Wednesday, February 08, 2012

Hackers catch Syrian officials using '12345' as passwords

How many times has it been demonstrated that it's a bad idea to have simplistic passwords like "12345?" To be honest, too many times to count. Yet here we have another example, and this one is one from a place that should know better: the office of Syrian President Bashar al-Assad.

iolo System Mechanic® - Fix, Speed Up Your PC
Hackers affiliated with the loosely-knit hacktivist group Anonymous attacked the mail server of the Syrian Ministry of Presidential Affairs on Sunday night. The group said they managed to break into 78 email inboxes, including those belonging to Assad's media adviser, Bouthaina Shaaban, and that of the Minister of Presidential Affairs Mansour Fadlallah Azzam.

Hundreds of email messages were exposed. Also exposed were the weakness of the security among the email accounts. There were 78 email accounts hacked, and 31 of them had the "password" "12345." A number of other passwords minor variations on that theme. Among the other passwords among those hacked were:
  • iloveyou
  • 123vivasyria
  • system
  • honda2011
  • testing
Security experts recommend that passwords not be real words, and that they contain numbers and special characters such as %, $, or ^. Annoyingly, some systems do not allow anything other than numbers and letters --- still.

Naturally, the longer the password, the better.

In November, SplashData's annual list of most commonly used passwords showed that "password" was the most popular, followed by "123456" and "12345678."

No comments: