OPINION: Industry hasn’t learnt from LulzSec

From Nintendo to Bethesda and BioWare to Epic, LulzSec hit some of the biggest names in our industry.

Not only were websites and forums brought to their knees, but the games themselves and the players within them, too. Popular online titles such as Minecraft and EVE Online were taken down in an instant. Millions of usernames and passwords snatched at the click of a keyboard button. Even the FBI could not avoid LulzSec’s virtual destruction.

We’re not denying the frustrating and time-wasting implications of LulzSec’s nuisance pranks, but considering the group’s self-proclaimed intentions were jovial – or even in some instances, dare we say it, helpful – attacks from other more malevolent hackers could have been much, much worse.

Would another less forgiving group have warned the NHS of weaknesses in their computer network? Would they have chosen to hand back the details of 200,000 Brink players to Bethesda, rather than upload them or even sell them online?

What if hackers had targeted a retail website? Millions of customers use the likes of Amazon.co.uk to buy games, consoles and other products, which means millions are potentially liable to having their accounts and payment details stolen.

The shocking truth is that hackers have been intelligent enough to breach these kinds of security systems for years – and now companies need to act to ensure their security systems are watertight.

Another problem is that LulzSec – along with the PSN breach earlier this year and George ‘GeoHot’ Hotz’ antics before that – have proven to the world that hacking some of the biggest games companies in the world is possible. They’ve shown how easy it is.

Hundreds of hackers and wannabe internet pranksters will no doubt have been following LulzSec’s actions closely, and some may have been inspired by their attacks to orchestrate security breaches of their own.

Thankfully, in all three major cases this year there have been consequences. Hotz received a permanent injunction from Sony after running illegal homebrew programs on the PS3, three anonymous hackers allegedly responsible for the PSN outage were arrested, and LulzSec suspect Ryan Cleary was slapped with an internet ban.

But are these punishments enough? Hotz is apparently now working for Facebook. Should companies be forgiving of individuals, aggressively oppose them or ignore them? Just how tight should a website or game server be? Will we ever be able to prevent all kinds of hacks?

LulzSec may have retired after its 50-day hacking blitz, but there are lessons we can all take from its spate of web-based security attacks. Other industries should take note of the problems games companies have faced over the past couple of months, while publishers should be better aware of external breaches.

Companies shouldn’t just sit by and watch their contemporaries and rivals fall victim to hacks. When hackers came for Nintendo’s website, and no other companies spoke out, then surely there will be no one to stand up for them when the inevitable happens. These kinds of attacks are crying out for united action.

Like viruses, hackers will always find new ways to penetrate the systems and services they want to access, whatever the motivation.

But there are no excuses. It’s your job to be aware of the possibilities and understand how to prevent them which will determine the safety of your customers’ and clients’ data going into 2012 and beyond. They will expect nothing less – and you shouldn’t, either.

About MCV Staff

Check Also

When We Made… Remnant II

David Adams, Remnant II game director and president of Gunfire Games, tells Vince Pavey about the work that went into developing the sequel to Remnant: From the Ashes as the pair avoid catching Root Rot