LulzSec Doing Public Service?

Melissa Bell at The Washington Post seems to believe that LulzSec is doing us all a great big favor by breaking the laws in multiple countries, breaching private networks, and posting sensitive information in publicly accessible sites.  “Laugh with them, or despise them, either way, they are, at the least, making a valid public service announcement: the web is an insecure space. Act accordingly.” Says the Post.

Laugh with them?  You know what, you are probably a real good, professional journalist there at the WP, and think that you are doing the right thing, either for your paper, the nation, or the general public.  But give your bloody head a shake, we can all stand the noise until whatever screw is loose inside there settles down and falls back into place.  I can hardly wait until YOUR webpage, network, personal computer and sensitive files are posted somewhere by these guys, or someone like them.  That would be a public service announcement too?  Doubt it.

Rather than sensationalizing what these CRIMINALS are doing, how about putting some thought into making the public aware of SOLUTIONS.  Why not do some RESEARCH and offer the public FREE INFORMATION about Information Security to lead them to the REAL lessons to be had here.

  • There are risks inherent in connecting to the Internet, and each of us should be aware of them.
  • The Internet is crawling with the same sorts of people as your apartment buildings, neighborhoods, cities, suburbs and parks.  Some are genuinely friendly, some are downright vicious, and it is very hard to tell the difference on the Internet.  Would you let just any of them randomly access your home at will?
  • There are precautions that each of us can and should take with our systems, accounts and online trust.
  • There are technical controls that each of us should be aware of and using; hardware firewalls, content filters, DNS filters, personal firewalls, sandboxes, spam filters, !!! and information !!!
  • It just takes one malware infected system to compromise an entire network, and all of the networks and systems that connect and trust that network.

If LulzSec and other hacking groups WANT to do some community and public service, they would privately contact the owners of the networks that are weak or vulnerable, and advise them of the weaknesses rather than exploiting them.  Once the vulnerabilities are exploited, the networks and systems compromised, the attackers’ motives and information can no longer be trusted.  They are acting with malice, and may have compromised other systems within these weak networks, maintaining unauthorized access, and doing other illegal misdeeds.

If the network and system owners don’t respond within a timely fashion, or don’t fix the issues after some given point in time, then the groups should post an advisory WITH NO SPECIFIC ATTACK or WEAKNESS DETAILS, publicly admonishing and shaming the company or organization.  The public would spank them well enough, encouraging them to be careful with what ultimately is THEIR information.  If they continue to ignore the warnings, they would lose customer trust and support, and would eventually be hacked as others become aware of the details.  At that point, they have almost asked for it.

LulzSec and groups like them are acting irresponsibly, and Washington Post is reporting irresponsibly by hyping these criminals, and pinning Robin Hood like mystique to their criminal actions.  Nothing personal, but I hope that you become a target, Melissa, for educational purposes only, however I suspect that views like mine that are polar to the attackers are more likely to solicit their attention.

Just my 2¢…

Advertisements

2 thoughts on “LulzSec Doing Public Service?

  1. Hey, Mark! It’s Melissa here. Saw your post on Twitter. I hope neither of us are attacked, as the attacks are, as you say, seriously compromising to private networks. Our tech blog at the Post has been doing a great job informing folks about Lulz Sec (http://www.washingtonpost.com/blogs/faster-forward). My post was just to playfully remind folks about the insecurity online. I think your suggestion of a good list of steps to take to protect networks would be a great post, though. If you’d like to help me out with some ideas, would love to hear them. I can be reached at [EMAIL REMOVED] All best, Melissa

  2. Hi Melissa, and thanks for taking the time to post. I would welcome the opportuntiy to share information, as that is the purpose of this blog. I too hope that people get the message, I just hope it can be delivered in a legal, understandable and actionable way rather than as it is now. I would love to see some metrics on effectiveness, though. It always has been risky, but is becoming very hostile lately on the Internet.

    The actual steps necessary to secure a particular network would take more than a single post. Every environment has unique applications and exposed vulnerabilities. The basic steps that every computer user should take can be found in corporate security policies, here on this blog, and just about any similar blog on the Internet itself.

    Cheers, and stay safe,
    Mark

Comments are closed.