Finally, an arrest of a LulzSec member
Last week I attended a conference sponsored by the International Association of Privacy Professionals. Their "Privacy Practical Series" is touring the nation and brings with it a wealth of information.
So, let's just check in and see what happened while I was away...
Oh, ADP confirmed their breach. Recall, they're the largest payroll company in the world.
We had another breach of a Internet based gaming system. SEGA announced the breach of about a million people's information including name, date of birth, e-mail address, and "encrypted" passwords. (Please tell me that they at least held some meetings after the Sony Situation)
And how about this one: There is a virtual currency called "Bitcoin" that is "traded" on an exchange called "Mt. GOX". No, I am not kidding... I spent an hour trying to find a way to explain to you how you earn "bitcoins" and where you "spend" them. I still don't know exactly how you "earn" them, but if I want a piece of software or a game, someone will trade bitcoins for them. I get the basic premise, anything can have "value" within a subset of humans.
For example, there is an island in the South Pacific called YAP, whose money supply was based on rocks. The bigger the rock, the more valuable. Of course, if you take that rock to say, Hawaii, it's just a rock. These are "special" rocks and there are a fixed number of them and the inhabitant of YAP can get "stuff" because of their particular rock, but really, they're still rocks, except on Yap (PS - they switched to the US dollar - probably wanted to vacation in Hawaii).
Apparently this "exchange", called "Mt. GOX", was recently hacked (the name has a story too, it stands for "Magic The Gathering Online eXchange" you gotta read that stuff). Mt Gox will value the bitcoins against real currency, say the US Dollar. Before the hack, one bitcoin was worth $17.50 USD ($). After the breach one bitcoin was worth as little at $0.01 USD - kind of like taking that rock to Hawaii, right?
Someone or someones hacked into Mt Gox, got a hold of the account information for a lot of accountholders of bitcoins and dumped (sold) them, devaluing the rest of bitcoins in existence. Many others who were watching this took advantage of the situation by buying low and selling a little higher, and followed the market all the way to zero. The people who run Mt. GOX say that they're going to "rollback" those transactions. I say good luck. You think the profiteers didn't "exchange" their profits for real money and then withdrew it?
Why do I bother you with such drivel? To point out how a data breach can cause real damage. What if they got into the New York Stock Exchange? Or NASDAQ (which they did, but in a different way) The results would be absolutely disastrous. Imagine a concerted effort to devalue our currency, or any real currency for that matter. One day your $4 buys a loaf of bread, the next day you need $40. You don't have to be a math major to see how bad it would be...
Which leads me to the final story of the weekend - the "merger" or "re-merger" as it may be of LulzSec and Anonymous. They have teamed up and declared "war"on the governments and banks of the world. They even named it: "AntiSec" for anti-security, I presume. Could this "dream team" somehow affect the world's various currencies?
I usually question businesses for their lack of attention to security, today I am asking the Governments of the world to find these punks. LulzSec took down the CIA's website, THE CIA!! LulzSec has a website (lulzsecurity [dot] com) where they post the stolen information. Now, I know that they can move the site from server to server around the world to avoid detection, but are we (see: Governments) admitting that we can't find them? Can't find the site?
I have met some federal agents who are fairly talented in the cyber world. I know that our Government has the resources to search the entire World Wide Web. Let's put those two together and find these criminals.
BUT WAIT!!! THEY DID FIND ONE!!!
I am very glad to hear that the FBI and New Scotland Yard are all over this. Of course, with such a decentralized group, they'll never disappear completely, but if the punishment is meted out appropriately perhaps it will deter the next 19 year old from thinking this behavior is "fun."
I suggest we all make a note to see how the justice system handles this individual.