Personally, I haven't been the victim of a hacking incident (knock on wood). Yet I wouldn't say I'm as prepared for a potential attack as I should be. In recent years, a few friends of mine, as well as my sister, have checked their statements after charging with plastic only to find a whopping $0 in their bank accounts. And while many of us may know someone who's been in this situation, these days, it seems as if nearly anyone of any stature or importance is vulnerable to an attack — especially on the Internet.
At least that's what the latest hacking spree by the group known as LulzSec might tell us. For about 50 days — from early May until the end of June — the six-man operation thwarted the security systems of large corporations and government organizations, getting their virtual hands on personal information and access to websites. The Washington Post's blog post provides a quick timeline of the collective's attacks. Perhaps some of these look and sound familiar. Here are a few to jog your memory:
May 30: LulzSec breaks into the Web site of PBS and posts a fake story saying rappers Tupac Shakur and Biggie Smalls are alive (both are dead). The hack is seen as a response to a PBS documentary critical of WikiLeaks founder Julian Assange.
June 24: LulzSec claims credit for an attack on the Arizona Department of Public Safety, posting internal documents, manuals, e-mail correspondence, names, phone numbers, addresses and passwords taken from the department. The group said it released the documents because it opposes Arizona's immigration enforcement law.
LulzSec hung up the towel on June 25th, and made the announcement through, yes, you guessed it — the Internet. Specifically Twitter. Needless to say this was no ordinary hacking group, if there ever was a stereotypical one to begin with. PC Magazine points out many interesting aspects of this international, sometimes comical hacking group (I'll leave that up to your judgment from their website). In addition to their open and effective marketing campaign:
Instead of operating within the sprawling, "leaderless" climate of Anonymous, LulzSec formed itself as a small cadre of talented individuals, each with a key skill to offer (despite being derided as "script kiddies" by some rival hacking groups, LulzSec had skills). The group was reportedly comprised of hackers (like Sabu) who handled the network intrusions, coders who built software tools, botnet owners who launched DDoS attacks, and even a frontman in Topiary.
For those of us who may do business for or with a company that has been hacked (see: AT&T, Sony Pictures, the U.S. Senate), questions arise: As a consumer, what can I do to protect myself? How big of a threat does LulzSec pose for the future?
In order to answer some of my questions, a friend of mine put me in touch with David Gorodyansky, the CEO of Anchorfree, an Internet privacy firm. I e-mailed him a few of my questions on this matter. When I asked why so many companies seemed unprepared for the LulzSec attacks, he said:
It's a big threat for all companies that keep personal information about their users. If security holes exist on their servers that means that an attack may happen and user data may be compromised. It helps to make sure that the corporation's firewalls and firmware are up to date with the latest security patches. Most companies are unprepared for the attacks. Keeping the servers up to date and with latest security patches would help in many of these attacks. Another way for corporations to not put user data at risk, is simply to not collect and store any personal data on central servers.
In response to what this means to the average consumer, he replied:
This type of attack is indirectly relevant to consumers. It is really an attack against corporate servers (thus corporations), not consumers. However, consumers are indirectly effected, due to the fact that large corporations keep consumer personal data on their servers. When the corporate servers get compromised, the consumer data gets compromised as well. Consumers have to be careful when posting personal information online or should use privacy technology to protect from third party websites automatically collecting their personal information.
Gorodyansky's company has created a program called Hotspot Shield, which he describes as, "a secure browsing solution that makes every page a user visits as secure as a banking site ... it also encrypts un-secure Wi-Fi networks, and makes the user private from third party web tracking."
And Gorodyansky warns his company's product is not the ultimate solution. Users should also make sure their anti-virus software is up-to-date. As the "hacktivists" evolve, we can only step up our game even more. While the FBI has raided the home of a suspected LulzSec member, there's no telling what could happen next.