Does boredom mean security?

Uh, no. A LulzSec member says the group is ‘bored’ and is therefore disbanding. Does that mean an end to cyber attacks? Uh, no. The individual members of a group of hackers don’t all stop doing stuff just because a couple of the members are bored. Sure, they might disband. Some of them have – allegedly – already joined up (again?) with Anonymous. Irrespective of what the ex-LulzSec folk do, they’ve already done enough to inspire copy-cat attackers around the world – or so says Kevin Mitnick, retired hacker, author and security consultant.

And, if that’s not enough, kids are being taught hacking basics at DEFCON kids (for 8 to 13-year olds), so that takes care of hacking for the future. And, as I’ve said on many occasions in the past, it’s not just hackers doing it for the craic, there is a whole commercial hacking scene as well: for instance, a cyber-spying company in India specialises in hacking into email and stealing information contained therein.

The Internet is an extremely insecure environment. There are lots of bad people out there. It’s like medieval Europe – when bands of predatory attackers roamed around, looking for opportunities to rape, rob and pillage – and towns and cities threw up battlements and turrets, and dug moats, and installed portcullises and so on – all to keep the bad people out. If you decided to build your house on the plain, or to run a fair beside the river, you would very quickly lose everything. It’s like that on the Internet today. You can’t just connect to the Internet and expect to remain unpillaged for long – you need battlements and other such stuff. Today, we call that stuff Internet Security and, because we can’t check it by walking (or riding) around the walls just looking for cracks that a pillager might exploit, we use penetration testing and vulnerability scanning to make sure that we’ve identified and closed down any security holes BEFORE they are exploited.

It does tend to be cheaper to close vulnerabilities before they are exploited…..