As LulzSec disbands, threats remain

As LulzSec disbands, threats remain

Summary: Hacktivist group LulzSec officially disbands, but the threats are far from over. Should organizations begin addressing the problem, or continue chasing the solution?

SHARE:
TOPICS: Security
76

The hacker group Lulz Security may have announced its farewell, but a New York Times report noted on Sunday that the threat of attack is far from over.

Well, duh.

According to "security experts" quoted in the article, major cyberattacks -- such as on the websites of the C.I.A., U.S. Senate or global tech company Sony -- will continue as splinter groups and copycats try to emulate LulSec's "revolution."

Sound familiar? Trade the name "LulzSec" for "Al Qaeda" and you can accurately describe the American military campaign in Afghanistan: a ragtag group of government irritants that fragments and heads underground, creating an environment that can only be described as "Whack-a-Mole."

Most reports I've read about the LulzSec incidents demonstrate that there exists concern that a single actor could take down a system -- no organized group necessary.

But let's get real: has that ever not been the case?

It's clear to me that headlines screaming about the goose chase surrounding LulzSec or the larger group Anonymous hide two real stories:

  1. Many large security systems are not robust enough to withstand the efforts of a determined professional;
  2. Large companies don't want to admit this fact.

The first point is one of concern for any tech professional working at a major company; after all, security measures should be as robust as the data they're protecting is sensitive.

But the second point is provocative because, as we've seen thus far, most LulzSec attacks are somewhat politically motivated -- that is, they're always trying to make a point, and not just rifling through people's digital homes for the sake of it.

On more than one occasion, LulzSec has indicated post-hack that it was doing so only to draw attention to easily compromised security systems that supposedly protect sensitive data. Think about it: rarely is the data itself of concern. It's always about who was sleeping on the job.

While the media and law enforcement feed the frenzy to identify and capture the hackers, perhaps we ought to pause for a moment and consider the message: if you're willing to take ownership of private data in the 21st century, you're also implicitly agreeing to protect it. Too many organizations are willing to do the former without taking enough steps to satisfy the latter.

Topic: Security

Andrew Nusca

About Andrew Nusca

Andrew Nusca is a former writer-editor for ZDNet and contributor to CNET. During his tenure, he was the editor of SmartPlanet, ZDNet's sister site about innovation.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

76 comments
Log in or register to join the discussion
  • It's important to raise awareness but in this case

    We are spending too much time giving ink to what I consider to be 'criminal' activity, plain and simple.

    Let the authorities do their jobs. It didn't take long to round them up.
    Dietrich T. Schmitz, *~* Your Linux Advocate
    • RE: As LulzSec disbands, threats remain

      @Dietrich T. Schmitz, *~* Your Linux Advocate Lets pretend that our lax security is just fine! Everything is OK! Nothing to see, move along.

      /sarcasm
      Tommy S.
      • LulzSec were very good to both society in general and security specifically

        @Tommy S.: ... They were like a vaccine.

        As to "threats remain" in the headline -- of course, since "Anonymous" group never said it is going to disband. And LulzSec members will just go back to act as Anonymous -- as they were before announcing LulzSec.
        DDERSSS
      • RE: As LulzSec disbands, threats remain

        @Tommy S. Ok fine so make that the story and stop wasting the ink on Lulz Sec themselves. They didn't do anything heroic. If anything the information they released just put more people in danger as groups who may not have had the chops of the Lulz Sec script kiddies now have access to info they might not have had otherwise, internal server info which will lead to compromised data. Even if Lulz Sec didn't use the info for financial gain, and I think it is sheer lunacy to think they didn't do it for the money, someone else will now. <br><br>So security is lax great, let's do a story about how lax security systems are and stop the mention of these criminal idiots. The whole tone of this article almost makes it sound as if these guys were doing us a favor. Forget that. They were a bunch of half weight script kiddy wannabe hackers who missed their boat by a decade.
        Str0b0
      • RE: As LulzSec disbands, threats remain

        @Str0b0 Talking about security? Until their CC info is on the intarwebz most people dont give a crap about IT security. Why is every f***** site almost force you to have a log in?

        Im not saying that they are whitehat. I did laugh at the whole thing though. At least security investments might get some traction now. The last time we had to cry wolf (ZOMG Y2K will kill us all!!!) to get any money from the higher up. I hope people will start to sue everybody corporations that got hacked for a boatload of money so they learn the hard way. This is ridiculous. The whole web2.0/cloud computing thingy is built on sand. Its better to crumble now than in 10 years.

        And I studied some of their attacks and they are indeed script kiddies. So that imply that many script kiddies did the same before them, silently.
        Tommy S.
      • RE: As LulzSec disbands, threats remain

        @Tommy S. Yep. These articles point out that our raw materials suck - something we need to know, before building an ark ("the cloud") out of them.
        cquirke
      • RE: As LulzSec disbands, threats remain

        @Tommy S.
        Security will never be perfect. period.
        <strong><a href="http://www.my-manhattanchiropractor.com">Manhattan Chiropractor</a></strong>
        epark732
      • RE: As LulzSec disbands, threats remain

