Just a small reflection about the current Lulzsec stories…
They’re staying on top of news for a few weeks by successfully breaking in big organizations like Sony, the CIA, the US Senate and much more. They released thousands of stolen credentials… They posted a manifesto and admitted that, performing hacking is “entertaining“:
“Watching someone’s Facebook picture turn into a penis and seeing their sister’s shocked response is priceless. Receiving angry emails from the man you just sent 10 dildos to because he can’t secure his Amazon password is priceless. You find it funny to watch havoc unfold, and we find it funny to cause it. We release personal data so that equally evil people can entertain us with what they do with it.“
I was wondering why they do this “for free” while cyber-criminals are developing secret e-weapons to make huge profits? For a while, in conferences, books, interviews, lot of infosec professionals told us that the cyber-crime smoothly slided to a real business with a black market for credentials, personal data or credit cards numbers. Other attacks like Stuxnet showed that facilities are also targeted by the cyber-crime. The (good) times when script kiddies defaced websites by thousand is over. Really? Lulzsec proves that the five-minutes-of-fame could still be a valid motivation.
Another example: the “Anonymous“. This group was created in 2003 (!) but was back on stage a few months ago with the Wikileaks story. They attacked organizations (like Visa) which decided to not support this website anymore. The “Anonymous” are known as hacktivists. Wikipedia defines the term hacktivism as “the nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends“. To achieve this, they released a free tool very easy to use:
Is information security looping permanently? There were always script kiddies and hacktivists but why are they so active for a few months? Maybe we will see in a (near) future new groups with new leitmotiv like a “free-carbon” Internet. They will DDoS the most energy consuming data-centers? Who knows! On the other sides, a positive point is the demonstration of the low security applied in some big organizations! What do you think?