LulzSec, Anonymous and hacktivism: Crappy security has caught up with us

We're pawns in this new game of Internet attack one-upmanship. You know it won't end well. But we watch anyway as we realize that our security procedures have been a joke for years.
Written by Larry Dignan, Contributor on

What happens when the CIA, Senate, various gaming sites, Citibank and a bevy of others are hacked on a regular basis by various groups with one-liners on Twitter and no formal organization? You lose confidence in the Internet and the data passing through it.

My confidence in Internet security---not that there was much in the first place---is looking like a wall made of Swiss cheese. We've known for years that our collective security policies---personal, enterprise, consumer and otherwise---were lax. Nearly every piece of software we use has some vector to exploit. Every site that touches a server is vulnerable. Even those fancy security fobs from RSA can be had. And don't get us started on passwords.

We can write about hacks, patches, vulnerabilities and attacks until our fingers fall off. In the end, we're all pawns as groups like LulzSec bring down sites for giggles. And LulzSec can be quite entertaining. I'd be a liar if I didn't note that the group has made me chuckle a few times. Now we're in this vicious cycle. LulzSec brings down the CIA site and says:

Tango down---cia.gov---for the lulz.

Media attention ensues in bunches. LulzSec rinses your shabby security procedures and repeats. LulzSec even starts a hotline.

It's all good fun. Until it isn't. Simply put, we're pawns in this new game of Internet attack one-upmanship. You know it won't end well. But we watch anyway.

The not-so-amusing thing is that all this attention will lead to more legislative and regulator scrutiny and probably break a few good---yet security clueless---brands. As noted previously, the European Union stepped up its sentences for folks caught attacking critical infrastructure. That's a tough-sounding step that's totally fruitless. How exactly is the EU going to catch these attackers?

LulzSec is a spin-off of Anonymous, which has pulled off more than its share of attacks. Anonymous is a spin off from 4chan users. Good luck tracking those folks down. And you thought China hackers poking around various U.S. sites was worrisome. At least we can find China on a map.

Rest assured, legislators in the U.S. will follow the EU's lead. There will be tougher sentences and Congressional hearings about these attacks. With any luck, the Senate can keep its site running long enough to Webcast the proceedings.

In the end, the only thing that'll fend off attacks is better security---something that hasn't been built into the Internet or anything attached to it. When it comes to security, our infrastructure is the mother of all fixer-uppers. Enterprises are increasingly looking into cyberattack insurance as a defense. That's a nice fallback, but shouldn't the first line of defense revolve around buttoning down the various holes in your Swiss cheese infrastructure?


Around the network:


Editorial standards