As LulzSec disbands, threats remain

Summary:Hacktivist group LulzSec officially disbands, but the threats are far from over. Should organizations begin addressing the problem, or continue chasing the solution?

The hacker group Lulz Security may have announced its farewell, but a New York Times report noted on Sunday that the threat of attack is far from over.

Well, duh.

According to "security experts" quoted in the article, major cyberattacks -- such as on the websites of the C.I.A., U.S. Senate or global tech company Sony -- will continue as splinter groups and copycats try to emulate LulSec's "revolution."

Sound familiar? Trade the name "LulzSec" for "Al Qaeda" and you can accurately describe the American military campaign in Afghanistan: a ragtag group of government irritants that fragments and heads underground, creating an environment that can only be described as "Whack-a-Mole."

Most reports I've read about the LulzSec incidents demonstrate that there exists concern that a single actor could take down a system -- no organized group necessary.

But let's get real: has that ever not been the case?

It's clear to me that headlines screaming about the goose chase surrounding LulzSec or the larger group Anonymous hide two real stories:

  1. Many large security systems are not robust enough to withstand the efforts of a determined professional;
  2. Large companies don't want to admit this fact.

The first point is one of concern for any tech professional working at a major company; after all, security measures should be as robust as the data they're protecting is sensitive.

But the second point is provocative because, as we've seen thus far, most LulzSec attacks are somewhat politically motivated -- that is, they're always trying to make a point, and not just rifling through people's digital homes for the sake of it.

On more than one occasion, LulzSec has indicated post-hack that it was doing so only to draw attention to easily compromised security systems that supposedly protect sensitive data. Think about it: rarely is the data itself of concern. It's always about who was sleeping on the job.

While the media and law enforcement feed the frenzy to identify and capture the hackers, perhaps we ought to pause for a moment and consider the message: if you're willing to take ownership of private data in the 21st century, you're also implicitly agreeing to protect it. Too many organizations are willing to do the former without taking enough steps to satisfy the latter.

Topics: Security

About

Andrew Nusca is a former writer-editor for ZDNet and contributor to CNET. He is also the former editor of SmartPlanet, ZDNet's sister site about innovation. He writes about business, technology and design now but used to cover finance, fashion and culture. He was an intern at Money, Men's Vogue, Popular Mechanics and the New York Daily Ne... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.