March 9, 2012; Source: Reuters
Authorities say they have arrested a member of the small but highly feared “hacktivist” group Lulz Security (LulzSec), and that the man worked at a nonprofit information security firm in Galway, Ireland. Darren Martyn, an Irish student, was allegedly a major player in online security breaches around the world, and was named in an indictment unsealed in the U.S. District Court for the Southern District of New York. Until recently, Martyn was a local chapter leader of the Open Web Application Security Project (OWASP), an international body that produces open source programs to improve security. His arrest comes as purported LulzSec ringleader Hector Xavier Monsegur—otherwise known as Sabu, of New York City—received a non-prosecutorial agreement in return for helping law enforcement put other hackers behind bars. Monsegur previously worked for nonprofit software developer OpenPlus (which was founded by the entrepreneur who created Limewire, the music sharing program that was shuttered after a copyright battle with the music industry in 2010).
Some in the information security industry have cheered LulzSec and Anonymous (the larger group of hackers which is reported to have “given rise” to LulzSec) as protectors of individual freedoms on the open Web. While many hackers are drawn to “black hat” hacking—defined by malicious intent— at a young age to test their capabilities, some shift to the more civic-minded “white hat” hacking, which is a benevolent effort to raise security awareness. Some have a foot planted in both worlds, protecting Web security by day and conjuring ways to breach electronic fences at night.
Straddling these two worlds at the 2011 DefCon security convention, panelists suggested Anonymous could improve its efficacy and reduce harm by publishing guidelines and then punishing only those that violated the group’s principles. Two of those panelists, Josh Corman and Brian Martin, have called for a “better Anonymous,” which they say “does not mean more criminal acts in the name of the greater good, [but]…a more efficient organization that can achieve the same (or better) results with less collateral damage.”
Thomas Brennan, a director of OWASP’s parent group, said that it’s not a difference in talent which separates the good and the evil in the Web security universe, but rather the choices that individuals make: “It’s about laws and ethics, and people have to determine whether they want to follow the speed limit, follow the law.” Martyn himself (unless it was someone else posting under his name), recognized as much in an e-mail last October, which read, in part, “Remember, all hackers have potential to do good as well as evil, it is just a matter of their choice.” –Louis Altman