Not for the first time here, we find ourselves talking about passwords. In January, the software company SplashData listed the most popular passwords of 2013, on the basis of millions of passwords found on the Internet. Among the most frequently used were simple combinations: ‘123456’ was in first place followed by ‘password’.
We’ll have to see what comes out in the next report, though we’ve already seen how even cyber-criminals can make such a simple mistake.
Jeremy Hammond was arrested in Chicago in 2012. In those days he was the most wanted cyber-criminal. He had managed to compromise the Web page of Stratfor, an intelligence and espionage firm whose customers include the U.S. Defense Dept.
The authorities managed to track him down with the help of Hector Xavier Monsegur, leader of the now defunct hacker group Lulz Security. This organization was the alleged perpetrator of the attack on the CIA’s website in 2011 and the theft of Sony Pictures user account details in the same year.
They finally caught him, though Hammond had time to shut down his Mac laptop before the police got into his house. To start it up again they needed his password.
Hammond is now serving time in Manchester Federal Prison. While behind bars, he’s explained that hacking Stratfor’s Web page was not difficult. The main error, he claims, was that those responsible for the site had not encrypted their customers’ credit card details.
His own error, however, was quite different. Hammond has acknowledged that the weak point of the computer that he had used for a number of ‘jobs’, and which no doubt let police IT experts get into the machine, was its password. “Chewy123” is simply the name of his cat (plus the obvious sequence of numbers).
We have often spoken here of the techniques you can use to avoid making the same error as Hammond. Make sure your password is complex, and never use a sequence of numbers or letters.
There are also tools available to check the strength of your passwords, and you should change them regularly and use a password manager.
However much you think your data won’t be of interest to anyone, cyber-criminals can exploit information in many ways, not just for direct financial gain. And it’s not just large organizations that are targeted by hackers. IT security experts have recently warned of the leaking of passwords from platforms such as Gmail and Dropbox.
It’s difficult to stay ahead of cyber-criminals, but it’s not too hard to ensure that your passwords don’t figure in the ranking of the worst combinations. We all have to start somewhere.