LulzSec, Anonymous and hacktivism: Crappy security has caught up with us

What happens when the CIA, Senate, various gaming sites, Citibank and a bevy of others are hacked on a regular basis by various groups with one-liners on Twitter and no formal organization? You lose confidence in the Internet and the data passing through it.

My confidence in Internet security---not that there was much in the first place---is looking like a wall made of Swiss cheese. We've known for years that our collective security policies---personal, enterprise, consumer and otherwise---were lax. Nearly every piece of software we use has some vector to exploit. Every site that touches a server is vulnerable. Even those fancy security fobs from RSA can be had. And don't get us started on passwords.

We can write about hacks, patches, vulnerabilities and attacks until our fingers fall off. In the end, we're all pawns as groups like LulzSec bring down sites for giggles. And LulzSec can be quite entertaining. I'd be a liar if I didn't note that the group has made me chuckle a few times. Now we're in this vicious cycle. LulzSec brings down the CIA site and says:

Tango down---cia.gov---for the lulz.

Media attention ensues in bunches. LulzSec rinses your shabby security procedures and repeats. LulzSec even starts a hotline.

It's all good fun. Until it isn't. Simply put, we're pawns in this new game of Internet attack one-upmanship. You know it won't end well. But we watch anyway.

The not-so-amusing thing is that all this attention will lead to more legislative and regulator scrutiny and probably break a few good---yet security clueless---brands. As noted previously, the European Union stepped up its sentences for folks caught attacking critical infrastructure. That's a tough-sounding step that's totally fruitless. How exactly is the EU going to catch these attackers?

LulzSec is a spin-off of Anonymous, which has pulled off more than its share of attacks. Anonymous is a spin off from 4chan users. Good luck tracking those folks down. And you thought China hackers poking around various U.S. sites was worrisome. At least we can find China on a map.

Rest assured, legislators in the U.S. will follow the EU's lead. There will be tougher sentences and Congressional hearings about these attacks. With any luck, the Senate can keep its site running long enough to Webcast the proceedings.

In the end, the only thing that'll fend off attacks is better security---something that hasn't been built into the Internet or anything attached to it. When it comes to security, our infrastructure is the mother of all fixer-uppers. Enterprises are increasingly looking into cyberattack insurance as a defense. That's a nice fallback, but shouldn't the first line of defense revolve around buttoning down the various holes in your Swiss cheese infrastructure?

Related:

• Lulz Security hackers launch telephone request line
• United States Senate has been hacked by Lulz Security
• 26,000 email addresses and passwords leaked. Check this list to see if you’re included.
• Anonymous hackers target Spanish police website
• Infamous hacker group Anonymous pays the Indian cyberworld a visit
• Nintendo becomes latest server hack victim of Lulz Security
• Sony hacked again, another 1m passwords exposed
• Mitnick: Lulzsec ‘quite bold’

• CNET: Who's behind these hacks?
• CBS News: LulzSec vs the world: Hackers just having fun?