LulzSec’s 50 days of mayhem

Now that LulzSec announced that its days of mayhem are over (hint, they probably are not, but they have to lay low for a while), let’s see what we’ve learned from these last 50 days.

We’re not safe. We never were, but we’re definitely less safe now, that we rely more and more on the Internet, we need to choose our providers very carefully. The only safe computer nowadays is one that is shut down and has no connection to internet (yes, there is such a thing as ‘wake on LAN’).

We have to be proactive about security. „I’m too small” may be a good reason for you to postpone taking measures, but even if you’re not Sony you might become a target soon. Why? Just because, of ‘For the Lulz’, as they said it (or, to put it in the gentle words of people: „because f*** you, that’s why”).

Pirates are a fascinating lot. This is why we had 4 movies of Pirates of the Caribbean about pirates growling (and not pirating stuff, because it was Disney, for goodness sake: piracy is bad for your kids!). This is why people didn’t stop downloading music and movies (and might do it just to spite the RIAA/Hollywood guys). They do it for the thrill and for their own conviction – and you might agree with them or disagree with them.

The bad things that the Lulz have brought: the governments now have more reason to un-free the internet. They are bothered by the freedom it brings – and the Lulz are even more reason to shut down your freedoms. Of course we know that Hollywood and RIAA are there to tell them they should do it – but reckless pirates actually might have endangered forever everyone’s freedom on the Internet.

Some effects were strange. Telstra, for example, refused to put in place the recent Australian plans for internet filtering, for fear of hackers, and LulzSec in particular (via). Of course, they won’t stay forever hostage to fear of hackers, but it might make some people rethink their options. Maybe. For Telstra, it might be a break long enough to think if it really wants to turn against their clients.

What’s worrisome is the fact that the Lulz adventure was under-reported. A serial killer was at bay, yet nobody talked about it except for the more technical side of the news reporters. But it was really a war out there. A 50 days war, an underground war, but still, a war. Which means, actually, that we’re less likely to find out what the real underground movements are doing – because nobody wants to talk about it. You know, security through obscurity never worked. It won’t work now, we’re not safer just because we don’t know about stuff happening.

The 50 days of mayhem as LulzSec may be over now. But even if the jester might have stolen the thorny crown, the Lulz have not been shut down. And, truth be told, they won’t be shut down anytime soon. But what does not kill you can make you stronger. I bet that as a direct result of LulzSec mayhem, CEOs are now asking: „are we safe?”

My answer: „No, we’re not”. Teh Lulz granted us a break. Let’s use it.

PS: Security in the news:

(these are only from the last two weeks of activity. For the non-technical folks: have you heard about all these?)

PPS: Ars Technica and The Reg wrote about this too.