LulzSec, the group that claimed responsibility for the recent Sony PlayStation Network outage and identity theft, is now claiming that they have hacked into the Arizona Department of Public Safety (AZDPS) systems and stolen 400MB worth of data that supposedly contains personal home addresses of Border Patrol agents. The Arizona Daily Star and Arizona Republic have already published articles on this breaking news. And Three Sonorans and Social Citizen here on the Tucson Citizen have already done some basic forensics.
Obviously, at this point, no one has had time to sift through the entire 400MB data dump. For all we know, it could just be a ploy to gain access to other systems via malware in the PDFs and Word Documents within. I’ve seen comments that say some of the files in the data dump contain suspicious malware-like content. So, if you decide to look at it, be sure to isolate it from the rest of your computer network or you might find yourself the next target of LulzSec. A cursory glance at the data suggests it is legitimate. BUT! Only after people have had time to tear it apart will we know for certain.
So, let’s assume this is legitimate for a moment. I have no reason to doubt it isn’t. LulzSec seems to only make legitimate claims. But this is a far cry from hacking a gaming network. In the digital world, the only real loss is time and money and the customer loses a bit of privacy and peace of mind of control over their personal information. Big deal. If you use Facebook, then you’ve already lost those things anyway. In the case of PSN, there is likely no real association to what you do for a day job. And maybe your credit card information was stolen – the question of whether or not credit cards were stolen was conveniently never properly answered. You lost a month of time to play games on PSN and had to play other video games or, dare I say it, actually put on some suntan lotion and go outside and enjoy the amazing outdoors this state has to offer year-round. On the flip side of the coin, publishing real names and addresses of those known to put their lives on the line daily puts their immediate families’ lives in danger. That’s the difference here.
This shows how little people think about their actions and the potential repercussions of those actions. LulzSec is short for “Lulz Security” – making fun of how weak most IT systems are and then exploiting the weaknesses to force the organizations to start thinking seriously about securing their systems For Realz. A noble goal, I suppose. And it is true that most IT systems are horribly insecure. However, there are better things to do with one’s time than intentionally putting real lives in danger. Even playing video games with friends to build relationships is a better use of one’s time.