Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

3/22/2012
11:28 AM
Mike Rothman
Mike Rothman
Commentary
50%
50%

Keep Your Friends Close, Especially If They Are Anonymous

Sabu's traitorous ways reminds us of the sage advice to keep your friends close and your enemies closer

Hindsight is 20/20. It must be, since it seems no one was surprised by the big reveal that a main player in LulzSec and Anonymous, a fellow code-named "Sabu," had been working with the FBI and ratted on some of his partners in crime -- except maybe those said partners, as they were being led out of their hovels by federal agents.

Sabu acted to save himself, as it seems someone who outwardly cared about no one did care about the two young girls in his care. Maybe he reduced his sentence a little by cooperating, but I think he'll find his hacking skills relatively useless in the big house. Unless he becomes the sysadmin for the jail for $2.50 an hour. What could go wrong with that?

The other folks arrested will also spend some time in the big house, that much is clear. As Baretta says, "If you can't do the time, don't do the crime."

But there are some instructive lessons here. First, in terms of how they caught Sabu, evidently he forgot to run his session through Tor on a few occasions and the FBI tracked his IP address. From there they got the proper warrants to monitor what he was doing and had him dead to rights. Game over. Security folks complain the bad guys have to be right only once to compromise a system. That is true, but the sad tale of Sabu shows that the bad guys also need to be right every time to not get caught. They can never put their guard down. The FBI is watching. Always.

Ultimately, we learn once again that crime doesn't pay -- especially when the crime isn't financially motivated. They are banking on change, so let's ask the question: Has anything changed from the journeys of the Lulz boat? Maybe, but probably not the change the hacktivists intended. It has definitely been a wake-up call for organizations that they can (and probably will) be attacked in a brazen fashion. Maybe they'll even improve their security programs. Sony? Bueller? Bueller?

Will the turning of Sabu act as a deterrent to the cybervigilantes? If you listen to the rhetoric coming via the Anonymous marketing machine, then probably not as they are talking about the next dox drop and defacing on Twitter as you read this. But I'm not so sure. Seems these folks forgot about basic human nature. The self-preservation gene is strong in humans, as is the need to protect offspring. Every person has a breaking point, and law enforcement seems to be pretty effective at finding it. So there are decent odds that they've turned many other folks within these groups.

Remember, many of these folks don't "really" know each other. Do you think they continue to trust with a jail sentence on the line? That's to be determined, but in the good ol' days if you turned on your partners in crime, then they took it out on your family. There doesn't seem to be a similar retribution model among hacktivists. Not yet, anyway. And we'll also hear about hacktivism is an ideal, not a person or a group.

Some of those folks are questioning with whom they are collaborating. Just as you don't know whether someone on the Internet is a dog, you don't know whether Sabu is really an FBI turncoat. And that sows the seeds of mistrust, which is the death knell of any crime syndicate, formally organized or not. There is one security truism that definitely applies in this case, and that's: "Trust No One." I don't think truer words were ever spoken.

Mike Rothman is President of Securosis and author of The Pragmatic CSO. Mike's bold perspectives and irreverent style are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike specializes in the sexy aspects of security, like protecting networks and endpoints, security management, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
herman_munster
50%
50%
herman_munster,
User Rank: Apprentice
4/5/2012 | 6:21:15 PM
re: Keep Your Friends Close, Especially If They Are Anonymous
"Maybe he reduced his sentence a little by-cooperating"?!-

He got Federal immunity on all charges in exchange for his cooperation. Instead of seeing the inside of a prison, he and his kids will enter the witness protection program...

News
A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/11/2021
Edge-DRsplash-10-edge-articles
Cybersecurity: What Is Truly Essential?
Joshua Goldfarb, Director of Product Management at F5,  5/12/2021
Commentary
3 Cybersecurity Myths to Bust
Etay Maor, Sr. Director Security Strategy at Cato Networks,  5/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-19924
PUBLISHED: 2021-05-18
In Boostnote 0.12.1, exporting to PDF contains opportunities for XSS attacks.
CVE-2020-20220
PUBLISHED: 2021-05-18
Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
CVE-2020-20227
PUBLISHED: 2021-05-18
Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
CVE-2020-20245
PUBLISHED: 2021-05-18
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
CVE-2020-20246
PUBLISHED: 2021-05-18
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.