Who Hacks the Hacks?
Thursday, June 23, 2011
If you pay attention to news about the internet, and about security, you may be aware of two groups:
Anonymous
and
Both have recently had members arrested by law enforcement after attacks on high profile targets.
In the case of Lulzsec, The Sun have pitched in. A chap by the name of Ryan Clearly got himself arrested, having been identified variously as a "criminal mastermind" - largely by the red top press. The Sun proceed to do a hatchet job on the lad, who currently has quite a lot to be miserable about.
The Sun says that Lulzsec have been involved in hitting targets that were supposed to have been secure and security conscious. Like Sony, who lost several million sets of customer details. They have also struck at law enforcement. The point is, you are supposed to trust these companies and organisations. Lulzsec have been attempting to demonstrate that this trust may be misplaced.
Ryan has been given a thorough slating by The Sun. They have sought to depict him as some kind of consistently dazed idiot, and therefore as harmless. They are suggesting that we have nothing to fear from hackers like Ryan, because a hapless teenager cannot possibly be a threat and should not be taken seriously.
It's not a bad point. Ryan's current claim to fame is that he's all over the Sun news paper for inhaling lighter fuel, which is one of the dumber ways to make yourself feel good that I've ever heard of. He's clearly an idiot. The Guardian, however, shows what Lulzsec have been up to.
It's a scarier read, which one would expect from a newspaper for grownups.
So why minimize Ryan? A boy who was only caught because he made the mistake of counting coup on the wrong people, since it appears he may have been turned in by members of the hacker community (who allegedly posted his contact details online). The Police claim that the arrest is significant, and you can bet they will be using whatever means they can to extract names and locations of other lulzsec members in the hope that the hacking group will collapse. Since it took law enforcement a day or so to get the SOCA website back up, you can see why they might be giving this matter a lot of attention.
However...admitting that Ryan might actually be dangerous (see how the article says he would sit in his room, a room that contains two (!!) computers, when other normal people were smoking spliffs, as if the use of a computer is what makes him a freak) would mean admitting that other members of lulzsec have power, and may also be kids. If kids are able to take the best efforts of adult professionals and kick them over or break them down, we have to admit that these people have power on a similar level to an agency or government.
There are things to keep in mind. Firstly, Ryan got caught because he was an ass.
The same is true of the recent Anon. arrests - Spanish authorities picked up some kids who had downloaded, installed and deployed Anon's favourite DoS weapon, the Low Orbit Ion Cannon. And they had done so without the proper understanding of how to effectively cover their tracks. These were not hackers, these were Scriptkiddies who saw some instructions on 4Chan and decided, in the way that kids do, to do something stupid because it was cool or funny at the time.
The people who organize and who do the real hacking will take a much more concerted effort to catch, if they are caught at all.
Be that as it may, you might remember that The Sun is a News International newspaper. It's owned by Murdoch, who also owns The News of the World. The News of the World was recently in the press because of a phone hacking scandal.
Now, at the time I seem to remember NoTW hacks claiming that the information they had illegally accessed was in the public interest.
Does this mean that hacking is OK when you're a News International "journalist", but not if you're a teenager?
Speaking entirely personally, while it's difficult to condone the actions of Lulzsec it is important that we recongnise the service they perform. Our institutions do not take IT security seriously. DoS attacks are survivable and certainly should be one of the easier forms of attack to deal with. A high profile organisation, particularly one that is involved in government work or Regnum Defende, needs to be better at this. Particularly given what China is alleged to have been up to.
Read more...