News that hacker group LulzSec is splitting up after around 50 days creating mayhem for the world’s largest corporations and even security services won’t spell the end of such attacks.
I’m not here to comment on the work done by the team, which ironically appears to have been forced to go its separate ways after its internal message board was hacked and one of its members was arrested in the UK last week.
Instead, I’m interested in all the reports of LulzSec members providing botnets to aid the group’s efforts. The teenager arrested was charged with providing such a network of infected computers – one of several charges laid against the 19 year old – and leaked internal messages viewed by The Guardian suggest at least one more member of the small group was also a botnet supplier.
That need for botnets reminds me of a warning security firm Arbor Networks issued in February. It told TelecomAsia that setting up botnets today is effectively child’s play, with tools readily available on the Web that enable almost anyone to establish a network of infected PCs. The ease with which botnets can now be established resulted in the size of distributed denial of service (DDoS) attacks doubling in 2010 to break the 100G barrier, the firm revealed.
DDoS was one of the main weapons in LulzSec’s armory. Indeed, the group initiated attacks on two UK newspapers last week in protest at their portrayal of the arrest of Ryan Cleary.
Arbor’s argument that DDoS attacks are now mainstream makes for scary reading. Those online tools mean almost anyone can develop a botnet today. It’s akin to garage developers in the applications space – with the likes of Apple and Google providing tools that allow anyone to produce apps for their smartphone platforms regardless of their computing prowess.
For that reason, I predict there will be more LulzSecs around the corner. They might not be as well organized or tap as much information, but the ease of creating dummy networks through infected PCs will surely be a temptation too hard to resist.