Monday, June 27, 2011

The Ugly Set Sail For Fail? - LulzSec Forced to Hang Up Their Spurs or Walk the Plank

There are two kinds of spurs, my friend. Those that come in by the door; those that come in by the window. - Tuco (The UGLY)
LulzSec, aka Lulz Security, announced that they were retiring after a 50 day rampage through the digital world. Many have speculated that the digital noose was tightening around them and their high profile antics and brags were coming to an end. So better leave the party before the punch is finished? Or were they forced to leave the party by the bouncers or other digital attendants who were one better than them?

As hackers, LulzSec had the bravado of Tuco from "The Good, the Bad and the Ugly" and seemed to be in a constant Mexican Standoff with the authorities that be. But its seems their gunslinging techniques were limited to just two rather simple hack methods that most school children armed with keyboards could have carried out:

1) SQL injections (pronounced "sequel" and maybe the inspiration for constant repeat attacks)
2)DDoS or Distributed Denial-of-Service

SQL injections are the digital equivalent of figuring out that a certain type of window is easy to break with stones and constantly going after them. The solution against such attacks is rather simple by maintaining up-to-date versions of SQL and installing them properly.

DDoS is not even really a "hack", but more of an annoyance. It's as if you got the whole town to prank call your Math teacher at the same time, so that no one can reach them. The solution is once again rather simple and involves better distributed hosting infrastructure.

As the noose tightened around LulzSec and their ugliness, and their identities exposed by better armed gunslingers, they were forced to walk the plank. Does the story of LulzSec end here like the Hacking for Girliez of 1990s and NY Times fame? Or will the authorities start to round them up one by one, with all their accessories to crime?

The key takeaway for most companies is to be proactive when it comes to security policies and never to underestimate the hackers out there. It is always better to one-up them when it comes to best practices and adopt stronger measures than that conventional wisdom dictates. After all there probably will be a flood of copycat and SeQueL attacks in the not so distant future.

No comments:

Post a Comment