Author Topic: The LulzSec hacking arrests won't make it safer online  (Read 2146 times)

0 Members and 1 Guest are viewing this topic.

Offline mayya

  • Administrator
  • *****
  • Posts: 7874
The LulzSec hacking arrests won't make it safer online
« on: March 30, 2014, 18:17:38 PM »
The LulzSec hacking arrests won't make it safer online

The FBI's infiltration of LulzSec is astonishing – but the group's activities are small fry in comparison to professional cyberwar

  • James Ball
  • Wednesday 7 March 2012 16.22 GMT

Hector Xavier Monsegur, known by Lulzsec as Sabu, gave information on the hacking group to the FBI

For you, LulzSec, the war is over. Maybe. In an astonishing series of revelations, the FBI on Tuesday issued charges against four individuals alleged to be principal members of the hacking collective, and another alleged to be a member of its sister group, Anonymous.

But more staggering still was how the evidence against these individuals was gathered. The LulzSec member known as Sabu, revealed to be an unemployed 28-year-old New Yorker named Hector Xavier Monsegur, had been caught by the FBI in June 2011, and by August had pleaded guilty to hacking offences with a maximum sentence of 124 years and six months.

Ever since, he had worked to provide evidence against his suspected former cohorts.
According the FBI charge sheet, the degree of Sabu's co-operation with the FBI is extraordinary. Through him, the authorities apparently had the inside track on a series of audacious hacks, including the recording of an FBI conference call and the lifting of 5m emails from a US intelligence publisher, Stratfor.

Indictments show Sabu encouraging other online aliases during attacks, and suggesting thousands of passwords publicly. On Twitter, Sabu's account continued to threaten the "Feds" and post encouragingly on new attacks.

Through Sabu, the FBI were aware of the attack on Stratfor's servers even as it was ongoing – and seemingly did not inform the company. An FBI storage server was even offered to Anonymous on which to store the hacked documents.

Many will feel unease at the FBI's nine-month penetration of LulzSec and – at the very least – parts of Anonymous. Concerns about incitement and entrapment will be raised.
Companies subject to some of the attacks by the groups may also feel aggrieved: could the authorities have stopped some of them if they'd wanted to? It seems they could.
But to focus solely on these concerns misses a wider series of problems in clamping down on hackers, and maintaining law and order, online.

It is important to note that Monsegur aside, the other individuals named in the US charge sheets are innocent unless proven guilty.

But whoever carried out the assorted hacking attacks, the nature of these groups and their motivations are known: their membership is generally young, often in the late teens, and attacks are often politically motivated. The ethos isn't fixed, but there are some creeds: anti-corporate, anti-censorship, libertarian and definitely anti-surveillance.

The damaging consequences of Anonymous and LulzSec hacks shouldn't be understated, but motivations were rarely financial: where credit cards were taken, for example in the Stratfor hack, they were used more for charitable donations or purchasing servers for Anonymous use than for financial gain.

If the theme of a young, anti-corporate group engaging in civil disobediance seems familiar, it should. The Occupy movement and Anonymous are strikingly alike in both their organisation, their tactics and their goals.

But while most Occupiers who are arrested – and even these are a minority – face relatively mild sanctions (typically non-custodial), a single count of a hacking offence in the UK or US can carry a 10-year prison sentence.

In the online realm, a single knowledgeable hacker engaging in civil disobedience can cause more trouble than a single protester. At present, this is often dealt with simply by punishing them more harshly, using laws intended to hit those engaged in industrial-scale theft or espionage.

But legal inconsistency spell trouble, too. In Germany, participating in an attack aimed at temporarily taking a website offline (known as a denial of service attack) are recognised as the online equivalent of a sit-in protest, and may not qualify as criminal offences. Elsewhere, it can lead to imprisonment.

Protesters moving online may find the laws dramatically harsher than their offline equivalents: a gradual criminalisation of dissent.

There is a wider concern. No one's computer is safer in any meaningful way as a result of the FBI's actions. Anonymous may be the most famous hacking group in the world – and may yet bounce back even from these latest developments – but even at its peak it was far from the most dangerous.

Breaking into systems and defacing sites, boasting publicly about what you've done will certainly get you noticed – but that's not what the biggest players do.
Professional hacking is big business, often operating from Russia, Africa and South America where enforcement is lax.

Breaking into systems to glean credit card details on a huge scale is a major operation – and the last thing these guys would do is inform an individual or business that they've compromised their system. The longer you can stay inside and steal information unnoticed, the better.

And then there are the growing numbers of government-sanctioned hackers used to engage in cyberwar. Accusations fly against China,Israel and the US and many others – but for obvious reasons, individuals are never brought to justice.

That the most high-profile hacking arrests of recent times comes from a group dedicated to online civil disobedience signals nothing good: at best – and it's a disturbing best – it means that these are the only suspected hackers the authorities are able to catch.
At worst, it means Anonymous are the only hackers they're chasing.

• For legal reasons, this article will not be open to comments