Is Security Looping Permanently Like Fashion?

Goto 10Just a small reflection about the current Lulzsec stories…

They’re staying on top of  news for a few weeks by successfully breaking in big organizations like Sony, the CIA, the US Senate and much more. They released thousands of stolen credentials… They posted a manifesto and admitted that, performing hacking is “entertaining“:

Watching someone’s Facebook picture turn into a penis and seeing their sister’s shocked response is priceless. Receiving angry emails from the man you just sent 10 dildos to because he can’t secure his Amazon password is priceless. You find it funny to watch havoc unfold, and we find it funny to cause it. We release personal data so that equally evil people can entertain us with what they do with it.

I was wondering why they do this “for free” while cyber-criminals are developing secret e-weapons to make huge profits? For a while, in conferences, books, interviews, lot of infosec professionals told us that the cyber-crime smoothly slided to a real business with a black market for credentials, personal data or credit cards numbers. Other attacks like  Stuxnet showed that facilities are also targeted by the cyber-crime. The (good) times when script kiddies defaced websites by thousand is over. Really? Lulzsec proves that the five-minutes-of-fame could still be a valid motivation.

Another example: the “Anonymous“. This group was created in 2003 (!) but was back on stage a few months ago with the Wikileaks story. They attacked organizations (like Visa) which decided to not support this website anymore. The “Anonymous” are known as hacktivists. Wikipedia defines the term hacktivism as “the nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends“. To achieve this, they released a free tool very easy to use:

Anonymous DDoS Tool
(Click to enlarge)

Is information security looping permanently? There were always script kiddies and hacktivists but why are they so active for a few months? Maybe we will see in a (near) future new groups with new leitmotiv like a “free-carbon” Internet. They will DDoS the most energy consuming data-centers? Who knows! On the other sides, a positive point is the demonstration of the low security applied in some big organizations! What do you think?


One comment

  1. 2 minutes of philosophy … life is a cycle so are the peoples; this reminds me the (g)old time of software piracy and wars between Angels and Paradox; Defjam and BS1 (Bamiga Sector One) … etc etc … some wanted to be famous … their nickname well knows on the scene! And at the end … they were caught by the police. But the real ones always stayed behind; busy doing their business. By the way it seems 1 Lulz has been caught in UK 😉

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.