Thank You LulzSec, You Gave As Much As You Took

SecurityWorkspace

Lulz Security’s reign of terrier-like hacking has done the security industry a favour by showing how frail privacy really is, says Eric Doyle

Lulz Security has docked into a safe harbour and ended its 50 days of hacking mayhem. In a posting the group of six say goodbye to its “battlefleet” but the LulzSec members will probably be back in other guises.

“While we are responsible for everything that The Lulz Boat is, we are not tied to this identity permanently,” they wrote. “Behind this jolly visage of rainbows and top hats, we are people. People with a preference for music, a preference for food; we have varying taste in clothes and television, we are just like you.”

Thanks For All The Fizz

It may seem odd but I think they deserve a big thank you for shaking the security professionals out of their smug self-confidence. In a world where there is a rising threat from much more sophisticated and heavily-financed hackers working for mafia-style gangs and nation states, the inconvenience and embarrassment caused by LulzSec has started a reassessment of security and emphasised the weaknesses of username/password access and storing unencrypted customer data on Web-facing databases.

Hopefully, the trickle of solutions now appearing will turn into a flood. It’s just a pity that the publishing of the booty grabbed during the raids caused so much collateral damage for the trusting customers that logged their details with the unsecure organisations.

During the seven weeks of the Lulz Ship’s voyage, it attracted attention from other hacking groups. Some joined the “battlefleet” with LulzSec’s blessing while others shifted the blame onto them for hacks from which the six “fun-loving” shipmates would probably like to be dissociated.

There was also a spat with Team Poison, a rival group that threatened to “out” the LulzSec crew. Team Poison member Hex0010 told Fox News, “We’re here to show the world that they’re nothing but a bunch of script kiddies.”

However, Poison’s latest exploit is a hack an address book of ex prime minister Tony Blair. Apart from revealing Blair’s National Insurance number (assuming it’s real), the rest of the file is pretty dull – a collection of addresses and phone numbers for family members and business and political associates.

Tell Us Something We Don’t Know

Much of the material is freely available on the Web, including the 10 Downing Street phone number which turns out to be the press office – a number known to hundreds of journalists and one that can be found elsewhere on the Web.

The fact that Blair’s address book – wherever it was found – is hackable is hardly surprising, especially as we are all probably just as vulnerable. Ironically enough, I would suspect the average script kiddie could have hacked this one.

Publishing the details is irresponsible because it could put lives at risk, given Blair’s role in the Afghan and Iraqi wars. But even saying that gives it an importance it actually lacks as I managed to find most of the information elsewhere on the Internet. The publishing alongside this of the curriculum vitae of Katie Kay, his special advisor, just adds to the pointlessness.

Whether they realised it or not, the fun-loving LulzSec team (discounting the hangers-on) performed a public service by pointing out failings in the system but the Blair “revelation” is just a malevolent hack.

The database was actually downloaded last December but Team Poison only felt it necessary to publish it now – so who are the real attention seekers?

Read also :
Click to read the authors bio  Click to hide the authors bio