As LulzSec disbands, threats remain

Summary: Hacktivist group LulzSec officially disbands, but the threats are far from over. Should organizations begin addressing the problem, or continue chasing the solution?

By Andrew Nusca for Between the Lines | June 27, 2011 -- 07:21 GMT (00:21 PDT)

Follow @editorialiste

The hacker group Lulz Security may have announced its farewell, but a New York Times report noted on Sunday that the threat of attack is far from over.

Well, duh.

According to "security experts" quoted in the article, major cyberattacks -- such as on the websites of the C.I.A., U.S. Senate or global tech company Sony -- will continue as splinter groups and copycats try to emulate LulSec's "revolution."

Sound familiar? Trade the name "LulzSec" for "Al Qaeda" and you can accurately describe the American military campaign in Afghanistan: a ragtag group of government irritants that fragments and heads underground, creating an environment that can only be described as "Whack-a-Mole."

Most reports I've read about the LulzSec incidents demonstrate that there exists concern that a single actor could take down a system -- no organized group necessary.

But let's get real: has that ever not been the case?

It's clear to me that headlines screaming about the goose chase surrounding LulzSec or the larger group Anonymous hide two real stories:

Many large security systems are not robust enough to withstand the efforts of a determined professional;
Large companies don't want to admit this fact.

The first point is one of concern for any tech professional working at a major company; after all, security measures should be as robust as the data they're protecting is sensitive.

But the second point is provocative because, as we've seen thus far, most LulzSec attacks are somewhat politically motivated -- that is, they're always trying to make a point, and not just rifling through people's digital homes for the sake of it.

On more than one occasion, LulzSec has indicated post-hack that it was doing so only to draw attention to easily compromised security systems that supposedly protect sensitive data. Think about it: rarely is the data itself of concern. It's always about who was sleeping on the job.

While the media and law enforcement feed the frenzy to identify and capture the hackers, perhaps we ought to pause for a moment and consider the message: if you're willing to take ownership of private data in the 21st century, you're also implicitly agreeing to protect it. Too many organizations are willing to do the former without taking enough steps to satisfy the latter.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

81 comments

Log in or register to join the discussion

It's important to raise awareness but in this case

We are spending too much time giving ink to what I consider to be 'criminal' activity, plain and simple.

Let the authorities do their jobs. It didn't take long to round them up.

Dietrich T. Schmitz, *~* Your Linux Advocate
27 June, 2011 07:50

Reply Vote
- RE: As LulzSec disbands, threats remain
 
 @Dietrich T. Schmitz, *~* Your Linux Advocate Lets pretend that our lax security is just fine! Everything is OK! Nothing to see, move along.
 
 /sarcasm
 
 Tommy S.
 27 June, 2011 08:27
 
 Reply Vote
 - LulzSec were very good to both society in general and security specifically
 
 @Tommy S.: ... They were like a vaccine.
 
 As to "threats remain" in the headline -- of course, since "Anonymous" group never said it is going to disband. And LulzSec members will just go back to act as Anonymous -- as they were before announcing LulzSec.
 
 DDERSSS
 27 June, 2011 10:24
 
 Reply Vote
 - RE: As LulzSec disbands, threats remain
 
 @Tommy S. Ok fine so make that the story and stop wasting the ink on Lulz Sec themselves. They didn't do anything heroic. If anything the information they released just put more people in danger as groups who may not have had the chops of the Lulz Sec script kiddies now have access to info they might not have had otherwise, internal server info which will lead to compromised data. Even if Lulz Sec didn't use the info for financial gain, and I think it is sheer lunacy to think they didn't do it for the money, someone else will now. So security is lax great, let's do a story about how lax security systems are and stop the mention of these criminal idiots. The whole tone of this article almost makes it sound as if these guys were doing us a favor. Forget that. They were a bunch of half weight script kiddy wannabe hackers who missed their boat by a decade.
 
