Sadly, exploitation is often much easier than protection. They only need to find one hole - the defender must secure everything.

Oh, and it's probably not good to encourage this kind of thing either.

But it's worse to hide and ignore the problem. The other poster hit the nail on the head. This stuff is happening on a much larger scale - it's only because of lulzsec/anonymous that anyone even has a clue how bad the situation really is.

Actually, I don't disagree with you - it's a good thing (for a certain value of "good" - in a perfect world, things would all be secure, and we'd ride unicorns everywhere) that this kind of stuff is exposed.

What I disagree with is the "giving them a job" bit. I don't think that rewarding these kinds of people with employment is right - part of working in computer security is having a certain code of ethics. Whereas I'd much prefer that this kind of stuff be made public, giving them a job is similar to rewarding a thief with a job as a cop.

People are free to disagree, of course :P

Due to the anonymous nature of these things, some of these recent attacks could easily be from within the USA's govt, just like the anthrax letters were.

It does seem clear, though, that we all have a lot to learn about protecting information...

Yeah, "defender's advantage" does not apply in the wacky world of computer security.

I'm not encouraging the act, I'm just saying the companies should respond pro-actively not just pretend the problem(s) don't exist. Doing nothing is the absolute worst option.

Their habits show that they would not be interested in a job at the targets of their hacks, and a good portion of them are likely employed in the infosec industry already.

These aren't kids.

> At this point, I think these guys should be given a job.

Who says they haven't been offered some?

Or, even more frightening, what if this is their job?

Or already have one and these are their Weekend Projects.

Funny, but I imagine that this would be a really really good way to be fired and blacklisted in the security penetration community.

Somewhat akin to having a day job installing security systems, and by night, breaking into houses secured by your competitors.

No, they're probably infosec and just don't go around blabbing about their night activities.

It's not always about exploits and vulnerabilities, social engineering can also be extremely dangerous.

Computer disks and USB sticks were dropped in parking lots of government buildings and private contractors, and 60% of the people who picked them up plugged the devices into office computers. And if the drive or CD had an official logo on it, 90% were installed: http://thenextweb.com/industry/2011/06/28/us-govt-plant-usb-...