Thursday, June 16, 2011

LulzSec - Modern Day Robin Hoods?

I can't help but compare the LulzSec group to that of Robin Hood and his merry men.  Ditching the bows and arrows (and hopefully the green tights, I can't confirm), they've taken to the digital world of hacking.

As everyone is aware (or should be for that matter), LulzSec, the anonymous hacking group has been DDoSing web sites - CIA, Westboro, US Senate, and hacking into servers owned by Sony and Bethesda - to name a few.  What started out as an apparent crusade against large companies that made very public moves which the consumers didn't enjoy - Sony for example getting rid of the "OtherOS" feature in their PS3.  But after a few weeks that spread to government agencies and eventually the US Senate.

What I find interesting is that the types of hacks they're doing are pretty rudimentary against these large entities which we would assume had decent network security.  The most common are simple SQL injections which allows them to run any query which can grant them full access to a server.  What's even more alarming is that the data stored on these servers are not encrypted - usernames, passwords, private information - and they dump the data onto their own servers and are gone.

The public perception of LulzSec is that they're doing it to get back at big business and the government.  I'm not quite buying it.  After all, they did break into a company's web site who was offering a $10,000 prize for anyone/group to do so - they did and refused the reward.  Money aside, they really do appear to be doing it because they can and are making the hackee's look bad.  I'd assume tech people are starting to hate LulzSec but why?  If they are easily hacking into servers and taking information, your information, with relative ease, wouldn't you be upset with the company rather the hackers?  Such little concern is cared for when it comes to data and network security.

I really hope companies take a good hard look at their security practices, update them, and maintain.  Not enough emphasis can be put on that but over the years it was put on the wayside.  The only thing we can hope for is that these series of hacks do not bring about new legislature regarding privacy (read - Patriot Act for the Internet!).