 Str0b0
 27 June, 2011 12:05
 
 Reply Vote
 - RE: As LulzSec disbands, threats remain
 
 @Str0b0 Talking about security? Until their CC info is on the intarwebz most people dont give a crap about IT security. Why is every f***** site almost force you to have a log in?
 
 Im not saying that they are whitehat. I did laugh at the whole thing though. At least security investments might get some traction now. The last time we had to cry wolf (ZOMG Y2K will kill us all!!!) to get any money from the higher up. I hope people will start to sue everybody corporations that got hacked for a boatload of money so they learn the hard way. This is ridiculous. The whole web2.0/cloud computing thingy is built on sand. Its better to crumble now than in 10 years.
 
 And I studied some of their attacks and they are indeed script kiddies. So that imply that many script kiddies did the same before them, silently.
 
 Tommy S.
 27 June, 2011 14:12
 
 Reply Vote
 - RE: As LulzSec disbands, threats remain
 
 @Tommy S. Yep. These articles point out that our raw materials suck - something we need to know, before building an ark ("the cloud") out of them.
 
 cquirke
 28 June, 2011 02:43
 
 Reply Vote
 - RE: As LulzSec disbands, threats remain
 
 @Tommy S.
 Security will never be perfect. period.
 <a href="http://www.my-manhattanchiropractor.com">Manhattan Chiropractor</a>
 
 epark732
 26 September, 2011 15:41
 
 Reply Vote
 - RE: As LulzSec disbands, threats remain
 
 @Tommy S.
 Another great read. These articles and short informative pieces are always a delight to read and keep me coming back for more.
 <a href="http://www.my-lasvegaschiropractor.com">Las Vegas chiropractor</a> <a href="http://www.my-sanjosechiropractor.com">San Jose chiropractor</a> <a href="http://www.my-sacramentochiropractor.com">Sacramento chiropractor</a> <a href="http://www.my-sanfranciscochiropractor.com">San Francisco chiropractor</a> <a href="http://www.my-minneapolischiropractor.com">Minneapolis chiropractor</a> <a href="http://www.my-indianapolischiropractor.com">Indianapolis chiropractor</a>
 
 epark732
 4 October, 2011 15:49
 
 Reply Vote
 - Best article
 
 @Tommy S.
 This article is fantastic, LulzSec disbands may have announced its farewell; it's incredible! Thanks for this read mate. Well, this is my first visit to your blog!
 <a href="http://www.fuoristradausati.net">fuoristrada usati</a> .
 
 SirMio
 8 November, 2011 00:56
 
 Reply Vote
- RE: As LulzSec disbands, threats remain
 
 @Dietrich T. Schmitz, *~* Your Linux Advocate AFAIK they haven't been rounded up yet....
 
 Bucky24
 27 June, 2011 09:28
 
 Reply Vote
 - RE: As LulzSec disbands, threats remain
 
 @Bucky24 What about LULZSEC self proclaimed leader Anonymousabu? He disappeared and no one has been able to find him! How is that possible? les recomendamos los mejores <a href="http://www.preciolandia.com/ar/">Sitios de Compras</a> y <a href="http://www.preciolandia.com/mx/">Ventas baratas</a> en donde podran encontrar las mejores oportunidades de precios en Caracas, Venezuela, ms concretamente <a href="http://www.preciolandia.com/ve/">precios en Venezuela</a>. Ademas, si viven en Brasil encontraran la mejor <a href="http://www.preciolandia.com/br/">Loja Sao Paulo</a> y podran comprar en Chile y en <a href="http://www.preciolandia.com/cl/">Cuotas en Santiago</a> Si lo que buscas es comprar <a href="http://www.preciolandia.com/pe/">Barato en Per</a> o conseguir el mejor precio en celulares en los mejores <a href="http://www.preciolandia.com/uy/">mercadolibre uruguay</a>, no dejes de visitarnos en <a href="http://www.preciolandia.com/pa/">Panama</a>. Tambien tenemos sucursales en las mejores ciudades de Colombia <a href="http://www.preciolandia.com/co/">(Bogota, Cali, Barranquilla)</a> No dejes de conocer<a href="http://www.preciolandia.com/ar/">PrecioLandia</a>
 
