Mathieu Estrade, Bee-Ware: Implications of the LulzSec/Anonymous attacks
November 2011 by Marc Jacob
The LulzSec hacker collective created a stir following widespread circulation on the Internet of the private data belonging to contestants of the Fox.com show, the X-Factor. The group made public sensitive information extracted from the Fox database such as logins, passwords, and contact details.
In less than a year cybercrime has reached new heights and flooded the headlines with news of the impacts on high-profile companies: Sony, Fox, Infragard (investigative organization allied to the FBI) and the Arizona police have all been affected. Cyberattacks are varied in nature, compromising entire systems and machines or stealing data from applications via SQL injection. Recent buzz on APT (Advanced Persistent Threats) have also pinpointed the existence of long-term techniques, executed step-by-step and triggering latent repercussions. Ultimately, LulzSec’s hacking spree has raised awareness on the vulnerabilities harboured by major business enterprises, who are required to bolster protective measures and adequately equip themselves against dangers that may represent just the tip of the iceberg as cybercrime changes and develops.
A flashback to the initial stirrings of IT hijacks in the nineties serves to remind us of how complex the issue has become. Hacker associations used to challenge one another to infiltrate the IT systems and corporate Web sites of major organizations. The outcome tended to be light content modification or changes on the home page of a site. Today, however, the odds have increased. The onslaughts are carried out on confidential data or on widely published server content, spurred by Peer to Peer exchanges. Wiping out information is next to impossible and its circulation amplifies all the time. Nowadays all types of information can be accessed, including the e-mails exchanged among company executives. One recent « Anonymous » attack eventually led the CEO of HBGary Federal to resign! The ripple effects caused by data breaches can reach alarming proportions and affect companies at all levels, and even stockmarket values of listed firms can register negative trends. It is not surprising then, that IT assets and data have become alluring prey for hackers.
In the final analysis constant vigilance is necessary to mitigate the risk facing information and personal data circulating across networks. Logins and passwords are divulged far too often. It is common practice for users to resort to the same login elements to manage all their digital activity: mail, services, e-commerce… each application being exposed to potential raids. We can already assume that login and password pairs have been programmed into tests run on online services. We can rest assured that any overlooked flaw or weakness will be exploited. New methods for protection are thus urgent and necessary. The onus is on cutting-edge technology experts to demonstrate reactivity and provide strategic responses.