LulzSec victim: 'They are terrorists!'
Editor's note: Yesterday, hacker group LulzSec Security released a cache of documents taken from Arizona Dept. of Public Safety servers. The data dump included personal information, such as home address and spouse's name, for cops. Here, a victim from an earlier LulzSec data dump -- 62,000 stolen usernames and passwords, many connected to public services like AOL and Gmail -- has something to say about the group. This commentary is edited together from separate emails. Fearing reprisals, the LulzSec victim requests anonymity, so we can't fully verify the story. But based on email exchanges we're confident it's legit.
The feelings that morning as all my accounts were being shut down for no apparent reason was like my experience in Washington, DC on 9/11-- initially confusing. Then as news reports leaked out and I realized that I was a target, the panic ensued. Just [like] we were hearing that our building might possibly be a target of an aircraft on 9/11.
Then [came] the scramble to try to make sure that nothing was being damaged or destroyed (in this case, my identity, bank accounts or credit rating). Just like all the news reports about places where I had friends and family. That fear spread with every joyful tweet from LulzSec reporting every incident of innocent people being harmed. I had thought 9/11 in DC was a pretty terrifying experience, but this was even closer and more personal.
When this attack occurred it shut down my life for the most part for the day. That alone was scary but imagine it dragging on for weeks trying to sort through and repair the damage it could have caused (as it appears to have done to some).
The Freedoms We Lose
There are the LulzSec/hacker types who have some valid points and the government/corporate side who have their points. If LulzSec were really trying to "make things better" they would have alerted me anonymously as to what they had done -- told me which company had such weak security and warned me that I was vulnerable and to change my password and possibly vendor immediately. Also, to support or apply pressure where needed to achieve their aims. I would have been grateful to them and responded.
They want me to thank them and blame the company that was robbed. I don't thank bank robbers and blame my bank. Banks wouldn't need tight security if not for bank robbers, just as people once didn't need to lock their doors at night.
People in the middle are not necessarily weighing in but quietly listening to both sides. But once the middle gets dragged into the battle, they are always going to side with whichever side makes them feel safest. Even if it means giving up a lot to accomplish it.
Hardly anyone really likes the idea of wiretaps, pat downs and the like, but when offered the choice between that and another attack they side with overkill. The same thing will happen to the hackers and their agenda. People will give up freedom, security, anonymity etc. online so long as their families are safe online and off.
Killing the Online Person
Most people now have an online self that is probably more vibrant than their offline self. Commerce, communication, relationships, employment etc. I have telecommuted for years -- do most of my shopping online.
When LulzSec commits an attack like this they harm or even "kill" the online person. I am now seriously considering giving up my email account of 9 years because I am getting tons of spam since the attack, which I hadn't gotten before because I was generally very careful about how and where I used my email address. Giving that up is like giving up a small part of myself.
Al Qaeda can kill the "meat space" person, but, generally speaking, the odds of that happening are remote. But because of the basically zero cost of the online world it is easier to "kill" many more people at a time. Like the first World Trade Center bombing, this attack had limited damage, but by intent or luck a 9/11-scale online attack could do as much damage that will cause even greater damage to a greater number of people.
They are terrorists and they are making new enemies every day.
Terrorists wish to force governments and others to change policies they don't approve of and use attacks to generate panic amongst civilian populations in hope they will apply pressure to their governments. Al Qaeda does this. So does LulzSec. Terrorists act anonymously and then take credit for the attack in its aftermath. Al Qaeda does this. So does LulzSec.
Terrorists have no compassion for the collateral damage done to victims who aren't the target of their ire. LulzSec expressed this emphatically by encouraging people to inflict as much damage as possible on those logins and passwords.
I have shared my experience with many friends, families and colleagues and they feel the same way. Many of them thought hackers benign college goof balls. Now they view them, as one colleague put it: "Like those young guys who strap bombs to their chests and blow up families at weddings".
UPDATE 2pm ET: From its Twitter account LulzSec responds:"If we're terrorists, then you're a jackass for reusing your password everywhere for 9 years". Clarification: The author used the same email address for 9 years, which is different.