Cops' Crackdown on LulzSec Motivated by Embarrassment, Not Danger
Out of all the computer hackers in the world, the cops are fixated on Lulzsec. Not because they're the most dangerous but because they're the most embarrassing. They are also the most helpful. Priorities?
So far the group has by its own admission hacked: Sony (who hasn't?), the Central Intelligence Agency, the U.S. Senate, Nintendo, the U.K. Serious Organised Crime Agency and National Health Service, the online game Brink, the Brazilian government, PBS and Fox (a bipartisan organization). Some of these attacks have involved taking records, others have been denial of service attacks and still others have just messed with the appearance of websites. (My fave is the "Tupac lives" story on PBS.)
What it has not done - as best as can be determined - is used its skills or the information it has gathered for personal profit. LulzSec turned down a reward from the security firm Berg & Berg which offered $10,000 to anyone who could change a picture on its website. Once the picture was changed LulzSec left a message saying it was easy to do. "Keep your money, we do it for the lulz." (In case you don't know, lulz is cyber slang for laughs. Ask any teenager.)
All hackers are not created equal
Judging by its behavior LulzSec is acting in the manner of the classical definition of the word, "hack": Committing clever pranks or practical jokes. The group's activities all support its claim that it is mainly interested in demonstrating that most online security is laughable:
This is what you should be fearful of, not us releasing things publicly, but the fact that someone hasn't released something publicly. We're sitting on 200,000 Brink users right now that we never gave out. It might make you feel safe knowing we told you, so that Brink users may change their passwords. What if we hadn't told you? No one would be aware of this theft, and we'd have a fresh 200,000 peons to abuse, completely unaware of a breach.So why are the authorities so determined to get Lulz? Because they've been embarrassed, because so far they've failed to get the WikiLeak's loving Anonymous group and because -- as far as can be told -- they've failed to get any of the groups or people who are clearly making money from stealing information, i.e. criminals. (Whether Anonymous belongs in that last category is open to debate.)
Yesterday British police arrested Ryan Cleary, 19, and alleged he was a "significant" figure in LulzSec. The group responded in a post on its Twitter feed alleging that Cleary was not a member but, "We house one of our many legitimate chatrooms on his IRC server." Since then the media has been filled with reports that the arrest was part of an international crackdown on the group.*
Cleary is the sixth Brit arrested in connection with the recent hacking attacks. He joins five arrested in January on suspicion of being involved in Anonymous. None of them have been charged, which may indicate something about the strength of the government's case.
If the authorities around the world are going after LulzSec it is a waste of time and resources. These are better used going after actual threats (like groups extorting money from corporations) or maybe even improving computer security.
Photo: WikiCommons
*Because these are exactly the things you would expect these groups to say under the circumstances, it would be wise to take all these allegations with a lot of salt -- and some tequila. "It is hard to believe that a man is telling the truth when you know that you would lie if you were in his place." - H.L. Mencken
Related: