2:25 pm (UTC-7) | by Paul Ferguson (Senior Threat Researcher)
While everyone on the Internet seems to want to add commentary on the announced Lulzsec arrests today, I might as well jump in with my own thoughts on the matter.
While it is great to see those who break the law get brought to justice, I think there is a much larger issue underlying the growing Hacktivist phenomenon.
First, I think the more important message here, and that is that these arrest really don’t change the trajectory of Hacktivist attacks – the hackings & attacks will continue, and in fact they may even escalate.
Why? Because they can.
The underlying story here is this – it should not be so trivially easy for Hacktivists (or anyone else for that matter) to hack people’s networks.
These Hacktivists are – for the most part – not truly “professional criminals”. The real professional cybercriminals are still out there in Eastern Europe and China (and elsewhere), and they are not posting their pilfered data to Pastebin or announcing their purloined data caches on Twitter. I highly doubt that law enforcement, for the most part, will be able to properly identify these “professional” criminals, much less get them arrested, extradited, and prosecuted.
And while I think that most people want lawbreakers arrested, I think it is unrealistic to think that it will happen in anything approaching a majority of these cases. In fact, that may even be the wrong primary approach.
The real target here is the poor security posture, awareness, and operational practices of organizations around the world with regards to unauthorized access to their intellectual property, PII (Personally Identifiable Information), control systems, credit card data, and other valuable information & systems.
Sure, I’m glad these guys got arrested, but I think there is a much more important message here which is not being put forward – organizations are simply not doing a good enough job of protecting their assets.
There needs to be a much more holistic approach to this problem, and I’m not even exactly sure where to start – perhaps with the basics? There is a plethora of network and data protection practices which organizations can take to continue to “raise the bar” in the effort to change the odds in their favor. It is a continual assessment posture – a holistic security operational practice of the OODA Loop (observe, orient, decide, act) phenomenon, which is widely accepted combat practice geared towards “optimal situational awareness”.
What I really like about the OODA Loop reference model is that it forces organizations to do constant “care and feeding” of their security posture, observations, measurements, and adjustments.
Now, this may sound like a bunch of hooey, but this is actually a known successful security posture which has been advocated by network security professionals for over 20 years. The first thing you need to do, as an organization, is understand what your network looks like, properly segment & protect the assets according to their intrinsic value, and then constantly protect & monitor traffic which may indicate improper or unauthorized access.
I could go on about these concepts for many, many pages (and perhaps I will in a future white paper), but the bottom line is that, when you are connected to the Internet, there is no 100% security. The best you can do is continually “raise the bar”on protecting your assets, making it more & more difficult for your organization’s security to be penetrated.
No amount of Hacktivist arrests can do that job for you.
Share this article