What the LulzSec UK census scare says about public paranoia over security

Despite the media panic, the hackers must be denied the last laugh…

Just when we need to be building public confidence in the cloud, the recent spate of data breaches - real and notional - is feeding popular fears, says silicon.com's Nick Heath.

There was a time when the suggestion that every record from the UK census could be stolen would have been laughed out of town as an impossibility.

But for several hours on Tuesday, the UK media took the claim that the entire 2011 UK census data had been filched by hacking collective LulzSec deadly seriously.

The fact such a claim - made anonymously in a dark corner of the internet - was even entertained by the UK press reflects the level of paranoia about the security of our information in the online age.

Information security, once a dry-as-dust topic ignored by the populace, has become a regular fixture in national headlines in recent months following a string of high-profile data breaches and online attacks.

Looking at the roll call of international companies and law enforcement organisations that have fallen victim to online attacks - whether it is financial details being stolen from Citigroup or the Serious Organised Crime Agency having its website knocked out by a DDoS - it can seem like no area of the web is safe.

LulzSec fail ship

The logo and boat motif used by hacking group LulzSec, which has claimed responsibility for a number of recent attacksPhoto: LulzSec/Pastebin

To the general public it must appear that hacking groups such as LulzSec and Anonymous are able to operate with impunity, targeting companies like Sony and MasterCard and then melting away into cyberspace.

Even when these groups' members are arrested by police they are as the mythical Hydra: cut off one head and another two spring up in its place. As Anonymous themselves put it, "We are legion".

And it is not just the audacity of hackers' choice of targets that has caught the public imagination but also the sheer scale of information theft being perpetrated. For instance, the hack on Sony's PlayStation Network alone is believed to have compromised 77 million customer's details.

Even the bad guys themselves have the idea that no organisation is too big to hack, with LulzSec teaming up with Anonymous to target the highest echelons of government and industry as part of a joint operation they are calling AntiSec. Just read the operation's stated aims: "Top priority is to steal and leak any classified government information, including email spoofs and documentations. Prime targets are banks and other high-ranking establishments."

The general perception among the public and the hackers appears to be that government and industry are at the mercy of the criminals when it comes to data theft and other online attacks.

If this balance is not redressed - by prosecuting more hackers, improvements to information security and better co-ordination between industry and government over online threats - then how can government or business expect the public to enthuse about the much vaunted move to the cloud?

If anything, it would seem likely that online hacking attacks will increase as more and more valuable personal and financial information is stored in the hands of relatively few large online organisations, and these digital honeypots become an increasingly tempting target for hackers motivated by financial gain, or even just the lulz.

There's plenty of scope for improvement when it comes to corporate attitudes to information security. Purely on a technical level, some of the biggest information security breaches in recent years have exploited flaws that would have been easy to fix, such as taking advantage of simple holes in web applications using a SQL injection attack.

It's now almost four years since the HMRC lost the records of 25 million people, prompting a major overhaul of information security in government, but, if anything, concerns over the security of our digital data have heightened since then, not diminished.

When people are being asked to place huge amounts of data in the hands of a third party - whether it is electronic medical records in the NHS or photos in a consumer cloud - they need to be sure their details are as safe as the cash in their bank account.

If organisations can't or won't do more to stem the tide of information security breaches, then data security paranoia will persist and any enthusiasm for the cloud will slowly evaporate.