This afternoon, the hacking collective known as Lulzsec announced that after 50 days of lulz, that they were hanging up their boots. In many respects, the decision would almost guarantee that the organization would vanish, despite attempts to identify or apprehend the members. Many people within the security community and beyond promptly tweeted the announcement, and responses on IRC and social media ranged from jubilance and relief, through shock, disbelief, and rage. After considering the meaning, a couple of things came to mind:

1. Lulzsec is being truthful and honest. Maybe law enforcement was getting too close, maybe they really did intend to only operate for 50 days. Either way, this is exactly what they announced. They are done, and I will have more on this later on in the post.
2. Lulzsec is going on hiatus, only to emerge as a silent or not-so-silent organization.
3. The Lulzsec announcement was, in fact, a milestone lulz. Maybe they are not going anywhere and they just pulled the prank of the year on the information security community.

Let’s put this in a more holistic perspective. From my perspective, I am concerned about the number of people that jumped on the story and took this organization at face value. We must remind ourselves that regardless of the good nature outlook and sense of humor, the group is breaking the law. For the community to quickly respond at the announcement without considering the full spectrum of possibilities is disconcerting. We trust a criminal organization, but we listen to the news every day with a skeptical outlook, ready to pounce on spin, bias, and outright foolish journalism. Something is wrong here, and according to Shawn Achor, what we are seeing is known as the Tetris Effect. We are so used to seeing specific patterns, that we begin seeing everything through that lens.

To break out of the Tetris Effect, we need to simply practice what we preach. Ethical hackers and white hats often rationalize their usefulness in the perspective of needing to think like a hacker to prevent a hacker. Based on this philosophy, the rush to judgment indicates that we all can be guilty of believing all of our own assumptions without considering alternatives. I do not possess any additional information than anybody else does about the situation, but when a learning opportunity presents itself, it is important to remind ourselves that there are often more perspectives than the instinctual response. Our customers are expecting us to analyze the situation completely and consider alternatives that are not readily apparent.

Until next time…