Why we secretly love LulzSec | Risky Business
June 8, 2011 —
Although large sections of the security community will deny it if you ask them, they’re secretly enjoying watching LulzSec’s campaign of mayhem unfold.
So far the “hacker group” has penetrated systems owned by Sony, PBS, the “FBI affiliate site” Infragard, security company (hah!) Unveillance and Nintendo, among others.
They’re posting proprietary developer code. They’re bringing back Tupac and Biggie. They’re advising Nintendo on more secure httpd configurations. And they’re issuing funny press releases via Twitter and Pastebin.
In the last few weeks these guys have picked up around 96,000 Twitter followers. That’s 20,000 more than when I looked yesterday. Twitter has given LulzSec a stage to show off on, and showing off they are.
The Internetz, largely, are loving it.
It might be surprising to external observers, but security professionals are also secretly getting a kick out of watching these guys go nuts.
I wrote my first article on information security around May 2001. It was about the Sadmind worm and it ran on the letters page of the IT section of The Age newspaper in Melbourne.
“Geez,” I thought to myself. “If awareness isn’t raised about the unsuitability of these computamajiggies for srs bizness, we could encounter some problems down the track.”
So for the last ten years I’ve been working in media, trying to raise awareness of the idea that maybe, just maybe, using insecure computers to hold your secrets, conduct your commerce and run your infrastructure is a shitty idea.
No one who mattered listened. Executives think it’s FUD. They honestly think that if they keep paying their annual AV subscriptions they’ll be shielded by Mr. Norton’s magic cloak.
Security types like LulzSec because they’re proving what a mess we’re in. They’re pointing at the elephant in the room and saying “LOOK AT THE GIGANTIC FUCKING ELEPHANT IN THE ROOM ZOMG WHY CAN’T YOU SEE IT??? ITS TRUNK IS IN YR COFFEE FFS!!!”