Imperva comments on recent LulzSec and Anonymous arrests
September 2011 by Impreva
Imperva comments on the breaking news that two members of the hacking collectives LulzSec and Anonymous have been arrested, with charges secured against a third suspect. Read on for insight into the mistakes made by the hackers that may have lead to the law catching up with them.
The arrests, if legit, could have a significant impact on hacking. Hackers may not be as willing to trumpet their activities – a major driver of hacktivism. Further, it may impede recruitment of new hackers who could now be a little more gun shy.
The arrests shouldn’t surprise anyone. They made two errors:
Mistake #1: They brought too much attention to themselves.
It is said that John Gotti, the mafia boss, brought so much attention to himself that he became a natural, high profile target for law enforcement. As Amichai Shulman, our CTO, stated before, the Lulzsec, the hackers "were extremely unfocused in their goal and gained attention mainly due to the relative intensity of their activity and lack of other good media topics." They brought too much attention to themselves and you could expect law enforcement to find them. If you look at hacking historically, over the past 20 years many of the high-profile attacks or those that involve serious losses to governments or commercial companies have ended up with law enforcement finding the perpetrators eventually, such as Albert Gonzalez.
Mistake #2: They didn’t cover up their tracks.
Let’s review some of the Lulzsec chat logs from a few months ago. One snippet, in reference to discussions Lulzsec was having with the media, shows how the hackers themselves admit they gave away too much information:
Topiary – “Sabu and I got a bit carried away and gave LulzSec away a bit.”
As Imperva’s Tal Be’ery, Web Research Team Leader, Application Defense Center (ADC) said in this USA Today article, "When you’re running this kind of operation for a long time, especially with not very concrete plans, you’re bound to make mistakes." The mistakes Lulzsec and Anonymous made during their hacking spree left an electronic trail with enough foot prints to product today’s arrests.