For almost two months, an anonymous band of hackers called LulzSec made a reputation for itself by revealing internal data from organizations ranging from the Arizona police to the US Senate to the CIA. Now, the group is closing its tents. With a final release of such "valuable" data as game accounts and some internal AT&T documents, LulzSec is done.
In its final message, LulzSec rambles on:
"Again, behind the mask, behind the insanity and mayhem, we truly believe in the AntiSec movement. We believe in it so strongly that we brought it back, much to the dismay of those looking for more anarchic lulz. We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us. The support we’ve gathered for it in such a short space of time is truly overwhelming, and not to mention humbling. Please don’t stop. Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve.”
Yeah. Right. What really happened, after boasting that "We might be brought to justice, but we just don't care,” it turns out they do care when their leaders are revealed and at least one of its members has been arrested. In the end, LulzSec revealed a lot of mostly worthless information. LulzSec was no WikiLeaks.
That said, the real story here isn't that LulzSec was some elite team of crackers — devoted to a real cause — that has now retired. They were just a small group of computer-savvy young men who found out just how easy it is to break into governments and companies.
Despite years, decades, of IT experts and writers preaching the gospel of basic security, even the biggest organizations just aren't paying attention. I honestly begin to wonder if anyone even takes security seriously anymore.
Are we so used to the LulzSecs of the world, or of the far more dangerous criminal enterprises breaking into bank and credit-card companies, that we just shrug and accept security failures as the price of doing business on the Internet? Are we so blind that when it becomes clear that there was a real Mac OS malware threat for several days Apple told its customer support people to deny its existence?
Yes. Yes, we are.
LulzSec made be gone, but the moronic security problems it revealed remain. We—all of us from just ordinary Joe User to the CEO of the biggest companies—have to take security seriously. If we don't, well don't blame me if you find your credit-card numbers on sale for the highest bidder or your corporate books available as a BitTorrent download.