The King is Dead… Long Live the King
Lulz, the hacker group able to claim a number of high profile heads (Sony, Nintendo, Fox, the CIA and the United States Senate to name but a few), have announced they are disbanding. Good news, right? Errr - it is never quite so simple.
While they were operating, Lulz proved themselves to be a pretty formidable force. Their aims, they said, were pure: to show the world just how insecure cyber security really is. And they certainly achieved that, stomping on some of the biggest names on our planet. Then recently they themselves were attacked by a new hacker group calling themselves TeamPoison. TeamPoison defaced the website of Lulz, apparently being unhappy with the methods employed by Lulz to carry out their attacks, calling them a bunch of script kiddies, and then threatened to expose the Lulz core members to help organizations like the FBI come a' knocking. Some have suggested this played a huge part on the Lulz decision to disband.
Now I do see that it is harder to actually hack into a web site and access data than to perform a DOS (denial of service, where many thousands of automated requests from many different locations bombard a web site until it cannot cope any more) attack on a web site, and possibly more elegant too. Lulz employed both methods of course, using the former against Sony to access their customers' unencrypted data (shame on you, Sony). But then, to demonstrate some of their own capabilities, TeamPoison have published a great many names and phone numbers allegedly coming from the address book of Tony Blair, former prime minister of the UK.
I find this situation very similar to a scene in Jurassic Park III, where the Tyrannosaurus Rex was killed by the Spinosaurus - until then, everyone (at least I) assumed the T-Rex was the undisputed heavyweight: then something bigger and stronger came along.
We are now in the situation where disbanded Lulz members are forming new groups (or just going it alone), TeamPoison is at large and other groups are hovering out there too. It could be considered a very scary situation, but some good could come out of it too. These groups are showing us just how poor cyber security is and there is a lesson in it for all of us: organizations must step up to the mark and harden their defenses; individuals need to decide which data to have out in the public cloud, outside of their control, and for that data only chose trustworthy custodians. In that way, the entire internet could benefit from the undoubted skills of these hackers.
--
Image credit: scottchan
Follow Technorati