Over the weekend the Lulz Security guys called it quits. Their last release came on the 50th day since they started their escapades. It isn’t clear if they had intended from the start to only exist for 50 days, but after DDOS’ing cia.gov they had escalated their wanted status to critical and it was likely only a matter of time before they were going to be caught.
They leave in their wake a trail of destruction which includes some huge players such as Sony, Nintendo, PBS and others.
The business world as a whole is likely breathing a collective sigh of relief at this point and considering themselves lucky they too didn’t fall victim to Lulz shenanigans.
Lulz parting words on Twitter contained a call to action for AntiSec and Anon, two other notorious hacking groups who have themselves had a number of high profile hacks in the past.
Lulz demonstrated in a brutally evident way how inadequate most companies have secured their external infrastructure, and if these other groups step up and continue the path set by Lulz the compromises will keep coming.
A lot of companies have avoided embarrassing and costly hacks by what in the industry we call ‘security through obscurity’. Lulz showed that anyone is a potential target, and your company could quite easily be next in their cross-hairs.