• United States



Attacking PBS? Now that’s just mean

May 31, 20113 mins
Data and Information Security

Pardon my sarcasm this morning, but I want to point out a few reasons Lulz Sec’s assault on PBS is particularly cruel:

One is that they chose to deface a PBS NewsHour blog to “announce” that murdered rappers Tupac Shakur and Biggie Smalls were still alive and living in New Zealand.

In my opinion, NewsHour is one of the few respectable, useful news outlets left on the planet. Just about everyone else is too obsessed with loud graphics, drama and all other things infotainment to properly deliver the news anymore. NewsHour is one of the last holdouts against this sad trend.

Also disturbing was that they couldn’t even post fake news that would be believable. Seriously, if you were Tupac or Biggie, would you really pick New Zealand for your exile? Don’t get me wrong, it’s a great country. But I picture these guys hanging out somewhere a bit more “street.” Jim Morrison lounging in New Zealand is much more believable.

My other problem is that they chose to target the station that brings us “Sesame Street”, “Mr. Rogers” and “Word Girl”. Kids depend on those shows. How dare you sully their image by exposing PBS’ security weaknesses.

In fairness, I will make one exception: That show “Caillou” makes me crazy. I can’t stand it. My kids can’t stand it. Sullying his reputation a little was OK, though my nearly 3-year-old niece disagrees and wants someone’s head on a silver platter.

Sarcasm aside, there is a lesson in this and other recent attacks that should be as educational to the corporate world as “Sesame Street” is educational to small children:

No company is immune from attack. EVERYONE has vulnerabilities hiding in the network that could be exploited to damaging effect. Those who try to deny it are asking for trouble. Those who set out to have an unbreakable network will fail. Modern technology is a hopelessly complex beast.

As my fellow National Information Security Group (NAISG) board director Jack Daniel has told me many times over, security technology investments tend to me rendered useless by shoddy network configuration practices.

We don’t misconfigure these systems on purpose. Like I said, modern technology is complicated. Why we haven’t had bigger disasters up to this point is beyond me.

The antics of organizations like Lulz Sec show us just how vulnerable we all are.

That doesn’t mean I’m a fan of Lulz Sec. I’m not. I’d rather see these organizations finding flaws themselves with help from in-house and contracted security professionals. When someone from the outside exposes your weaknesses with pranks, the results are messy and uncomfortable.

As long as companies keep dropping the ball, their weaknesses will continue to be exploited for public ridicule like we’ve seen at PBS and elsewhere.

I’m not telling experienced security pros anything they don’t already know. But since these incidents keep happening, it’s obvious that corporate execs aren’t paying attention to their security people.

That needs to change.

Otherwise, expect these embarrassing pranks to continue — and for your customers to get hurt in the process.

–Bill Brenner