The security community and those who cover it -- myself included -- have some really macabre death watch games we like to play. We salivate over the prospect of someone declaring technologies dead: IDS, pen testing, SIEM.
Usually, these games are started by vendors who compete with the technologies they've declared dead.
When Fortify co-founder and chief scientist Brian Chess predicted that pen testing would be dead in 2009, he was speaking as someone who believed his company's products would render pen testing obsolete. It's 2012 and pen testing is alive and well. The earlier prediction that IDS was dead hasn't come to pass, either. eIQnetworks did more of the same last year when it predicted the death of SIEM. The vendor considers its SecureVue platform superior to SIEM technology; the next step in the evolution of security technology, really. Fewer SIEM users means more potential customers for them. I don't fault them for wanting it to be this way. But wishing something dead rarely makes it so.
I think there's a connection between the technology death watch and what's happening today in the coverage of hacktivism. Today, I posted an article from one of our sister sites on CSO called "Reborn LulzSec claims hack of dating site for military personnel." It began:
"A group of hackers claiming to be the reborn Lulz Security (LulzSec) took credit for an alleged compromise of MilitarySingles.com, a dating website for military personnel, and the leak of over 160,000 account details from its database."
The "reborn" part caught my eyes. To be fair, the attackers in this case are calling themselves that. But I think we in the media are in danger of getting trapped in a game of dead or alive when it comes to LulzSec.
Back in late June, we had headlines loudly reporting the "retirement" of LulzSec after it's initial rampage, which included attacks against the CIA, the U.S. Senate, PBS and Sony. At the time I expressed skepticism in a post called "Whatever, LulzSec," in which I wrote that "this stupid saga" was far from over. Sure enough, we now have the "reborn" LulzSec.
This post is my word of caution to fellow journalists, analysts and commentators: We run a risk in this atmosphere of launching a new death watch game with equally fruitless results. We shouldn't get too caught up in the life and death of these groups. They will always go on extended rampages, quiet things down and then ramp back up again a few weeks or months later.
That's how it goes when you're dealing with decentralized groups with plenty of loose cannons in the membership.
That's also why all the recent arrests -- where some of us speculated on whether we were witnessing a "death blow" to LulzSec and Anonymous -- are not the end of the story.