. “I mean, I can’t really say I feel bad. I might have forced a couple of kids to spend their time with their families instead of playing games.”
The interview blew up online, with more than a million views on YouTube and thousands of comments on Twitter, where many four-letter words were hurled at the Lizards. PlayStation and Xbox also received a torrent of abuse. Later they would offer a five-day extension to players’ subscription periods and 10 percent off as compensation. The resulting bill for the company must easily have been in the millions.
Kivimäki went on to speak to other reporters, sometimes calling himself Ryan Cleary (a reference to another hacker he had vague and likely acrimonious link to from a previous teen hacker gang called LulzSec). In one interview and debate on YouTube channel DramaAlert he is implored by Kim Dotcom to stop the silly hacker rivalries that were impacting so many innocent people. “Hackers used to be respected; they used to have a magic about them,” Kim said, accusing Lizard Squad of harming the image of hackers around the world with their actions. Kivimäki’s response is fascinating: He laughed it off as old-fashioned thinking. “It’s wrong to connect groups like Lizard Squad with, for example, L0pht from a couple of decades back,” he said. “There’s really no connection with the hacking groups of today and the hacking groups of two decades ago. The meaning is totally different now.”
Although many security experts angrily railed against the media’s portrayal of Lizard Squad as “sophisticated,” people grudgingly came to accept that the Christmas attack did have a big impact on cybersecurity and the gaming industry. There’s little doubt that this was not the group’s motive—despite their clumsy attempts to claim so in interviews. But it was a wake-up call. Security website SecurityAffairs wrote a “lessons learned” piece by dissecting my interview with Kivimäki. Many people considered Lizard Squad script kiddies, they wrote, adding, “This approach is totally wrong.”
The size of the attack unleashed on that day would be shrugged off by most modern sites, but DDoS attacks are still commonplace and are getting more powerful. Expensive protection services are now a must-have for any organization that needs to stay online.
The attacks also started something of a cybercrime trend. In 2024 Europol unveiled an international law enforcement operation to take DDoS services down in December: “The festive season has long been a peak period for hackers to carry out some of their most disruptive DDoS attacks, causing severe financial loss, reputational damage, and operational chaos for their victims,” the organization said in a statement.
At the time of Lizard Squad’s attacks, the general public was stunned. Despite Lizard Squad being on the tail end of a wave of teenage hacking groups in the 2010s, there was little awareness of the power that could be wielded by these otherwise amateur attackers. There might have been a vague feeling in the zeitgeist that “hackers in hoodies in their bedrooms” were increasingly causing problems, but this attack was immediate, unmissable, and easy to understand. It was of course also easy to get angry about. Over the next couple of days I came back to the story with follow-ups about the fallout as other Lizard Squad members spoke to YouTubers about the so-called “drama.” But the big thing the newsroom kept asking me was, When would these kids be arrested?
Vinnie Omari was the first. On New Year’s Eve he was raided by the South East Regional Organized Crime Unit, which collared him on suspicion of cyber fraud offenses committed in 2013 and 2014. It looked like the raid was for other alleged offenses involving PayPal fraud, but the search warrant, which later surfaced online, also referenced the Christmas DDoS attacks. “They took everything: Xbox One, phones, laptops, computer USBs, etc.,” Omari told reporter William Turton from the Daily Dot. He was later cleared of any involvement.
After Omari’s arrest, other Lizards were taken out too. On January 16, 2015, police announced that they had arrested an 18-year-old in Southport, near Liverpool. They didn’t give a name, but reporters at the Daily Mail identified him: “The ‘quiet’ teenager, named locally as Jordan Lee-Bevan, was arrested during a raid at his semi-detached home in Southport, Merseyside, today, with officers seizing computers as he was taken away in a police car.”
In 2016 teenager Zachary Buchta from Maryland was also arrested for his role in Lizard Squad and another group called PoodleCorp. As a boy he had been warned in 2014 about his criminal path by police who had caught him carrying out minor cybercrime activity. But he was undeterred and even changed his Twitter profile at one stage to @fbiarelosers to taunt the cops.
