OneAndOneIs2

So, in the news today, LulzSec announced it's finished and going away.

This is the group of hackers that brought down Sony repeatedly, briefly took down the CIA, and generated a lot of news headlines when they published a lot of account details and passwords they'd stolen from networks they'd cracked.

This naturally lead to a very black picture getting painted of them in the media: Nasty hackers have exposed YOUR passwords to the internet! Anyone who wants to can look at your login details and steal your account! And if you re-use your passwords, they can get into your OTHER accounts!

And all this was true. Innocent people had their accounts all over the web stolen or disrupted. And that's not nice. And so they consigned LulzSec to their mental "Nasty people" list and blamed all their problems on them.

Sadly, that's where thinking seems to have stopped for most people. So allow me to point something out:

LulzSec aren't the only hackers in the world. Nor are they particularly gifted.

They cracked a lot of networks and exposed to the world how poor the security of many of the biggest websites in the world is.

Do you really think they're the ONLY hackers who've found the vulnerabilities in those networks?

Do you really think that your login details were secure and safe before LulzSec came along?

LulzSec were very vocal and showed the entire world just how easy it was to find other people's account information. They exposed how easily password re-use could allow somebody to get your details from one website and steal your accounts on other places: Somebody gets your Sony details, and next thing you know they've got your Facebook and Gmail accounts too.

You think nobody ELSE had done what they did?

You think the spammers and identity-theft merchants and all the other nasty people on the Internet hadn't employed the EXACT same tactics to get hold of all your details BEFORE LulzSec came along?

And when they did, do you think they'd have told you about it in a blaze of media publicity?

Wake up to reality, people: Your accounts were insecure long before LulzSec came along, and the people who stole your info didn't do anything as nice as tell you about it. They got your info on one site, they used it to get even more info from other sites, and then they sold it to whoever wanted it. Quietly and secretly. Maybe if you're lucky, you got tipped off by a big credit card bill and worked out you were the victim of identity theft. More likely, you still don't know today that you've been compromised.

LulzSec proved beyond any doubt that even the big, well-funded websites that people trust to be secure, aren't. They did so by publishing the information that they stole, and sure, some people suffered as a result.

But don't shoot the messenger: If your details got published by LulzSec, they'd already been compromised long before they got involved. The only difference is, courtesy of LulzSec, now you know about it and can maybe think about protecting yourself from it happening again.

Sure, there are other ways they could have handled it. I doubt even LulzSec themselves would try and argue that their motives were 100% noble and pure.

But there was an important signal mixed in with all the noise, and it's sad to see that it's been lost in transmission.

LulzSec was a lesson, and the world still hasn't learned it.