Actu
Mathieu Estrade, Bee-Ware: Implications of the LulzSec/Anonymous attacks
November 2011 by Marc Jacob
The LulzSec hacker collective created a stir following widespread circulation on the Internet of the
private data belonging to contestants of the Fox.com show, the X-Factor. The group made public
sensitive information extracted from the Fox database such as logins, passwords, and contact details.
In less than a year cybercrime has reached new heights and flooded the headlines with news of the
impacts on high-profile companies: Sony, Fox, Infragard (investigative organization allied to the FBI)
and the Arizona police have all been affected. Cyberattacks are varied in nature, compromising entire
systems and machines or stealing data from applications via SQL injection. Recent buzz on APT
(Advanced Persistent Threats) have also pinpointed the existence of long-term techniques, executed
step-by-step and triggering latent repercussions. Ultimately, LulzSec’s hacking spree has raised
awareness on the vulnerabilities harboured by major business enterprises, who are required to bolster
protective measures and adequately equip themselves against dangers that may represent just the tip
of the iceberg as cybercrime changes and develops.
A flashback to the initial stirrings of IT hijacks in the nineties serves to remind us of how complex the
issue has become. Hacker associations used to challenge one another to infiltrate the IT systems and
corporate Web sites of major organizations. The outcome tended to be light content modification or
changes on the home page of a site. Today, however, the odds have increased. The onslaughts are
carried out on confidential data or on widely published server content, spurred by Peer to Peer
exchanges. Wiping out information is next to impossible and its circulation amplifies all the time.
Nowadays all types of information can be accessed, including the e-mails exchanged among company
executives. One recent « Anonymous » attack eventually led the CEO of HBGary Federal to resign!
The ripple effects caused by data breaches can reach alarming proportions and affect companies at
all levels, and even stockmarket values of listed firms can register negative trends. It is not surprising
then, that IT assets and data have become alluring prey for hackers.
In the final analysis constant vigilance is necessary to mitigate the risk facing information and personal
data circulating across networks. Logins and passwords are divulged far too often. It is common
practice for users to resort to the same login elements to manage all their digital activity: mail,
services, e-commerce… each application being exposed to potential raids. We can already assume
that login and password pairs have been programmed into tests run on online services. We can rest
assured that any overlooked flaw or weakness will be exploited. New methods for protection are thus
urgent and necessary. The onus is on cutting-edge technology experts to demonstrate reactivity and
provide strategic responses.
