Why We Secretly Love Lulzsec
By Patrick Gray
Originally posted here
So far the “hacker group” has penetrated systems owned by Sony, PBS, the “FBI affiliate site” Infragard, Black and Berg Cyberdefense, Unveillance and Nintendo, among others.
They’re posting proprietary developer code. They’re bringing back Tupac and Biggie. They’re advising Nintendo on more secure httpd configurations. And they’re issuing funny press releases via Twitter and Pastebin.
In the last few weeks these guys have picked up around 96,000 Twitter followers. That’s 20,000 more than when I looked yesterday. Twitter has given LulzSec a stage to show off on, and showing off they are.
The Internetz, largely, are loving it.
It might be surprising to external observers, but security professionals are also secretly getting a kick out of watching these guys go nuts.
I wrote my first article on information security around May 2001. It was about the Sadmind worm and it ran on the letters page of the IT section of The Age newspaper in Melbourne.
“Geez,” I thought to myself. “If awareness isn’t raised about the unsuitability of these computamajiggies for srs bizness, we could encounter some problems down the track.”
So for the last ten years I’ve been working in media, trying to raise awareness of the idea that maybe, just maybe, using insecure computers to hold your secrets, conduct your commerce and run your infrastructure is a shitty idea.
No one who mattered listened. Executives think it’s FUD. They honestly think that if they keep paying their annual AV subscriptions they’ll be shielded by Mr. Norton’s magic cloak.
Security types like LulzSec because they’re proving what a mess we’re in. They’re pointing at the elephant in the room and saying “LOOK AT THE GIGANTIC FUCKING ELEPHANT IN THE ROOM ZOMG WHY CAN’T YOU SEE IT??? ITS TRUNK IS IN YR COFFEE FFS!!!”
There is no security, there will be no security. The horse has bolted, and it’s not going to be the infrastructure that’s going to change, it’s going to be us.
LulzSec is running around pummelling some of the world’s most powerful organisations into the ground… for laughs! For lulz! For shits and giggles! Surely that tells you what you need to know about computer security: there isn’t any.
The mainstream media are having fun criticising Sony for its poor security, but do we honestly think for a second that the XBox Live network can’t be similarly pwnt? (I know the PSN breach hasn’t been pinned on LulzSec, but the point stands.) Is there any target out there that can’t be “gotten”?
State-sponsored attackers, likely Chinese, have even wormed their merry way through the networks of the US military industrial complex, buggering off with the blueprints for the next Lockheed Martin death-ray-lasermatron or similarly diabolical, geo-strategically altering super-weapon.
Yay! Human rights abusers with US-designed military technology! w00t w00t!
Thanks, RSA. <3
Don’t even get me started on them. As BlackHat organiser turned US Department of Homeland Security advisor Jeff Moss Tweeted yesterday, “When I heard RSA had a shiny new half million dollar HSM to store seed files I wondered where had they been stored before”.
We’re relying on these boneheads to lock down our most sensitive R&D? Shoot me now.
What about privacy? Oh, well that’s out the window too. Did you hear Facebook has facial recognition now? Great, huh? Plus the bloatware that is Facebook’s Web application is full of bugs anyway, so we really do just have to assume all our Facebook accounts are pwnt. Our telcos are owned, our mobile devices track us, as the iPhone/Android tracking scandal showed us. Privacy is dead.
So why do we like LulzSec?
“I told you so.”
C'mon, people! It doesn't get much more obvious than this!
Inside job. This is bullshit! #jadedexposure (@jadedexposure) is in on the whole thing! As much I admire the crazy little squirrel dude at trition dot org I'm sad to admit, he too is in on the Lulz.
@JadedSecurity knows my e-mail and identity were compromised shortly after I began working with Black & Berg, yet he is selling T-shirts with my soc on it? Give me a fucking break.
Ligatt press release was faked, set up, framed, dismissed.
Adrian Lamo set up, framed, blamed on aspergers. Totally irrelevant.
Joseph Black "WE ARE LULZ. Shhhhhhhhhhhhhhhhh!"
Well no fucking shit! You could have told me before the whole world started hacking the shit out of every corner of the world wide web of deception.
This is a total set up, and I sick and tired of being exploited.
We all have vulnerabilities. At least I'm not profiting by exploiting yours!
PUT THESE PEOPLE IN PRISON!
That's my daily dose.
June 23, 2011 8:50 am