Another day and another round of news headlines about the hacker collective calling itself LulzSec.
Today there were two main headlines relating to the UK. The first, and possibly most serious, was a reported claim that LulzSec had gained access to the UK 2011 Census and was preparing to make all the data (i.e. huge amounts of citizen private information) available over file sharing sites.
The UK’s Office and National Statistics and Lockheed Martin are racing to check if hacker group LulzSec has gotten its hands on this year’s census data.
This appears to be the result of a posting on Pastebin from an anonymous individual(s) claiming to be LulzSec. Despite the initial response, and the claims from the UK ONS and Lockheed Martin that they were investigating, it seems that if any attack has happened, it wasnt LulzSec. As reported later by The Register, LulzSec claim that because they didnt boast about the attack on their Twitter feed, it wasnt them.
On a related topic, the Met Police arrested a 19 year old in Essex for “hacking” offences and it was quickly reported that he was linked to LulzSec – including some reports describing him as the “leader” of the collective.
A teenager has been arrested in the UK in a joint Scotland Yard and FBI probe into the hacking of websites.
and
It says the teenager’s computer was being examined for data linked to Sony, which recently came under cyber attack.
and
Earlier a Scotland Yard spokesman said: “The arrest follows an investigation into network intrusions and distributed denial of service attacks against a number of international business and intelligence agencies by what is believed to be the same hacking group.
While it may be a while before the PR storms subside and we can find out the truth about this persons involvement with LulzSec (if any), it is interesting that the massive and sustained compromise of a multinational corporations security was carried out by an 19 year old from Essex rather than the often cited international crime gangs or state sponsored groups.
The sad reality is that hackers will always try to penetrate systems. If you are a big company you are a bigger target but any internet facing system will be probed – almost constantly. As the quote goes, the attacker only has to succeed once, the defender has to do it ever time.
Security is important. It requires effort and expenditure but can still be done in a cost effective manner. Make sure you have the right controls in place and even though you cant prevent every attack you can minimise the damage the cause.
