UK hacktivist cases should spur business to action, says lawyer

The last of four alleged UK members of hacktivist group LulzSec has appeared in Westminster magistrates court in London

The last of four alleged UK members of hacktivist group LulzSec – a spin-off from the hacker collective Anonymous – has appeared in Westminster magistrates court in London.

Ryan Ackroyd is accused of conspiring to bring down the websites of the UK's Serious Organised Crime Agency (SOCA) and US Central Intelligence Agency (CIA).

In light of the LulzSec case, UK businesses should be looking at how they should be strengthening their internal IT security policy, said lawyer Sam Jardine.

Ackroyd is also accused of attacks on the NHS and News International, publisher of the Sun, as well as police authorities in the UK and US.

In his court appearance on Friday, Ackroyd spoke only to confirm his name and address and was granted bail until a plea and case management hearing at Southwark crown court on 11 May, on condition that he does not access the internet, according to the Guardian.

Jardine, an associate at international law firm Eversheds, said organisations should be checking if their web servers are secure enough to survive hacking attempts, and resilient enough to survive denial of service (DOS) or distributed denial of service (DDOS) attacks.

Organisations should also be looking at what information is held on networked machines as they are under a legal duty to keep electronically held information safe and secure, he said.

Jardine said information leaks can lead to huge losses and, depending on the nature of the information, result in claims for breach of contract, breach of confidentiality, negligence, or data protection legislation.

“Those organisations which were hacked would have kept the information on networked machines, be they connected to LANs, WANs or the internet generally. If a machine has no connectivity, then hacking via this method is simply not possible," he said.

Organisation should strive to keep sensitive data on systems that are not connected to a network, Jardine said. 

Where that is not possible, they should use only strong passwords and change them regularly, implement robust firewalls and anti-virus software, and ensure USB or other ports are disabled as part of their internal IT security policy, said Jardine.

FBI investigates Anonymous intercept of call with Scotland Yard >>

Read more on IT legislation and regulation

Data Center
Data Management