LulzSec bust a blow to Anonymous? Not so fast
Security experts say it's too early to tell how much damage has been done to the hacking groups that operate under the loose affiliation of Anonymous.
March 06, 2012 — CSO —
When an FBI official crowed to FoxNews earlier today that "We're chopping off the head of LulzSec," was there truth in the boast or just a bunch of hyperbole?
Clearly the agency chopped off something. As was widely reported, law enforcement agents on two continents arrested three top members of the computer hacking group and charged two more with conspiracy, based on evidence gathered by LulzSec's leader, who multiple sources said had been secretly working for the government for months, at least since his arrest last summer.
But security experts say it's too early to tell how much damage has been done to the hacking groups that operate under the loose affiliation of Anonymous.
Nick Selby, a Texas police officer and information security consultant, likens it to the U.S. government taking out Osama bin Laden. That was a severe blow to al Qaeda, but it did not eliminate the threat.
"The nature of these groups is that leaders are important and serve as role models, but the group itself is amorphous," he says.
Chet Wisniewski, senior security adviser at Sophos, says he thinks authorities may have "pretty well mopped up" LulzSec. "But they were a pretty small group. To say that they've put a real dent in the Anonymous movement -- we don't really know that yet."
And Graham Cluley, also of Sophos, wrote in a blog post, "It's cloud cuckoo land to believe that the hacktivist element of Anonymous will fall apart because of this."
Still, both Selby and Wisniewski say the damage could be significant for several reasons:
First is a quote reported in the New York Times from Cole Stryker, an author who has researched Anonymous. According to Stryker, "Anonymous is a handful of geniuses surrounded by a legion of idiots."
To that, Rob Rachwald, writing on the Imperva Data Security Blog adds, "It seems the FBI is taking down the geniuses to paralyze the idiots."
Selby wants no association with Stryker's comment, but does say, "What is the barrier to entry for somebody who wants to be part of it? It's extremely low. It doesn't require massive technical skills -- just reasonable knowledge and a willingness to break the law."
Second, Wisniewski says among those arrested are some "strong leaders. I'm surprised they messed up. Some of them are really quite clever."
That, he says, sends a message that even the smart ones can get taken down.
Third is that, in the case of LulzSec, one of their own turned against them.