Opinion: No, the LulzSec hackers weren’t noble

LulzSec defendantsA Naked Security user tweeted me earlier today, asking about the LulzSec hacking case:

"But do you feel there is something noble about the lulzsec cause, and getting info to the masses?"

The argument goes that LulzSec were just a bunch of media-savvy fun-time guys, having a laugh at big companies’ expense, exposing the inadequate security of websites and computer networks run by large organisations.

Surely, the argument goes, LulzSec was harmless. In fact, weren’t they really somewhat noble?

LulzSec banner

Pardon me for taking a different point of view.

Although the hackers involved in the LulzSec attacks may not have been finanically motivated that doesn’t mean no harm was done.

Innocent people had their private information exposed and published on the internet, forcing them to change passwords and mop up any damage.

You may find membership of a hardcore porn website distasteful, but didn’t the 26,000 members (fnarr..) of a hacked sex site deserve better than to have their email addresses and passwords published and LulzSec encourage others to hack into Facebook accounts and tell their friends and family?

Porn passwords

These guys probably sign into Facebook with the same email/pass combo, so we suggest the following:
1) sign into their Facebook accounts
2) find their family members
3) tell them all about how the victim (you!) signed up to porn sites
4) watch the hilarity
5) tell us about it on twitter!
6) ???????

Alternatively, what about readers of The Sun newspaper, who – if they had participated in the paper’s competitions – ran the risk of LulzSec exposing their private details.

In one example, LulzSec published details of applications for the Miss Scotland beauty contest, which includes details of potential contestants’ aspirations, vital statistics, hair and eye colour, weight, and height as well as their dates of birth and addresses.

Miss Scotland leaked information

So, no. In answer to my correspondent – I don’t view what LulzSec did as noble.

It’s perfectly possible to put hacking skills to positive uses instead.

It’s definitely possible (and within the law) to inform companies of poor security, and to tip off the media if you feel the organisation is dragging its feet fixing it.

What isn’t cool, or funny, is to hack into companies, expose the private information of members of the general public, and to launch denial of service attacks.

Those kind of attacks are illegal, and the LulzSec gang knew that.

And that’s why, today, three members of the LulzSec hacking gang received custodial prison sentences.