The chief technology officer and co-founder of British security firm SecurEnvoy said on Wednesday that LulzSec should be applauded by their recent DDoS attacks on government, gaming, banking and other organizations online. The sentiment echos a report provided by Impervia on Wednesday saying that enterprise security continues to ignore two common vulnerabilities that LulzSec infiltrated: SQL Injection and Cross Site Scripting.
"I firmly believe that the media attention LulzSec’s DDoS attack has recently received is deserving," SecurEnvoy CTO Andy Kemshall said. "It’s thanks to these guys, who’re exposing the blasé attitudes of government and businesses without any personal financial gain, that will make a difference in the long term to the security being put in place to protect our own personal data!"
According to Kemshall, if organizations didn't leave their networks unlocked for criminals to waltz right on in, there wouldn't be a problem in the first place. Sure, the long batch of LulzSec attacks were a "bad thing," but instead of spending time and resources on deactivating these hacker groups, governments, organizations and security firms should spend their time examining their "expertise and raw talent."
"These techies are up to speed and are useful to the industry – we need them," he admitted. "What people choose to ignore is many of today’s experts are ex-hackers themselves so Anonymous and LulzSec are actually tomorrow’s authority. They offer fresh ideas and they’re exposing new vulnerabilities that the ‘good guys’ may not yet have seen or even considered. The simple truth is that we’re going to need their expertise if we’re to defend ourselves against other countries and those malicious hackers who are out for financial gain. Instead of persecuting them, we need to recognize their talent, embrace their expertise and encourage them across from the dark side to turn their expertise into something constructive rather than destructive."
Referring to Anonymous and LulzSec as cyber "gangs," he thinks it's extremely clever to be able to operate with zero budgets and get the huge amount of coverage these groups have achieved to date in comparison to the vast PR machines of the FTSE 100 companies. "By combining their services you’d create a considerably formidable force whose strength could be used for good, for example to bring down terrorism and the ill-forces operating with the confines of the Internet," he added. "We should be nurturing this IT talent and growing it for the good of the general public."
Kemshall concluded his statement by saying that organizations are still too blasé about security, that they don't seem to be taking the "honor" of securing our details seriously. "We need people like LulzSec and Anonymous, and I personally am standing up and saying thank you to these guys, as they are making businesses and government sit up and take action or naming and shaming them so at least I can have an informed opinion of who I can trust," he said.