        @Tommy S.
        Another great read. These articles and short informative pieces are always a delight to read and keep me coming back for more.
        <strong><a href="http://www.my-lasvegaschiropractor.com">Las Vegas chiropractor</a></strong> <strong><a href="http://www.my-sanjosechiropractor.com">San Jose chiropractor</a></strong> <strong><a href="http://www.my-sacramentochiropractor.com">Sacramento chiropractor</a></strong> <strong><a href="http://www.my-sanfranciscochiropractor.com">San Francisco chiropractor</a></strong> <strong><a href="http://www.my-minneapolischiropractor.com">Minneapolis chiropractor</a></strong> <strong><a href="http://www.my-indianapolischiropractor.com">Indianapolis chiropractor</a></strong>
        epark732
      • Best article

        @Tommy S.
        This article is fantastic, LulzSec disbands may have announced its farewell; it's incredible! Thanks for this read mate. Well, this is my first visit to your blog!
        <a href="http://www.fuoristradausati.net">fuoristrada usati</a> .
        SirMio
    • RE: As LulzSec disbands, threats remain

      @Dietrich T. Schmitz, *~* Your Linux Advocate AFAIK they haven't been rounded up yet....
      Bucky24
      • RE: As LulzSec disbands, threats remain

        @Bucky24 What about LULZSEC self proclaimed leader Anonymousabu? He disappeared and no one has been able to find him! How is that possible?<br>les recomendamos los mejores <strong><a href="http://www.preciolandia.com/ar/">Sitios de Compras</a></strong> y <strong><a href="http://www.preciolandia.com/mx/">Ventas baratas</a></strong> en donde podran encontrar las mejores oportunidades de precios en Caracas, Venezuela, ms concretamente <strong><a href="http://www.preciolandia.com/ve/">precios en Venezuela</a></strong>.<br>Ademas, si viven en Brasil encontraran la mejor <br><strong><a href="http://www.preciolandia.com/br/">Loja Sao Paulo</a></strong> y podran comprar en Chile y en <strong><a href="http://www.preciolandia.com/cl/">Cuotas en Santiago</a></strong><br>Si lo que buscas es comprar <strong><a href="http://www.preciolandia.com/pe/">Barato en Per</a></strong> o conseguir el mejor precio en celulares en los mejores <strong><a href="http://www.preciolandia.com/uy/">mercadolibre uruguay</a></strong>, no dejes de visitarnos en <br><strong><a href="http://www.preciolandia.com/pa/">Panama</a></strong>. Tambien tenemos sucursales en las mejores ciudades de Colombia<br><strong><a href="http://www.preciolandia.com/co/">(Bogota, Cali, Barranquilla)</a></strong><br>No dejes de conocer<a href="http://www.preciolandia.com/ar/">PrecioLandia</a>
        sudolar
    • RE: As LulzSec disbands, threats remain

      @Dietrich T. Schmitz, *~* Your Linux Advocate

      No, I think time needs to be devoted to this because a public that's more informed is a public better able to make decisions and hold its government and companies accountable. We spoke in another article's comment section about corporate accountability and a line after which a company can be held accountable for its breaches... You seemed to be supportive of that.

      In order to actually achieve that kind of accountability, the spotlight must continue to be shown on not only the activities of Anonymous but on what enabled these activities. That necessitates continuing coverage.
      snoop0x7b
      • RE: As LulzSec disbands, threats remain

        @snoop0x7b ... Or listen to the many people who predicted the insecurity of clouds and the gatheriing of "everything" in one single place! Common sense pointed out everything that happened; they should have listened to the early comments about it.
        So far SONY has been pointed out as the dumbest of the cloud providers but bet there are a LOT of others just as dumb, who are still not doing anything to protect their clouds. I call it "dumb" because IMO it's an intentional ignorance of their part/s.
        tom@...
    • Can't round them up in other countries!

      @Dietrich T. Schmitz, *~* Your Linux Advocate That is what is so unfair - one or two naive and addicted kids get nicked and given some hideous "exemplary" punishment while hordes of hackers in far-away places (including Chinese government-led nuisances) get away scot-free. Defence at home must be our first priority.
      peter_erskine@...
  • RE: As LulzSec disbands, threats remain

    Well, when you sit around on your collective asses for the past 10+ years, not bothering to upgrade your infrastructure, bad things are bound to happen.

    I think we'll be seeing an uptick in IT spending soon...
    The one and only, Cylon Centurion
    • RE: As LulzSec disbands, threats remain

      @Cylon Centurion
      You can upgrade the security to your home like crazy and spend hundreds of thousands of dollars...and someone is still going to be able to break in.
      rengek
      • RE: As LulzSec disbands, threats remain

        @rengek
        Absoluetly! And with proper reward, they WILL break in.
        tom@...
      • They can't break in

        @rengek if you switch the modem or hub off whan youre not using it! Why do people leave their systems wasting power and open to attack even when they're not there?
        peter_erskine@...
      • RE: As LulzSec disbands, threats remain

        @rengek Horsecrap. While you can't build a 100% secure system, since mathematically you have to have some probability for success, you can lock up a system tight enough that your average junior idiot from a group like Lulz Sec, who mostly use commonly available scripts and code rather than actually hack, will just beat his head against the wall trying to break in. Granted enterprise IT is a bigger challenge since you can always have a weak link in the chain vis a vis someone on your network ignoring common sense security but, with the right policies in place on a network it can stop people like Lulz Sec and Anonymous who show no proficiency whatsoever with coding and rely on pre-written scripts and commonly known exploits.
        Str0b0
      • RE: As LulzSec disbands, threats remain

        @rengek Very true.. If the reward is there people will always find a weakness to exploit.
        <a href="http://www.barskareviews.com">barska reviews</a>
        krtinberg