Experts like Hans Rosling say intelligent things about measuring progress and security by looking at education and health, but there are many days when I feel like progress should be measured by Internet access. The latest study shows the U.S. ranks 25th in the world for Internet connection speed

nearly half of all U.S. residents’ Internet connections fall below the U.S. Federal Communications Commission’s minimum definition of broadband, at 4 megabits per second download

Well, at least they have education and health going for them…oh, uh, wait a minute.

Someone should turn the study into a comparison of defensive capability for cyberwar. That might turn things around in a hurry.

Just in case there was any confusion about this, the DDoS tool recommended by the so-called “Anonymous” group does not hide the source of attack — it is a simple load test application that includes its host IP address in outgoing packets.

The tool is called LOIC (Low Orbit Ion Cannon); a java version just released is called JLOIC. The LOIC FAQ tells users to lie when caught.

Q: What if I get caught and arrested?

A: You probably won’t. It’s recommended that attack with over 9000 other anons while attacking alone pretty much means doing nothing. If you are a complete idiot and LOIC a small server alone, there is a chance of getting arrested. No one will bother let alone have the resources to deal with DDoS attacks that happens every minute around the world. Then theres always the botnet excuse. Just say your pc was infected by a botnet and you have since ran antivirus programs and what not to try to get rid of it. Or just say you have NFI what a DDoS is at all.

PROTIP: If you do get arrested ALWAYS deny it, Explain it was botnet, Say you have dynamic IP and that they have the wrong guy. Also, epic lolz will be achieved because you are a fag. DDOS ONLY IN GROUPS.

Denial. That’s what they consider a “protip”. The FAQ makes it obvious that LOIC offers zero protection or means to attack anonymously.

Traffic from LOIC is easily traced to the attacker in its standard configuration. There is no need for a dump of network traffic to see this; it’s right there in the documentation.

The odds of arrest are increased by several factors, regardless of working in large groups. The prosecution claim from Holland gives a good example. Announcing online that you use LOIC to attack a prosecutor’s office, and others should too, is a good way to not only get caught but arrested and charged.

FastCompany says they have hacker motives all figured out. They report that attacks on Gawker, McDonald’s, and DeviantART suggest a “Massive Hacker Race for Glory”

While seeming ominous, the series of attacks might be nothing more than a giant pissing contest among different individual hackers or groups of hackers. And if that’s the case, it probably won’t end until we, the media, lose interest.

Hackers break into sites for one of two reasons: money or glory.

That is it? All the motives in the world and they can only think of these two? That is unfortunate. In fact, I would say they have confused consequences with motives. Some hackers may get money or glory from breaking into sites, but that is definitely not all that motivates them.

Motives are hard to understand but limiting ourselves to see only two makes our defenses weaker, as I have discussed before in my post “How to Make Quality Technology”.

Companies should always prepare themselves for far more than just the obvious financial-reward types and styles of attacks. This was a key tenet of my RSA presentations on the top 10 breaches, where I explain that financially motivated attackers actually end up in an anti-collaborative position, whereas socially, politically and culturally motivated attackers develop intent that is highly-collaborative (regardless of potential for glory).

Steven Levy gave a list in Chapter 2 “The Hacker Ethic” of the 1984 book called “Hackers: Heroes of the Computer Revolution” that should make it obvious why there may be more than two motives.

1. Access to computers – and anything which might teach you something about the way the world works – should be unlimited and total. Always yield to the Hands-On imperative!
2. All information should be free.
3. Mistrust authority – promote decentralization.
4. Hackers should be judged by their hacking, not bogus criteria such as degress, age, race, or position.
5. You can create art and beauty on a computer.
6. Computers can change your life for the better.

FastCompany bases their analysis on a single security expert from Hollywood and Beverly Hills of southern California — an area known for money and glory as motivation — who used to work for MySpace. They may have found one view, but there are others…as Anais Nin once said “we don’t see things as they are, we see things as we are.”