A 24-year old Central Coast IT pro has been identified as the self-proclaimed leader of online hacking group LulzSec and charged with hacking offences by the Australian Federal Police (AFP) after being arrested at hs workplace last night. While full details of the case won't emerge until he appears in court in May, the AFP used the arrest to remind businesses of the basic principles they should follow to avoid similar attacks.
Login picture from Shutterstock
The man is alleged to have installed a backdoor access system into a government web site, taking advantage of a remote access loophole which has since been closed. He works for the Australian branch of an international IT services company, though this hasn't been named.
As the AFP announcement notes, the Defence Signals Directorate recommends four key strategies to minimise the risk of such hacking incidents:
- Use an application whitelist so that unauthorised software can't be installed on servers.
- Ensure that systems are regularly patched to eliminate known security issues.
- Make sure administrator privileges are tightly contained.
- Only use current versions of operating systems whenever possible.