Security Analyst Explains Why We Love Lulzsec

Andy Chalk

One Flag, One Fleet, One Cat
Nov 12, 2002
45,698
1
0
Security Analyst Explains Why We Love Lulzsec


Patrick Gray of the Risky Business security podcast says many internet security professionals "secretly love" the ongoing antics of hacker group Lulzsec because it's forcing the public to come to grips with the sad state of online security.

The hacker collective that calls itself Lulzsec has made an awful lot of noise in recent days, hacking Sony, Nintendo, PBS and the security firm Black & Berg [http://www.blackbergsecurity.us/]. The last attack came in response to a challenge from senior security consultant Joe Black, who offered a prize of $10,000 and a job with his company to anyone who could do it. By all appearances the group was able to pull off the attack with relative ease, but it nonetheless declined the prize. "Done, that was easy," it wrote in a message that, at last check, was still on the site. "Keep your money, we do it for the lulz."

Victims of such attacks probably don't find it very funny but according to Gray, it's not just "the Internetz" who are having a laugh watching Lulzsec do its thing. "It might be surprising to external observers, but security professionals are also secretly getting a kick out of watching these guys go nuts," he wrote in an article entitled "Why We Secretly Love Lulzsec [http://risky.biz/lulzsec]."

"For the last ten years I've been working in media, trying to raise awareness of the idea that maybe, just maybe, using insecure computers to hold your secrets, conduct your commerce and run your infrastructure is a shitty idea," he continued. "No one who mattered listened. Executives think it's FUD. They honestly think that if they keep paying their annual AV subscriptions they'll be shielded by Mr. Norton's magic cloak."

But where op-eds and consultancy papers have failed, the very public beat-down delivered to the PlayStation Network in April has, at least in terms of attracting attention, been a smashing success. For those who have been preaching to empty houses about the need for tighter online security, that's great news.

"Security types like LulzSec because they're proving what a mess we're in. They're pointing at the elephant in the room and saying, 'LOOK AT THE GIGANTIC F*CKING ELEPHANT IN THE ROOM ZOMG WHY CAN'T YOU SEE IT??? ITS TRUNK IS IN YR COFFEE FFS!!!'" he wrote. "There is no security, there will be no security. The horse has bolted, and it's not going to be the infrastructure that's going to change, it's going to be us."

He noted that the popular response to the PSN attack has been to heap scorn upon Sony but claimed that such an attack could, and still can, happen to anyone. He also pointed out that "state-sponsored hackers, likely Chinese," have even been able to break into networks belonging to major U.S. military-industrial corporations and make off with sensitive information.

"LulzSec is running around pummeling some of the world's most powerful organizations into the ground... for laughs! For lulz! For shits and giggles!" he added. "Surely that tells you what you need to know about computer security: there isn't any."

As for "senior security advisor" Joe Black, his day just kept getting worse. The attention drawn to his site by the Lulzsec attack led to the rather awkward revelation that Black is, to put it bluntly, a fake. "Jaded Security [http://attrition.org/postal/asshats/joe_black/] website reported. "Unfortunately, real security guys are the only ones who actually read Attrition, and Joe Black was able to continue in his path to self-proclaimed 'Security God'." The site noted that while Black claims to be working on his Masters in Security Management, he actually withdrew from every course he was enrolled in back in January 2009, and there are also some apparently-important security certifications missing from his CV.

That's some pretty serious lulz right there.



Permalink
 

WanderingFool

New member
Apr 9, 2009
3,991
0
0
So basically, we should look at all that Lulzsec is doing, and be happy that they are doing it for lulz, as anybody else could be doing it with far more evil intentions...

Well, im not going to be as annoyed by stories of these guys anymore...
 

puffenstuff

New member
Jan 31, 2008
65
0
0
Yes Yes Yes. So far Lulzsec has embodied true hacker ethos. They will wreck a company's shit but not to steal or hurt customers. Instead they just prove that they can break the system. In the long run hackers like these make the systems we use more secure and I am glad to see that some security professionals get it.
 

DustyDrB

Made of ticky tacky
Jan 19, 2010
8,365
3
43
We love LulzSec? No I don't. They can fall in a pit of snakes.
 

iLikeHippos

New member
Jan 19, 2010
1,837
0
0
I do not find his reasoning persuading me. I still find Lulzec kind of immature, for I am a highly sophisticated and preserved citizen, huff huff.

But seriously, they are just... Posers to me.
 

Low Key

New member
May 7, 2009
2,503
0
0
So that's why I am having such a laugh at all of this. I'm in college for IT security. I guess this means I'll have a job open to me when I finish. :)

It sucks to see customers of these business suffer, and I know it doesn't seem like it, but trust me when I say it's for the greater good. Wouldn't you rather know your data is secure rather than trust a company that doesn't even have an operating firewall? I know I would.

Take this with a grain of salt if you must, but there are a few easy ways to protect yourself from hackers even when these companies can't.

