Laughing at Your Security System

What is the best way to explain the consequences of cyber attacks? Through an example, and the perfect example for 2013's cyber crime of the year is Lulzsec. “The Independent” reveals details about the major computer crime that took place recently (from the time that this was written); on Wednesday May 15, 2013 within the cyberspace community. The article states that four alleged young men, a part of the infamous British computer hackers named LulzSec, were successful in hacking the “high profile global corporations” “News International, Sony, Nintendo, FBI, and CIA” (Johnathan 2013). 

Through their efforts, they were able to   attain “sensitive data” such as credit card numbers, passwords, private customer details, etc. as a way to prove their hacking abilities. The group’s main goal, as described by “The Independent”, was to publically demonstrate their hacking abilities and become notorious in their efforts (Johnathan 2013). Hence their name “LulzSec”- from the internet terms Lulz and Sec; Lulz meaning laughs and Sec referring to security (Tabuchi 2011).  These criminal attempts were accomplished in the bedrooms of these young men through highly sophisticated computers by controlling a “network of up to a million ‘zombie’ computers”. In other words, the young men were able to remotely login and access data from the customers directly from the network. The attacks were discovered when both FBI and CIA websites suffered a huge crash and decided to dwell further into the security breech (Johnathan 2013). 

Sony, lost the details and personal information of about 26.4 million customers (Ogg 2012). Unfortunately, the article only focuses on the effects LulzSec had on the security breech rather than the financial statistics of the companies’ losses. Lulz Security’s motto is “"The world's leaders in high-quality entertainment at your expense", "Laughing at your security since 2011"(Tabuchi 2011). Hence their main intentions, as it claims, are to embarrass high end companies by publically revealing their security system flaws; rather than using the sensitive data to commit other criminal offences (Pepitone 2011). In addition, because these companies were very powerful and well established, LulzSec’s security breech, to me, only seemed to help the companies rather than negatively affect them (Tabuchi 2012). For instance, their security breech only revealed the holes in today’s security systems. By bringing these holes to light, LulzSec helped the company identify the holes and improve them for a stronger system; and in my opinion, I think the companies took an excellent action in trying to identify and improve their security (Pepitone 2011).


In the case of this news articles, the companies that were affected were so large scale that it was only a matter of attempting to find the holes in their security and fixing them (Tabuchi 2012). LulzSec seemed to act as a “white hat” (term that refers to hackers that hack to test the strength of a security system for non-criminal reasons) for these companies to help them identify and fix their systems (Tabuchi 2012). But in the case of smaller organizations, through my past experiences, the companies I worked for used a couple of requirements and means for testing its products’ level of security. The three that stood out to me are- trying to identify and address the level of risk for a security hole, backing up our data at night, and of course creating a plan for what actions to take in the case of a security breech.  

Trying to identify an issue is important when you are trying to statistically reason what kind of threats can invade your software within cyberspace. This method is important in determining how strong your software is and how strong it needs to be in order for it to be trusted and used by public users, especially when it would be entrusted with users’ private details. Backing up company data, user data, user passwords, etc. from cyberspace into a virtual storage facility provided by a physical machine at night is a precaution that all engineers should be taking in regards to their work, because things can be deleted, manipulated, or in this case- stolen. It is always a good idea to back up important data so that you can recover it in the case anything happens to it. Creating a plan for continuing a business is very important after a security breech. You need to always have a plan as to what actions you can take to ensure the company can get back on its feet; this also helps you and your team to maintain a stable work environment. This last step is most important to me because if you are an IT company, security breaches always happen and the first question that is asked to the company is “what will you do next”. A company that has the next steps all planned out and prepared will most likely be able to maintain its customers as well as its finances in comparison to one that doesn’t. What’s important to the public and the customers is how the company will handle its security and what will it mean for its customers; a company that has a plan will have the power to reassure its partners/ customers. 

References

Johnathan, B. (2013, March 15). British lulzsec 'hactivists' caused websites to crash across the world for their own amusement. THE Independent. Retrieved from http://www.independent.co.uk/news/uk/crime/british-lulzsec-hactivists-caused-websites-to-crash-across-the-world-for-their-own-amusement-8617450.html

Ogg, Erica. "Hackers steal more customer info from Sony servers". CNET. Retrieved 3 June 2012.

Pepitone, Julianne (2 June 2011). "Group claims fresh hack of 1 million Sony accounts Money". CNN. Retrieved 3 June 2012.

Tabuchi, Hiroko (5 June 2012). "Nintendo Is Hit by Hackers, but Breach Is Deemed Minor". New York Times. Retrieved 5 June 2011.

Tabuchi, Hiroko (5 June 2011). "Who is LulzSec, Hacker of PBS? Are they hacking Sony again?". International Business Times. Retrieved 3 June 2011.