CIA site downing by LulzSec slammed by security experts

According to Tom Turner, senior vice president of marketing with Q1 Labs, the security intelligence consultancy, the hack of both the CIA and US Senate web sites should remind IT security staff of the critical importance of guarding their online perimeter.

"With the European Union considering tougher penalties and responsibilities to protect against cyberattacks, government agencies need the ability to ensure compliance with IT security policies", he said.

They also, he added, need to establish new agency-wide benchmarks and generate continuous, real time reporting to protect themselves against attacks like the ones seen this week.

Graham Cluley, senior technology consultant with security vendor Sophos, meanwhile, said that, whilst some people think that LulzSec’s actions are a fun game that can also help point out corporate security weaknesses, the truth is that companies and innocent customers are - in the worst cases - having their personal data exposed.

"There are responsible ways to inform a business that its website is insecure, or that it has not properly protected its data. What's disturbing is that so many internet users appear to support LulzSec", he said.

"Crucially, a denial of service attack - like that which appears to have hit the CIA website - is against the law. You have to ask yourself if LulzSec has finally bitten off more than it can chew", he added.

Cluley went on to say that, with the CIA attack, LulzSec has effectively just poked a very grizzly bear with a pointy stick, adding that this may prove to be the hacktivist group's undoing.

What’s hot on Infosecurity Magazine?