What the hacking groups are after
Newspaper headline reads: "Hackers hit."
Kai Ryssdal: Over in London late last night British police arrested a 19-year-old man in connection with some of the big computer hacking episodes of late. Specifically, they're trying to tie him -- and the group he's suspected of belonging to -- to the hacking of Sony's PlayStation game console a month or so ago. Elinor Mills covers cybersecurity for CNET. Welcome to the program.
Elinor Mills: Thank you.
Ryssdal: How much do we know about these two groups in the news today -- Anonymous and LulzSec, if I'm pronouncing that right?
Mills: Not a lot. LulzSsec, they are hackers with a humorous bent. They say that they're doing it for the kicks. Anonymous, they've been around for a few years. They previously had targeted Church of Scientology, and they also went after late last year, they shutdown temporarily some sites belonging to PayPal, Visa and MasterCard -- after those financial organizations had stopped allowing Wikileaks to get online contributions.
Ryssdal: Is there a way to tell, basically, the financial damage that these hacks have caused?
Mills: It's really hard. And I'm sure that the website owners and companies are going to figure it out. When a site is down, their customers can't get to the site. There is also the money spent in having IT people, administrators, work 24/7 to try to and get the website back up. So they're at cost here, but it's always a question of how much.
Ryssdal: Maybe it's just me, but it kind of seems like these two groups specifically are doing it because they can. You know, they're taking down the CIA website, they're taking down the Senate website and basically doing it because they can get away with it.
Mills: You're definitely right. They are. With LulzSec, they're doing a lot on Twitter talking about their attacks, taunting their victims. So there is this sense of look at what we've done, aren't we great?
Ryssdal: Are these guys really out for money? Are they stealing money and transferring it to their accounts when they break into Sony and the PlayStation and all that?
Mills: No, not as far as we've seen. They're not really going after any kind financial data or using that information to transfer money from accounts at all. This doesn't look like financial motivation at all.
Ryssdal: Where does this get us, then, in the end?
Mills: I think the message here is if you have a website, if you're storing customer data, if you have anything sensitive, you have to take measures to protect your website basically. I think a lot of websites and a lot of companies out there -- I mean, big ones like Sony -- they did not do enough to protect the data. A lot of these attacks are basic. You know, SQL injections, something that's pretty common, and it's easy to protect against. And if the government and big companies are not doing it, then how secure should we feel?
Ryssdal: What kind of injection was that? It sounded pretty technical to me.
Mills: Yes, it has to do with SQL databases -- S-Q-L. I know, it's kind of techie, but it's a common type of attack on a website.
Ryssdal: So it's not hard? What these guys are doing are not technically sophisticated?
Mills: Not really. And there are exploits and there's code out there, widely available. You don't even have to write your own code.
Ryssdal: Which makes this whole thing even scarier.
Ryssdal: Elinor Mills from CNET, thanks a lot.
Mills: Thank you.