Update: as I rather suspected would happen, LulzSec have disclaimed any attempt to hack the Census data, or responsibility for the pastebin.com post. They’ve also denied that the Essex hacker is one of them. I think it would be naive to assume that everything LulzSec tweets or puts out as press release must be true, of course.
You may have seen reports that the entire UK 2011 census data have been compromised. I have no idea at this point whether there has been an attempt on those data, and if there was, how successful it was and who was responsible. But I suggest that before UK readers start to panic, they take a moment to reflect.
- As several people, notably Graham Cluley, have already pointed out, anyone can post to pastebin.com claiming to be anyone they like, including LulzSec.
- Census day was 27th March. However, the online census form didn’t actually close, according to http://2011.census.gov.uk/ until 22nd May, and since UK citizens are required to submit information as soon as possible after Census day, paper forms could, in theory, still be trickling in. In any case, the number of people who submitted the paper forms must be immense. What do you think the chances are that all those data have already been entered into a database, given that the report analysing the data is not due for release until 2013?
- While stealing the census data would be a coup, and would certainly risk compromising some data, depending on exactly how such data are processed, it wouldn’t involve the revelation of sensitive financial data, for example.
- In any case, news is just breaking that a hacker alleged to have masterminded LulzSec’s attacks on Sony, the CIA and SOCA has been arrested in the UK. If this is so, this is bound to have some impact on LulzSec’s activities in the near future, even if I’m not going to be drawn on what that impact will be.
Don’t panic. But keep reading the news and don’t believe everything you read.
Hat tip to Graham Cluley and Mikko Hypponen re the breaking news of the arrest.
David Harley CITP FBCS CISSP
Small Blue-Green World