As an aside, I love how we have to drill down every statement made in a P&R thread because everyone (me included) can never seem to read the meaning behind a post rather than take everything literally.
Most companies have shit network security. I don’t give them a free pass. I fully understand that they need to be a lot better than this. A LOT better.
What I will not do is move the blame for these acts from the perpetrators to the victims. Nor will I parcel out a share of the blame to the companies that got hit.
As you pointed out, the big difference between physical and virtual security is that anyone can look at an open door or a busted lock and see the problem. Most people don’t know the difference between a vulnerable network access point and a secure one. They rely on network security people to tell them what’s going on.
Is that a pass to have crap security? Nope. If those people sucked at doing what needed to be done then they need to get educated or replaced. Networks should be beefed up. Databases encrypted. Unfortunately, improving security is neither free nor instantaneous.
In the meantime, saying that hackers deserve praise for what they did or that they shouldn’t get the full blame strikes me as an easy way to feel smug about what happened because big companies and government agencies totally suck, man.
To stretch your analogy in another direction though, how much blame do we put on the homeowner that forgets to lock a door when someone strolls by, walks in, and robs the place? There’s a pretty big divide between making a mistake and being told that “you deserved it, dumbass.”
If that homeowner was holding someone else’s valuable property with an implicit responsibility to safeguard it, that homeowner may find him or herself liable for that loss in some fashion I would think.
I’m not suggesting that poor security excuses criminals in any fashion, but on the flipside the fact that criminals are clearly breaking the law doesn’t mean that someone with piss poor or nonexistent security is absolved of their negligence.
To answer the question of how anonymous will react to the arrests: today a group stole a gig of data from NATO. They are leaking individual documents as they go through them and decide what they can ethically release.
Well its nice to see that you seem to completely trust a group of people who break the law and steal data to know what secret data they should and should not realease.
The proper response to this is again, you’re thinking of this is terms of black or white. I don’t completely trust them no, but that doesn’t mean they’re not undeserving of some trust or that they’re incapable of acting in an ethical manner. One does not necessarily imply a lack of the other.
Yes I do believe they might have some standards left, we’re not talking inhuman monsters here. I never said what they did in the first place was ethical, or that what they were attempting was ethical, just that they’re not necessarily going to willy nilly release dangerous documents.
You can’t just assume a thief is a murderer because he stole your watch. Though it seems there are political parties everywhere that would like to.
Is your bunker Death Star-proof? No? Shoulda hired some Jedi, man.
No, we’re talking about a bunch of petulant, self righteous children (irregardless of their actual age) who think they are the ones who get to define “right” and “wrong”.
What level of security should be expected for which kind of companies? Remember there are companies with <10 employees which have to be also part of the worldwide data highway and store customer data just as the ones big enough capable of installing a sufficient security infrastructure.
