LulzSec Disbands, but Don't Expect Lulls in Hacking [Update]
After 50 days of breaking into corporate and government networks and then releasing user identities, passwords, code, and other technical details, the group of hackers that called itself LulzSec announced that it would quit. It may be a reaction to the arrest of an alleged LulzSec member in London.
Then again, the group denied that the person was a member. It also started a disinformation campaign to pretend a CIA affiliation. And so on. Ultimately, hacking becomes a circle of confusion and deception. Governments, corporations, and non-profits can only be sure of one thing: that hacking will go on regardless of how it's organized -- or disorganized -- with virtually any organization a potential target.
How hacking works
To focus on such groups as LulzSec or Anonymous is to greatly misunderstand how hacking works. Think of LulzSec as a pick-up team for a game of basketball. An ad-hoc team sees what it can accomplish, works out strategies for the immediate term, and maybe scores some baskets. And then its members go their separate ways, because the association was never meant to be permanent.
Not all efforts are so transitory. Some hacking groups last a decade or longer.
Furthermore, hackers have a wide variety of interests and goals. Some want to promote stronger security, and so breach systems and publish the results to force attention on security issues. LulzSec claims to have been part of the anti-sec movement, which had meant opposing the dissemination of unknown vulnerabilities and the malicious types that profited from doing so.
Others, like Anonymous, tend more to the so-called hacktivist model, in which they attack companies they perceive as opponents of people or principles they support. There are the criminal hackers, like the ones that recently breached more than 360,000 Citigroup credit card accounts, with 3,400 customers losing $2.7 million in authorized purchases. (The bank will reimburse the customers, as it must under U.S. law.) And then, sometimes hacking becomes duels between rivals.
Companies and organizations should realize there is no single model to guard against and no shortage of people, whether technically astute experts or so-called script kiddies that use ready-made hacking tools, who are ready to cause damage. To decide that security is an expense that can be trimmed without consequence -- a new lawsuit alleges this attitude caused Sony's security problems -- is short-sighted.
[Update: It sounds as through LulzSec members will gain greater anonymity through Anonymous and continue their exploits without skipping a beat.
Related:
- New Cloud Problem: Botched Fed Raids
- Citi Drags Feet on Data Breach. Send in the Regulators!
- How Quickly Can You Hack the PlayStation Network Again? Try 2 Days
- Cloud Computing: Can't Anyone Play This Game?
Erik Sherman is a widely published writer and editor who also does select ghosting and corporate work. The views expressed in this column belong to Sherman and do not represent the views of CBS Interactive. Follow him on Twitter at @ErikSherman or on Facebook.
Twitter FacebookDisclaimer: The copyright of this article belongs to the original author. Reposting this article is solely for the purpose of information dissemination and does not constitute any investment advice. If there is any infringement, please contact us immediately. We will make corrections or deletions as necessary. Thank you.
