I’m sorry but I think spreading innocent people’s login info, card details, whatever over the internet is already malicious intent. I loathe the “awww, those guys are performing a valuable service” defence.
Hahahahaha…that’s such a dumb statement. If that were the single form of protest in the future, we’d all be doomed.
DOOMED!
Where the protesters face absolutely no consequences for their actions so there’s nothing heroic or daring or notable in the act - it’s bullying from 10,000 feet.
It’s the same public service as throwing a brick through a shop window. “Shoulda bought stronger glass, dude!”
The people that were just arrested for DDOSing would like a word with you.
Right, change my wording to … “no anticipated consequences”. In other words, a “protest” means little when the protester believes they will not face any consequences. At that point it’s pressing a key and going to get a sandwich.
I never thought I’d be defending the likes of Anonymous, but…
Companies are going to get hacked regardless. Which of these is a better situation: 1. A company gets hacked, a group brags about it and you can take immediate action if you’re affected or 2. a company gets hacked, you never hear about it and you have an extra $800 on your next credit card statement (or an empty checking account)?
If getting publicly shamed by a bunch of 14-year-olds gets Sony to get their shit together, all the better. The political statements and all that are bullshit, but a greater good just might come of it. Although the cynical side of me thinks PR and press releases are cheaper than new server infrastructure.
Obviously it’s better than some of the alternatives, but that doesn’t mean that Anonymous deserves our thanks. I’d rather get mugged than murdered, but that doesn’t mean that the mugger is performing a public service.
No, you’re right. They aren’t performing any noble public service, but better them than some scumbag browsing Amazon on my dime.
They should have bought stronger glass if the shop in question was claiming that their shop window could stop bricks.
It’s not like most of these attacks used some kind of secret l33t hacking technique. If a company makes a claim that personal user information is safe with them the wall between that info and the outside world shouldn’t be two centimeters of Styrofoam.
Pentesting is a valuable service. Pentesting and shouting about discovered vulnerabilities from the top of every mountain and sharing the personal data of innocent bystanders is a crime. There’s a really huge difference.
The difference seems to be that the latter actually gets things fixed.
Hotels implicitly safeguard you and your valuables behind a locked door. If someone busts the lock to break in and steal your stuff, they didn’t provide the hotel with a service you moron.
edit - upon reflection, this was likely meant as a witticism
No matter how thick the glass was made, there will always be bricks which are able to break that glass nonetheless.
Funny how what I said immediately gets picked up as some kind of defense of hacking. Oh and name calling too.
So let me repeat it in a way you can understand it.
A) Hacking is a crime. If sensitive data is stolen and published this is primarily the hackers fault.
B) If the company that was hacked gave certain expectations about their security, which turned out to be false, then the company is also to blame.
If a hotel claimed to keep your valuables behind locked doors while they in fact did not lock the door and your stuff gets stolen you wouldn’t blame the hotel?
No matter how thick the glass was made, there will always be bricks which are able to break that glass nonetheless.
Of course, but that’s not the issue here. My point is that if a companies security isn’t at a level that should be expected (depending on what they are protecting) then they are partially to blame for any theft because it’s negligence on their part.
Yes, exactly. Companies that get hacked of sensitive information via trivially exploited vulnerabilities need to face some sort of consequence to convince them to take their security a little more seriously.
I don’t want to get too far down the rabbit-hole of internet analogy since that tends to derail conversations in P&R, but I blame the thief a lot more than the company with the subpar security.
Yeah, they were asking for it. Awesome!
I don’t think any of these companies should get some kind of IT Security Award, but saying they are partially to blame is a bit much. I understand that most firms need to do more to secure their networks, but the same could be said of most physical security issues. We could probably all do more to lock up our houses. Unfortunately, security (especially the virtual kind) is always evolving because the bad guys are always getting better at breaking in.
There are legitimate security companies that offer that kind of evalution for a price. A random hacker douchebag that busts in, takes a bunch of data, then spreads it on the web is not performing a service to humanity. Less so the idiots that take part in an Ion Cannon hit. Fuck them.
I don’t think you understand how trivially easy some of these security vulnerabilities are to correct. Just keep up with the patches, use reasonable security practices, and the danger from the widely available exploits is handled.
Let’s go back to analogy-ville here since it’s the only reasonable way to relate these matters in a discussion that included nontechnical participants. I wouldn’t blame my bank if someone stole a bunch of money at gunpoint. I would blame my bank if it turned out they got cleaned out by a 12 year old who just happened by one evening. Because they kept ALL their reserves on hand. In cash. In a cardboard box. In an unlocked closet. In a building they forgot to lock at night. And they hadn’t noticed that their security cameras stopped working four months ago.
It’s not all companies that use security practices that poor but there are definitely some that do. Since IT is such an inscrutable black box to management they just have to take the assurances of the techy types that everything is locked up tight and proper. All it takes is one incompetent manager more interested in making budget than doing a good job and suddenly we have crap like the PSN outage.
Whether or not these hackers provided a service, can we at least agree that they need to go jail? Even if the security wasn’t up to date, the laws are and provide a much more concrete deterrent to hacking than any software. Outside the IT world, breaking laws typically is much easier than preventing laws from being broken. Its the consequences that keep people from taking that leap.