Step 1: Always use HTTPS in your browser rather than HTTP. Most sites don't use SSL certificates (which is retarded, sorry Escapist, looking at you), but utilizing the sites that do use them is best.

Step 2: NEVER, I repeat, NEVER use your day to day credit card for online transactions, ever. Go out and get a prepaid credit card if you must purchase something online.

Step 3: I wouldn't trust online banking with my name, let alone my account numbers. Avoid it at all costs. If you must use it, only use it at home (you never know who is running Wireshark over wifi), but don't expect these banks to keep your data safe.

Only YOU can protect YOU. If you think all of these companies give a fuck about anything more than their bottom line, you are delusional.
 

IndianaJonny

Mysteron Display Team
Jan 6, 2011
813
0
0
At least some [//www.mod.uk/DefenceInternet/DefenceNews/DefencePolicyAndBusiness/ArmedForcesMinisterRespondingToCyberWar.htm] are catching on. In light of the recent focus on 'cyberterrorism', the cyberwarfare branch of the Ministry of Defence are one of the few areas where funding is not only safe but is also likely to be increased in the near future.
 

puffenstuff

New member
Jan 31, 2008
65
0
0
Jonny49 said:
In a way this reminds me of a play I did for drama, Accidental Death of an Anarchist. Probably because of the shits and giggles lulzsec seem to get from doing stuff to annoy people.

I can see his point, but that doesn't mean I dislike them any less for the PSN outage.
FYI Lulzsec != Whoever did the PSN attack. At least they are most likely different groups.
 

-Samurai-

New member
Oct 8, 2009
2,294
0
0
See, the thing about security is; If people didn't do illegal things and break into places they aren't supposed to be in, to take things that aren't theirs, we wouldn't need security.
 

Fwee

New member
Sep 23, 2009
806
0
0
Patrick Gray was way off on his idea why I'm a fan of Lulzsec, but that's just his guess.
Personally I just like the fact that there's these people out in the information world just wreaking havoc with big companies. How many people get messed with every day by these businesses?
It's almost like the new Robin Hood, except instead of stealing money from the rich and giving to the poor it's just petty revenge and lulz.
 

LunarCircle

New member
Nov 10, 2009
44
0
0
I agree with Mr. Gray. If people are entrusting their personal info to companies, said companies better damn well make sure it's as secure as possible. Hopefully this will also get the general public to take online security seriously (no more using the same password for every login, etc).

What I'm not hopeful about is company execs taking this as a more serious issue. Most likely they'll whine to legislatures and bribe (aka: "lobby") to get more draconian legislation passed.
 

Jonny49

New member
Mar 31, 2009
1,250
0
0
puffenstuff said:
Jonny49 said:
In a way this reminds me of a play I did for drama, Accidental Death of an Anarchist. Probably because of the shits and giggles lulzsec seem to get from doing stuff to annoy people.

I can see his point, but that doesn't mean I dislike them any less for the PSN outage.
FYI Lulzsec != Whoever did the PSN attack. At least they are most likely different groups.
I swear I read somewhere they took responsibility for it...

I might just be going crazy.
 

puffenstuff

New member
Jan 31, 2008
65
0
0
Jonny49 said:
puffenstuff said:
Jonny49 said:
In a way this reminds me of a play I did for drama, Accidental Death of an Anarchist. Probably because of the shits and giggles lulzsec seem to get from doing stuff to annoy people.

I can see his point, but that doesn't mean I dislike them any less for the PSN outage.
FYI Lulzsec != Whoever did the PSN attack. At least they are most likely different groups.
I swear I read somewhere they took responsibility for it...

I might just be going crazy.
Not entirely crazy. Lulzsec did the attack on Sony Pictures in the wake of the PSN fiasco but was not, to the best of my knowlege, involved in the PSN outage.
 

Low Key

New member
May 7, 2009
2,503
0
0
-Samurai- said:
See, the thing about security is; If people didn't do illegal things and break into places they aren't supposed to be in, to take things that aren't theirs, we wouldn't need security.
You go ahead and tell people who do crimes not to do them anymore and see how that works out.

The world isn't flowers and butterflies. The people who tend to do this sort of stuff are the down and out individuals in third world countries, which, if they can steal your information to buy a product and resell it, means they'll get to eat a decent meal for a week or so or pay rent so they don't have to live in the streets. Same goes for most of the people who commit physical crimes. It is their last option.
 

zehydra

New member
Oct 25, 2009
5,033
0
0
Fwee said:
Patrick Gray was way off on his idea why I'm a fan of Lulzsec, but that's just his guess.
Personally I just like the fact that there's these people out in the information world just wreaking havoc with big companies. How many people get messed with every day by these businesses?
It's almost like the new Robin Hood, except instead of stealing money from the rich and giving to the poor it's just petty revenge and lulz.
I dunno, why don't you tell me how many people get messed with every day by Sony?