Homepage Sophos newsroom
Register as BUSINESS Register as PR AGENCY Register as JOURNALIST

Sophos to LulzSec - Grow up and get some moral spine!

Announcement posted by Sophos 16 Jun 2011

SOPHOS TO LULZSEC - GROW UP AND GET SOME MORAL SPINE!

The latest news from media-savvy "fun-hacking" crew LulzSec is that it has organised a Distributed Denial of Service attack (DDoS) against the cia.gov website, sporadically making it slow, unresponsive or inaccessible.

This is the latest in a slew of "hacks" mounted by the group, whose recent targets have been as mixed as its motivation is unclear. LulzSec has targeted Sony, the US Senate, an affiliate of the FBI, a range of online games, the CIA, and even PBS - the US public television network which gave the world Sesame Street. Take that, Elmo.

But why?

Paul Ducklin, who is Head of Technology, Asia Pacific, at computer security company Sophos, has one explanation. "DDoSsing the CIA's public website is about as intellectually interesting and important as a bunch of schoolboys boasting in the playground about who's got the hottest imaginary girlfriend," he says.

Ducklin adds that if you really must find a silver lining to what LulzSec is doing (and who knows whether LulzSec is 'he', 'she' or 'they'?), take heed that most of the website break-ins have been languorously orchestrated, using nothing more sophisticated than entry-level automatic web database bug-finding tools, available for free online.

In other words, LulzSec is a timely wake-up call to better security if you are still asleep at the security wheel. Your customers' data is important - both to them and to you.

But Ducklin insists that doesn't justify LulzSec's behaviour. "Time spent throwing bricks through other people's digital windows doesn't actually teach anyone anything about glassmaking, glazing or civil engineering," warns Ducklin.

"If you consider yourself a hacker and you have time to spare, grow some moral spine and use your skills for active benefit. Follow the lead of a guy like Johnny Long and hackersforcharity.org. I dare you to look at his site and decide that LulzSec is a more worthwhile cause."

---ends---

Paul Ducklin is available for comment: +61.407.320.515 or duck@sophos.com.