At the same time that Buchta was arrested, Dutch police raided and arrested another 19-year-old. Bradley van Rooy, who used the names “Uchiha” or “UchihaLS,” was accused of conspiring with other members of Lizard Squad to operate websites that provided cyberattack-for-hire services, facilitating thousands of DDoS attacks and trafficking stolen payment card account information for thousands of victims.
Bradley was put on bail for two years and eventually given a two-year suspended sentence and 180 hours of community service. The vast majority of charges against him were dropped as they had taken place when he was a minor. He ended up being convicted of the DDoS-for-hire operation and handling stolen credit cards. I tracked him down, and he openly talked about that period of his life, which he had put behind him a long time ago. “I’m now 27, and I see the damage that I did and understand that there could have been a higher punishment,” he says. “But then I also see that I was just a kid, and I had a troubled time at school and just fell into the hacking life after meeting the wrong people when I was playing the game RuneScape.”
Bradley’s journey and words track so perfectly to the experiences of almost every hacker I have met or interviewed. It’s as though there is a universal constant, whereby a subset of gamers in every generation is pulled into cybercrime in exactly the same way. There are literally billions of gamers in the world, so these people represent only a tiny fraction. But it seems to be inevitable and cyclical as hacker groups rise and fall.
The differentiating and more important aspect, though, is how these boys and young men react when they cross the line and are caught.
So what of Julius Kivimäki, aka “Ryan,” aka “Ryan Cleary” and many other aliases including the by now infamous “Zeekill”?
Surely, after appearing on TV and radio admitting that he was part of the gang, he too would be rearrested sharpish? Officers did indeed visit Kivimäki to interview him, but they did not arrest him—contrary to reports in the international media. It’s not clear why they took no further action, but perhaps when the teenager confidently said that police would find nothing on his computer he was right. “They’d have to let me go,” he had cockily asserted in our interview. If so, maybe his run-in with police years earlier had taught him to cover his tracks more effectively. Or maybe he hadn’t taken as much of a leading role in the DDoS attacks as he had claimed.
For Finnish cybercrime cop Antti Kurittu, seeing Kivimäki on TV was especially galling. Antti had raided and arrested Kivimaki two years earlier for other cyberattacks carried out with a different teenage cyber gang called HTP. “I remember watching your Sky News interview and just thinking ‘wow, this guy is not even trying to cover up his crimes. He’s just a different sort of person,’” Antti recalls.
It wasn’t until July 2015 that Kivimäki received his first criminal conviction. He was found guilty of the rather preposterous total of 50,700 instances of aggravated computer break-ins—one for every computer enslaved into HTPs botnet. He was also convicted of other offenses including data breach, money laundering, and being in possession of, and using, stolen credit cards. For all of these offenses, he was handed a two-year suspended sentence. If he had been an adult he could have got years behind bars, but as a minor and first-time offender he served no time in prison. So Kivimäki, just a few weeks from his 18th birthday, remained free. He began calling himself the “Untouchable Hacker God” on Twitter.
A year after Kivimäki’s sentencing, in a bizarre coincidence, Antti bumped into Kivimäki in Amsterdam. It was April 2016 and Antti was walking through the departures lounge of Schiphol Airport when he passed the by-then 18-year-old. Antti did a double take, gobsmacked to see him. It was so surreal that they both found it amusing and took a selfie. After a short chat, Antti asked Kivimäki if he was now “staying out of trouble.” Kivimäki replied, “Of course.” But when Antti asked him for a contact email address, he made one up with “@FBI.gov” at the end. They laughed and went their separate ways.
But, as Antti predicted, the Untouchable Hacker God would be back. Four years later he was. And this time he was linked to the cruelest cyberattack in history and had a new alias: ransom_man.
Excerpt adapted from Ctrl+Alt+Chaos: How Teenage Hackers Hijack the Internet by Joe Tidy. Published by arrangement with Elliott & Thompson. Copyright © 2025 by Joe Tidy.
