Tuesday, June 21, 2011

LulzSec and the State of Security

Well, the skiddies sure have been busy, haven't they? Starting with Sony's Playstation Network, to (supposedly) the entire UK 2011 Census, LulzSec has appeared over and over again in the news.

It was announced that a 19-year old mastermind has been arrested in the UK. Well, that should do it, right?

Here's some thoughts about that.

  • It is pretty hard to claim that LulzSec even has a leader. They act more like a collective. Anyone can claim to be "LulzSec".
  • Most of the attacks have been easy. No "mastermind" is needed.
  • It is more likely that the active participants are among the least-sophisticated of hackers. They are just the noisiest.
Those aren't really important, though. What's important is that these vulnerabilities have always been there. LulzSec is only the first to admit that they got to this data. It is all too likely that groups or individuals who were more interested in the data than the publicity got there first.

It isn't as if there hasn't been ample discussion and warnings about security. I've been on the wrong side of expediency too often to believe that. The story is always the same: a variation of "we don't need to worry about that, we need to worry about shipping".

It is a shame that it all came to this, that it takes a bunch of kids using common tools to get past the denials and false assurances of these institutions in order to get the kind of attention that these issues deserve. There will be many innocent victims because institutions who have the resources and knowledge to be among the best failed their most basic function: keeping your money safe.

No comments:

Post a Comment