Can LulzSec and Anonymous forge a turning point?

Share this article:
Lysa Myers, director of research, West Coast Labs
Lysa Myers, director of research, West Coast Labs

For as long as I can remember, there has been talk in the anti-malware industry about what sort of event it will take to get people to take computer security seriously.

There were countless airline events which took place before governments started implementing increasingly restrictive security measures at airports. There were similar incidents before the accident at Chernobyl, but it took that level of disaster before the general populace became fearful of nuclear power.

Neither airplanes nor nuclear power became instantly unsafe. In fact, they're both considered fairly safe compared to other modes of transport or power. But suddenly people became aware of their risks and made changes as a result of the incidents.

Regardless of what you think of the effectiveness of the measures that were taken after the fact, the changes were massive.

Now when it comes to cybersecurity, it will likely take a Chernobyl-like event to get people to take it seriously. But that day could be sooner than we expect, at the rate things have been escalating.

In my last column,  I discussed the attack on Sony's PlayStation Network. Since that breach, a new organized hacking group, called LulzSec, joined and left the fray, grabbing daily headlines with their hacking activities.

LulzSec and the more-established Anonymous hacking collective recently announced a joint venture, dubbed "AntiSec," to target high-profile government and banking sites to expose wrongdoing. Given the number of sites which have already been hit, this is likely not an idle threat.

Will an event like this be enough to get people to appreciate that security incidents affect everyone, not just large targets? The campaign reminds me a bit of the "Month of Bugs" campaigns that we saw a few years ago during which researchers spent a dedicated month on publicly releasing security holes in various types of popular software.

“Will an event like this be enough to get people to appreciate that security incidents affect everyone, not just large targets?”

No major software company was immune from this onslaught, and it made for a very busy month for those working in a company that was targeted. And it was busy a whole lot longer than that for those of us working in a security company that reports new vulnerabilities. It was almost as taxing as the virus wars of 2004, when we were having multiple outbreaks of Bagle and Netsky daily.

And yet, these campaigns went almost completely unnoticed by anyone outside the software industry. Five years later, vulnerabilities certainly still exist on a similar scale.

Banks and government sites are already decidedly aware of security issues, but holes still exist. Will hitting these targets cause the ordinary citizen enough inconvenience or fear to change things?

We shall soon see.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in Opinions

Beware of the malware walking dead

Beware of the malware walking dead

This Hallows Eve might be a good time to remind ourselves that zombies can be just as deadly, and I'm referring to recycled tools and techniques from years gone by.

Why the Home Depot attack shouldn't have happened

Why the Home Depot attack shouldn't have happened

Major retailers are falling prey to massive credit card information heists, despite spending millions on cyber security systems.

Next-generation malware: Think like the enemy and avoid the car alarm problem

Next-generation malware: Think like the enemy and avoid ...

When it comes to enterprise security, one rule remains constant - attacks will continue to increase in sophistication and attackers will seek to outmaneuver existing defenses.