• United States



Whatever, LulzSec

Jun 27, 20113 mins
Data and Information Security

LulzSec has called it quits after 50 days. But this stupid saga is far from over.

My colleague James Niccolai from The IDG News Service broke the news this way:

The computer hacking group LulzSec said it had ended its campaign of cyberassaults on government and corporate websites and that it was time for it to “sail into the distance.”

Its announcement came three days after LulzSec released its latest trove of internal documents, stolen from the Arizona Department of Public Safety computer network, and four days after U.K. police said they had made the first arrest of a man allegedly affiliated with the group.

Sign up today.

Get your morning news fix with the daily Salted Hash e-newsletter!

“Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind — we hope — inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love,” the group said in a post on the Pastebin website. “If anything, we hope we had a microscopic impact on someone, somewhere. Anywhere.”

LulzSec spent much of May and June attacking websites and computer networks of the U.S. Central Intelligence Agency, the U.S. Senate, the U.K.’s Serious Organised Crime Agency, the Brazilian government and the energy giant Petrobras, among others.

Some folks found this group amusing. I was not one of them.

In a couple earlier posts I suggested that LulzSec’s brand of fun falls short of the grown-up approach we need to improve security.

Call me humorless. Call me a moaner. I don’t care.

Companies that are lax on security need to be exposed, for sure. But the LulzSec approach wasn’t the way to do it.

When you attack someone for fun, all you do is contribute to the picture some execs have of security pros as young punks who care more about notoriety than about helping them secure their infrastructure.

When you attack someone to make a point, the results aren’t much better.

LulzSec may have folded, but don’t doubt for a second that the members are done with their games. They’ll be back in some other form, under some other name, with some other agenda.

We’re already seeing stories about LulzSec members joining forces with Anonymous.

This is the new normal, unfortunately.

–Bill Brenner

one-stop view of latest business threats. We created it for you! Bookmark it! Use it!

CSO’s Daily Dashboard gives you a