Why LulzSec is important. But why it had to die.

In the last 50 days, a group of anonymous hackers calling themselves LulzSec have been often featured in the news. Yesterday, they just called it quits, announced that enough is enough, and that they are going back to their normal lives.

Leaving aside speculations on whether or not this stop was planned (as they claim) or not (as many seem to think), it’s important if we want to understand the importance of what happened so far, to look into recent events, mostly the leaking to the press of an internal online chat transcript by a LulzSec member (link), the arrest in the UK of an alleged member (link), and the attack from another anti-security hacking team (link), among others.

The thing is, whether we like it or not, we collectively need groups like LulzSec, to expose the reality of dangers brought by the adoption of a new and “immature” system such as the Net, managed by humans with less than perfect knowledge of it, to handle all our activities, including those who require the highest level of security, such as credit cards information storage and transactions, or police internal activities.

LulzSec reminds us that if we choose to put all our eggs in the same basket, we need a stronger one, better managed by more competent people. It shows this to us the hard and painful way, so that we, as users, really get a feel of the danger. And it reveals how we never took it seriously so far.

Being told to use secure passwords other than “password” or “1234” seemed not that important, until your Amazon account is abused by a prankster, who also erases all your email. Sad but true: Fear is a strong motivator. And blaming others doesn’t solve a thing when we didn’t properly take care of our own security in the first place.

Additionally, LulzSec — like Wikileaks not so long ago — also warns of an upcoming flaw in the system, which has been discussed in science-fiction literature since the beginning of the genre: the “Big Brother” syndrome in which authorities control the tools, and citizens lose their humanity. It is a vicious/virtuous circle, in which, the more governments want to censor the Net, the more hackers will offer ways for free humans to circumvent censorship.

You may like the idea of a strong government, and trust your elected representatives, but it is quite easy to imagine how Net censorship starts with child pornography and doesn’t end there, eventually getting abused into controlling what the people should or shouldn’t read/see/hear/know.

China is a good example of what not to do: if you ask the Chinese government, they will explain how important it is to obfuscate certain content, for the good of the Chinese people. Yet, there isn’t a student in China who doesn’t know how to use VPN and proxies to access censored material. If anything, Chinese students are effectively generally more computer savvy than Western ones because of that.

LulzSec (or any other anti-sec hacking group) is bad for now. It destroys and jokes about it. But its very existence is good, as a reminder that there *can* be a resistance, should everything turn bad. Somehow like the Cold War: it’s an “if” case scenario, a deterrent, effective if ever needed.

But unless there is a civil war or a revolution, such groups will always have to stay in the underground shades. Coming to the light of media like LulzSec did will invariably get them too close to sun and lead them to a crash-and-burn.

This is for 2 reasons:

The first one is that guerrilla follows the same rule as mafia criminality (and high-profile lawsuits): you need to be ready to go further than your opponent, to make them back down. If they know they can go further than you, and they are ready to do so, you are done.

When you are fighting governments, what matters is the final outcome of the war, not the individual battles.

The second flaw about being all over the press and stay anonymous at the same time, is that you can and *will* get responsible for all and any problems that arise, even those unrelated to your activities. In other words, you are guilty until proven innocent. This means it becomes increasingly difficult to control your communication, to cultivate the sympathy of your fans, and fight against disinformation, real or fake leakage of information, etc. Al Qaeda and LulzSec can’t really sue anyone for libel, can they?

This results in making the only response possible more aggressive than the previous one, losing more credibility and empathy every time.

If a group of young hackers are not ready to become full-fledged terrorists (some do, some don’t), they better stay underground. Or quit while they’re ahead. This rule doesn’t apply to governments nor international police organizations, obviously, who have a bigger margin of error.

LulzSec claims that they “planned” to be live for 50 days, and then quit. Believe it or not, it is quite clear that its members felt the heat and will be looking over their shoulders for a while. And also that some other group will rise from its ashes sometime soon, just for the lulz.

© 2023 Yves Bennaïm