LulzSec Curb-Stomped

[rvg]

I suppose going by previous statements in this thread this wee 14yr old ladeen should get 20yrs in Wakefield in order to crush his obvious evil hacking tendencies.

Hell yeah. Perhaps not 20 years since no monetary damage was done, but a punishment is definitely needed.

Those etheric losses that are based mainly on conjecture - if a 14 year old has a copy of Adobe Photoshop CS4, Adobe views themselves as having "lost" c. £1000 to piracy. The "logic" is that if he'd not downloaded it he'd have gone and purchased a copy, not he'd have downloaded the GIMP.

No, the losses come from the fact that the targeted companies had their business disrupted.

[Tellos Athenaios]

No, the losses come from the fact that the targeted companies had their business disrupted.

Business risk, says I. Should've applied proper configs, shouldn't they?

If the power grid goes down and your company suffers from the "disruption" then that's your problem, too. Should own a couple of 10kVAC diesels if you can't have that. Again, business risk.

[rvg]

Business risk, says I. Should've applied proper configs, shouldn't they?

If the power grid goes down and your company suffers from the "disruption" then that's your problem, too. Should own a couple of 10kVAC diesels if you can't have that. Again, business risk.

It does not excuse the hackers. A crime is a crime.

[Tellos Athenaios]

It does not excuse the hackers. A crime is a crime.

Yes, it is.

You were saying something about lost billions?

[rvg]

Yes, it is.

You were saying something about lost billions?

No, it does not. They caused the loss of money. If it was my money I'd flay them alive.

[Tellos Athenaios]

No, it does not. They caused the loss of money. If it was my money I'd flay them alive.

I believe the expression is "what is this I don't even". I'm not sure what you're understanding of DDOS or site defacement entails, but in my mind this is roughly in the order of (a) "Knock, Knock, Ginger" and (b) vandalism. Naughty, yes, out of bounds, yes, monstrously evil causing billions worth of "damages"? In your dreams.

Now this is quite distinct from leaking login details/credit card details and so on. That's simply not on, whichever way you look at it. However, the simple fact that they were even able to access those details constitutes a failure on the part of the business owners towards their customers. This may not be entirely obvious in the land of whish-it-was-two factor authentication, but the security of your customer's sensitive data is your responsibility and you don't get to play the poor victim card when everything goes to hell in a handbasket on account of shoddy security practices. I mean, SQL injections in 2012... So what about the perps then: tresspass & theft, and that's it. Add identity theft/fraud in the case of social engineering; add the usual sale & receiving of stolen goods if the perpetrators tried to make money off their exploits.

Now when it comes to DDOS this is simply how the Internet works: peak loads are to be expected. (Slashdot, reddit, or customer demand.) Either you take time to set up appropriate counter measures (not that hard, well trodden path by now) or you grin and bear it.

For the record, I quite agree that just because the businesses failed to maintain or audit their sites properly doesn't grant the Lulzsec types a pass on their misdeeds. It's just that "billions of damages" is utterly preposterous and any such demands for "compensation" should be rejected on the grounds of being straight out of fantasy land.

Arguably, systemic failure to properly audit & administrate their systems is a much graver "offence"/dereliction of duty on the part of business owners towards their customers. My reasoning for this is based on notions about (lack of) professional competence. Consider it the digital equivalent of dumping chemical waste products straight into the local river rather than disposing of it properly.

[rvg]

I believe the expression is "what is this I don't even". I'm not sure what you're understanding of DDOS or site defacement entails, but in my mind this is roughly in the order of (a) "Knock, Knock, Ginger" and (b) vandalism. Naughty, yes, out of bounds, yes, monstrously evil causing billions worth of "damages"? In your dreams.

Now this is quite distinct from leaking login details/credit card details and so on. That's simply not on, whichever way you look at it. However, the simple fact that they were even able to access those details constitutes a failure on the part of the business owners towards their customers. This may not be entirely obvious in the land of whish-it-was-two factor authentication, but the security of your customer's sensitive data is your responsibility and you don't get to play the poor victim card when everything goes to hell in a handbasket on account of shoddy security practices. I mean, SQL injections in 2012... So what about the perps then: tresspass & theft, and that's it. Add identity theft/fraud in the case of social engineering; add the usual sale & receiving of stolen goods if the perpetrators tried to make money off their exploits.

Now when it comes to DDOS this is simply how the Internet works: peak loads are to be expected. (Slashdot, reddit, or customer demand.) Either you take time to set up appropriate counter measures (not that hard, well trodden path by now) or you grin and bear it.

For the record, I quite agree that just because the businesses failed to maintain or audit their sites properly doesn't grant the Lulzsec types a pass on their misdeeds. It's just that "billions of damages" is utterly preposterous and any such demands for "compensation" should be rejected on the grounds of being straight out of fantasy land.

Arguably, systemic failure to properly audit & administrate their systems is a much graver "offence"/dereliction of duty on the part of business owners towards their customers. My reasoning for this is based on notions about (lack of) professional competence. Consider it the digital equivalent of dumping chemical waste products straight into the local river rather than disposing of it properly.

I guess we'll just have to agree to disagree on this issue.

[a completely inoffensive name]

No, it does not. They caused the loss of money. If it was my money I'd flay them alive.