Security outfit thanks LulzSec for the Lulz

Internet security expert Andy Kemshall from SecurEnvoy reckons LulzSec should be applauded for its campaign of online mayhem, as it exposed government complacency and business naivety.

“I firmly believe that the media attention LulzSec’s DDoS attack has recently received is deserving," he burbled. "It’s thanks to these guys, who’re exposing the blasé attitudes of government and businesses without any personal financial gain, that will make a difference in the long term to the security being put in place to protect our own personal data!”

Kemshall continues: "At the end of the day, it comes down to a fundamental failing on the part of the organisation that allows these criminals in. If they didn’t leave their networks unlocked there wouldn’t be a problem.

"Hackers are exposing the holes and bringing the issue out into the open. RSA unbelievably took three months to come clean about their breach and if hackers hadn’t exposed them, through the Lockheed Martin story, would they have come clean at all? The cynic in me thinks not.”

Kemshall discusses an unnamed a local authority which is waiting for its SecurID tokens to be replaced by RSA. "We were astounded to find that the organisation was actually pretty blasé and said they didn’t feel there was a huge risk. This is naïve as, not only is there proof that the tokens are insecure as another organisation has been hacked, but why else would RSA go to the expense of replacing them if there wasn’t a problem?”

Talking of LulzSec and Anonymous, Kemshall said there was "much to be learnt from their expertise and raw talent."

He added: “These techies are up to speed and are useful to the industry – we need them! What people choose to ignore is many of today’s experts are ex-hackers themselves so Anonymous and LulzSec are actually tomorrow’s authority. They offer fresh ideas and they’re exposing new vulnerabilities that the ‘good guys’ may not yet have seen or even considered.

"The simple truth is that we’re going to need their expertise if we’re to defend ourselves against other countries and those malicious hackers who are out for financial gain. Instead of persecuting them, we need to recognise their talent, embrace their expertise and encourage them across from the dark side to turn their expertise into something constructive rather than destructive.”