Security Blog

Your source for information security news and views.

Subscribe to feed Viewing entries tagged LulzSec

Hacking group gets their 'Lulz' thanks to poor security

Posted by Patrick Snyder
Patrick Snyder
Patrick Snyder has not set their biography yet
User is currently offline
on Thursday, 16 June 2011
in MyBlog

Lulz Security, a seemingly innocent name you may actually confuse for a legitimate security company, has rapidly been boosting their hacking reputation since early 2011. They have managed daily hacks on dozens of websites all across the internet and even managed to set up call forwarding attacks on many customer support lines. Some of the most notable being hacks of Sony, the US Senate, the FBI, and the CIA. Many of their attacks have been simple perimeter breaches of security, things that many security professionals should have secured a long time ago.

These hacks highlight the waste of time many security managers spend attempting to secure only their outer defenses. True security should live directly around your most precious assets. The security method deployed by most sites hit by LulzSec have been primarily perimeter based security. This type of security is like building a wall around your home yet leaving your doors unlocked and expecting only the wall to keep people out. As we can now see, that methodology is unacceptable and simply is not enough.

Though this group has caused some major disruptions in many networks they do not seem to have a truly malevolent motive in these attacks. They do not seem to be out for financial or political gain. As their tweets and even their name 'Lulz' (a reference to 'laughs') suggests, they are doing this simply for the entertainment and the sport of it. They have even been operating what I like to call a hack-by-request system where anyone is free to contact them with a target to be hacked. The truly surprising fact is that they have actually been able to hack nearly every target they are given whether it be a simple gaming forum or a high level government website. They are breaking through what should be the most secure websites on the internet using simple DDoS and packet flooding attacks.

Beyond exposing a lack of perimeter defenses their hacks have also brought to our attention many other security issues that most of us are still ignoring. Their hack on Sony revealed not only inadequate security defenses on Sony's part but also an astonishing amount of password reuse by users, which we all know is one of the most prevalent security flaws that exists.

Lets face it, these attacks have been happening for years and organizations have simply been able to keep quiet while sweeping the mess under the rug. LulzSec's public hacking escapade has finally brought these attacks to the attention of the general public. They are exposing many organization's security systems for what they really are, weak. There is no more ignoring our simple mistakes. It is time we all step up our security to the level it needs to be at in this world of cyber threats. This should be a true eye opener for security professionals. It may be your only chance to get things right before your information is truly at risk of theft and misuse that will indeed result in financial loss and legal liability.

Hits: 884 0 Comments