Friday, March 9, 2012

Hackers Hooked: Some of Them, Anyway

" 'Lulzsec hackers' arrested in international swoop"
Technology, BBC News (March 6, 2012)

"Seven alleged hackers based in the US, UK and Republic of Ireland have been charged with crimes related to computer attacks said to have affected 'over one million victims'.

"The FBI said that five of the men were involved in the group Lulzsec, while a sixth was a 'member' of Antisec.

"It said that Lulzsec's 'leader' Hector Xavier Monsegur had pleaded guilty in August to 12 criminal charges....

"...The bureau said that Mr Monsegur - also known as Sabu - had admitted involvement in cyber attacks against the media groups Sony Pictures Entertainment, Fox Broadcasting Company and the Public Broadcasting Service (PBS) among others...."

How bad could this be - really? After all, it looks like the victims are Big Businesses. The Lemming will skip the usual stuff about corporate greed, oppressed classes, and the rest. You've heard it all before, anyway.

Good Morning, Information Age

A hundred years ago, hacking into networks run by large companies wouldn't have made a bit of difference in the lives of ordinary folks. Mainly because there weren't any computer networks to be hacked into.

That was then, this is now.

Large corporations use contemporary information technology to store data about folks who do business with them - which includes a whole lot of folks all across the economic spectrum. Some of the data may not be as important as, say, access codes to bank accounts. It's a little hard to imagine how lives would be disrupted as a result of X Factor contestant data getting stolen.

On the other hand, little things can add up. Particularly in a world that's increasingly interconnected. And where an increasing share of the 7,000,000,000 or so folks have Internet access - or know someone who does.

Contestant Data, a Porn Site, America's Congress, and All That

"Hackers claiming to be part of Lulzsec said they had carried out or have been linked to the following attacks:"
  • May 7: US X Factor contestant database
  • May 10: Fox.com user passwords
  • May 15: Database listing locations of UK cash machines
  • May 23: Sonymusic Japan website
  • May 30: US broadcaster PBS. Staff logon information
  • June 2: Sonypictures.com user information
  • June 3: Infragard website (FBI affiliated organisation)
  • June 3: Nintendo.com
  • June 10: Pron.com pornographic website
  • June 13: Senate.gov - website of US Senate
  • June 13: Bethesda software website. User information
  • June 14: EVE Online, League of Legends, The Escapist and others
  • June 16:'Technical disruption' to the website of the CIA
  • June 20: The website of the UK's Serious Organised Crime Agency (Soca) taken offline by denial of service attack
    (Source: BBC News)
The BBC article doesn't say, but presumably these dates are all in 2011.

Customers with data on Nintendo.com probably didn't appreciate having their data fiddled with: but life would probably still go on, even if every customer of a giant like Nintendo lost data they'd entrusted to the entertainment company.

The American Congress, now: that lot is supposed to be running this country, so there might have been serious consequences.

The same goes for networks used by the FBI, CIA, and Soca. Not that they're running any countries - conspiracy buffs notwithstanding - but the Lemming thinks that data used by national law enforcement might be more important than access codes for online games. But that's just the Lemming's opinion.

But - remember that we're living in a very interconnected world, and a big one. Get enough folks spending time unscrambling entertainment accounts, instead of going about their normal routines: and you've got the potential for some fairly large-scale consequences.

Visa, Mastercard, Paypal, and a 124-Year Sentence

"...According to the court papers Mr Monsegur formed Lulzsec last May. It said he acted as a 'rooter', identifying vulnerabilities in victim's computer systems.

"Alongside other recruited hackers he is also alleged to have attacked the US Senate, the cyber security firm Unveillance, Visa, Mastercard and Paypal.

"The FBI said he faced a maximum sentence of more than 124 years in prison if found guilty of all counts...."

That's 124 years, maximum, if found guilty: Mr. Monsegur will probably serve substantially less time. From his point of view, that's a sort of 'worst-case scenario.'

Is doing time for a dozen decades overkill for this sort of offense? That's a good question. It looks like Mr. Monsegur did an awful lot of damage - spread out over a whole lot of people, but still an awful lot of damage.

Whether or not the sentence is 'fair' or not: the Lemming hopes someone has the sense to make sure that Mr. Monsegur doesn't have Internet access while he's a guest of the legal system.

No Sudden Shortage of Hackers

"...Trend Micro's director of security research, Rik Ferguson, added that while this might mark the end of Lulzsec, it would be premature to say the same about Anonymous.

" 'Anonymous is a very different organisation to Lulzsec and other more closely linked groups - anyone can and does act in the name of Anonymous and their activities do not require individual hacker publicity or disclosure of personally identifiable details,' he said.

" 'The very fact that Sabu became the "celebrity" he was, illustrates the real difference between Lulzsec and Anonymous.

" 'I think the hackers we really need to worry about are those that trusted no-one and sought no glory in the first place.'..."

It would be nice if someone could wave a magic wand, and make everybody want to be nice to everybody else. Or, not.

Actually, the Lemming would be very, very, concerned if someone could do that. The situation could make Orwell's "Nineteen Eighty-Four" look like a Sunday school picnic, in comparison. And that's another topic.

It's somewhat reassuring to see another set of arrests. The Lemming's not being vindictive: it's a relief to see that law enforcement is taking 'cybercrime' seriously. It's also, in the Lemming's opinion, good that the legal codes in America and the United Kingdom now take late-20th-century information technology into account.

Will there be other hack attacks? Almost certainly. But it looks like folks are starting to take the issue seriously - and that's a good thing.

Related posts:

No comments:

Unique, innovative candles

Visit us online:
Spiral Light CandleFind a Retailer
Spiral Light Candle online store

Pinterest: From the Man Behind the Lemming

Top 10 Most-Viewed Posts

Today's News! Some of it, anyway

Actually, some of yesterday's news may be here. Or maybe last week's.
The software and science stuff might still be interesting, though. Or not.
The Lemming thinks it's interesting: Your experience may vary.
("Following" list moved here, after Blogger changed formats)

Who Follows the Lemming?

WebSTAT

Family Blogs - Blog Catalog Blog Directory