 sudolar
 29 September, 2011 09:36
 
 Reply Vote
- RE: As LulzSec disbands, threats remain
 
 @Dietrich T. Schmitz, *~* Your Linux Advocate
 
 No, I think time needs to be devoted to this because a public that's more informed is a public better able to make decisions and hold its government and companies accountable. We spoke in another article's comment section about corporate accountability and a line after which a company can be held accountable for its breaches... You seemed to be supportive of that.
 
 In order to actually achieve that kind of accountability, the spotlight must continue to be shown on not only the activities of Anonymous but on what enabled these activities. That necessitates continuing coverage.
 
 snoop0x7b
 27 June, 2011 09:39
 
 Reply Vote
 - RE: As LulzSec disbands, threats remain
 
 @snoop0x7b ... Or listen to the many people who predicted the insecurity of clouds and the gatheriing of "everything" in one single place! Common sense pointed out everything that happened; they should have listened to the early comments about it.
 So far SONY has been pointed out as the dumbest of the cloud providers but bet there are a LOT of others just as dumb, who are still not doing anything to protect their clouds. I call it "dumb" because IMO it's an intentional ignorance of their part/s.
 
 tom@...
 27 June, 2011 10:55
 
 Reply Vote
- Can't round them up in other countries!
 
 @Dietrich T. Schmitz, *~* Your Linux Advocate That is what is so unfair - one or two naive and addicted kids get nicked and given some hideous "exemplary" punishment while hordes of hackers in far-away places (including Chinese government-led nuisances) get away scot-free. Defence at home must be our first priority.
 
 peter_erskine@...
 27 June, 2011 12:04
 
 Reply Vote
RE: As LulzSec disbands, threats remain

Well, when you sit around on your collective asses for the past 10+ years, not bothering to upgrade your infrastructure, bad things are bound to happen.

I think we'll be seeing an uptick in IT spending soon...

The one and only, Cylon Centurion
27 June, 2011 07:56

Reply Vote
- RE: As LulzSec disbands, threats remain
 
 @Cylon Centurion
 You can upgrade the security to your home like crazy and spend hundreds of thousands of dollars...and someone is still going to be able to break in.
 
 rengek
 27 June, 2011 10:35
 
 Reply Vote
 - RE: As LulzSec disbands, threats remain
 
 @rengek
 Absoluetly! And with proper reward, they WILL break in.
 
 tom@...
 27 June, 2011 10:57
 
 Reply Vote
 - They can't break in
 
 @rengek if you switch the modem or hub off whan youre not using it! Why do people leave their systems wasting power and open to attack even when they're not there?
 
 peter_erskine@...
 27 June, 2011 12:09
 
 Reply Vote
 - RE: As LulzSec disbands, threats remain
 
 @rengek Horsecrap. While you can't build a 100% secure system, since mathematically you have to have some probability for success, you can lock up a system tight enough that your average junior idiot from a group like Lulz Sec, who mostly use commonly available scripts and code rather than actually hack, will just beat his head against the wall trying to break in. Granted enterprise IT is a bigger challenge since you can always have a weak link in the chain vis a vis someone on your network ignoring common sense security but, with the right policies in place on a network it can stop people like Lulz Sec and Anonymous who show no proficiency whatsoever with coding and rely on pre-written scripts and commonly known exploits.
 
 Str0b0
 27 June, 2011 12:17
 
 Reply Vote
 - RE: As LulzSec disbands, threats remain
 
 @rengek Very true.. If the reward is there people will always find a weakness to exploit.
 <a href="http://www.barskareviews.com">barska reviews</a>
 
 krtinberg
 30 August, 2011 11:50
 
 Reply Vote