ANONYMOUS / LULZSEC /ANTI-SEC ARE DOING MORE GOOD THAN HARM !
I know, I know – I hear the howls of protest even before finishing this first sentence.
“What about all the innocent lives exposed by the irresponsible publication of peoples names in positions of authority or in sensitive roles. ?”
But where does the fault lie ? With those doing the breaking and entering? Or those not providing adequate protection?? It is liked leaving your house locked without an alarm system, going on holiday, and coming back and finding it broken into.
Don’t be surprised. You have no one to blame but yourself.
“ But these are criminals ! “ – I hear the sounds of self righteous chest thumping.
Maybe, but what they have done – I hope – is scare the s**t out of anyone who has anything (data) that is accessible via the Web - and into ensuring that their ‘security’ ( if any ) - is rapidly upgraded. This ranges from personal users who have Gmail accounts to corporations and Governments who are custodians over much of your and my personal data.
Who today has not heard of the hacking of SONY (and other gaming companies), RSA, IMF, Citi-Group, Lockheed Martin and myriad government agencies (particularly local police forces.) ?? (http://www.cio.com/article/687364/AntiSec_Hackers_Dump_Data_After_Hacking_Police_Websites?source=rss_security)
There must be millions of tweets every day carrying a story or an angle of yet more hacks / breaches, of yet more venerable institutions – by, invariably, the Anonymous/Lulzsec/AntiSec ( ALA) contingent (or their pretenders). Even the mainstream media is replete with such stories. Perhaps the exposure has been a little excessive and we are starting to suffer from ‘hacker’ fatigue. It is becoming a little tiresome.
Therein lies the danger.
Is the good ( yes – I think on balance the awareness raising is good ) not going to be diminished through the excessive exposure, the desensitization ( boiling frog syndrome ) and the resultant complacency?
That is my main concern. These ‘hacktivists’ are not the best marketers in the world and they have the habit of rubbing everyone up the wrong way. But their cause has merit.
Yes I believe that security practitioners and their clients should be raising their game or else run the risk of :
a) being embarrassed (largely the damage that has been caused) by the ALA’s; or
b) of actually being hacked by some serious bad guys and thereby incurring considerable economic damage.
What the ALA’s have shown is that the millions spent on security by Governments and Corporations has been spent badly. The security solutions out there particularly the so-called two-factor authentication solutions whether token or dongle based (OTP), java-script based, SMS based or even just password based are fundamentally flawed and it is time for a new evolution of authentication solutions. If your website is ‘protected’ by a user name and password or SSO / Open ID (or even one of the aforementioned) then you owe it to your customers and shareholders (citizens - in the case of Government agencies) to review your security.
Lest you becoming the laughing stock of Lulzsec.
Comments
Post a Comment