On Lulz Security

Over the last few days I have kept an eye on the latest exploits of the new-born “cybercrime star” that mainstream media and individual bloggers have depicted so vividly as one of the biggest threats to megacorporations and public organizations alike.

What struck me the most was the fact that almost everybody seemed to actually miss the big picture. On the one hand, the merry fellows at Lulz Boat describe themselves on their Web site as “a small team of lulzy individuals who feel the drabness of the cyber community is a burden on what matters: fun”, while their Twitter account clearly states that LulzSec is comprised of “the world’s leaders in high-quality entertainment at your expense”. (Pardon me, but am I the only one here to notice their irony?)

On the other hand, if we were to assess the legitimacy of their exploits, both the general public and quite a few laws would have them put on APB for cybercrime acts. Moreover, despite the fact that so far LulzSec hasn’t made any profit from the data that the “boat” compromised, chances are that someone actually banks on their discoveries, which, one way or another, will probably make the guys accessories to some other serious cybercrimes.

However, the point in these stories should be sought elsewhere. Am I the only one noticing that large public and private organizations, namely NHS, Nintendo or Sony (considered the victims in this case) didn’t bother too much about crucial details such as customer data storage and security? Sure, in a perfect world, no one would have ever thought of injecting SQL codes into these (and probably other) organizations’ Web forms. But in our imperfect world, someone actually gave it a try. This time, the author happened to be LulzSec, but it could have been any other group or individual. And this incident could equally have happened three or six or twenty four months later instead of now.

Don’t get me wrong, I’m not trying to take sides in this story, I’m just appealing to common sense in something that has to do with computer and data security. Actually, what I’m trying to say is that if you negligently carry your wallet in your back-pocket and sooner or later someone snatches it, you kind of have to take your share of the blame.

Safe surfing everybody!

P.S.: It is interesting though to see what was LulzSec’s motivation in hacking NHS. According to their twitter account, it has something to do with #Alicebucketlist, a list of all doable things that Alice Pyne, a 15-years old girl from Ulverston suffering from final stage cancer has put up.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.