Melissa Bell at The Washington Post seems to believe that LulzSec is doing us all a great big favor by breaking the laws in multiple countries, breaching private networks, and posting sensitive information in publicly accessible sites. “Laugh with them, or despise them, either way, they are, at the least, making a valid public service announcement: the web is an insecure space. Act accordingly.” Says the Post.
Laugh with them? You know what, you are probably a real good, professional journalist there at the WP, and think that you are doing the right thing, either for your paper, the nation, or the general public. But give your bloody head a shake, we can all stand the noise until whatever screw is loose inside there settles down and falls back into place. I can hardly wait until YOUR webpage, network, personal computer and sensitive files are posted somewhere by these guys, or someone like them. That would be a public service announcement too? Doubt it.
Rather than sensationalizing what these CRIMINALS are doing, how about putting some thought into making the public aware of SOLUTIONS. Why not do some RESEARCH and offer the public FREE INFORMATION about Information Security to lead them to the REAL lessons to be had here.
- There are risks inherent in connecting to the Internet, and each of us should be aware of them.
- The Internet is crawling with the same sorts of people as your apartment buildings, neighborhoods, cities, suburbs and parks. Some are genuinely friendly, some are downright vicious, and it is very hard to tell the difference on the Internet. Would you let just any of them randomly access your home at will?
- There are precautions that each of us can and should take with our systems, accounts and online trust.
- There are technical controls that each of us should be aware of and using; hardware firewalls, content filters, DNS filters, personal firewalls, sandboxes, spam filters, !!! and information !!!
- It just takes one malware infected system to compromise an entire network, and all of the networks and systems that connect and trust that network.
If LulzSec and other hacking groups WANT to do some community and public service, they would privately contact the owners of the networks that are weak or vulnerable, and advise them of the weaknesses rather than exploiting them. Once the vulnerabilities are exploited, the networks and systems compromised, the attackers’ motives and information can no longer be trusted. They are acting with malice, and may have compromised other systems within these weak networks, maintaining unauthorized access, and doing other illegal misdeeds.
If the network and system owners don’t respond within a timely fashion, or don’t fix the issues after some given point in time, then the groups should post an advisory WITH NO SPECIFIC ATTACK or WEAKNESS DETAILS, publicly admonishing and shaming the company or organization. The public would spank them well enough, encouraging them to be careful with what ultimately is THEIR information. If they continue to ignore the warnings, they would lose customer trust and support, and would eventually be hacked as others become aware of the details. At that point, they have almost asked for it.
LulzSec and groups like them are acting irresponsibly, and Washington Post is reporting irresponsibly by hyping these criminals, and pinning Robin Hood like mystique to their criminal actions. Nothing personal, but I hope that you become a target, Melissa, for educational purposes only, however I suspect that views like mine that are polar to the attackers are more likely to solicit their attention.
Just my 2¢…