Slashdot Mirror

← Back to Stories (view on slashdot.org)

Convicted VoIP Hacker Robert Moore Speaks

Posted by ScuttleMonkey on from the kind-of-thing-an-idiot-would-have-on-his-luggage dept.

An anonymous reader writes "Convicted hacker Robert Moore, who will report to federal prison this week, gives his version of 'How I Did It' to InformationWeek. Breaking into 15 telecom companies and hundreds of corporations was so easy because most routers are configured with default passwords. "It's so easy a caveman can do it," Moore said. He scanned more than 6 million computers just between June and October of 2005, running 6 million scans on AT&T's network alone. 'You would not believe the number of routers that had "admin" or "Cisco0" as passwords on them,' Moore said. 'We could get full access to a Cisco box with enabled access so you can do whatever you want to the box. We also targeted Mera, a Web-based switch. It turns any computer basically into a switch so you could do the calls through it. We found the default password for it. We would take that and I'd write a scanner for Mera boxes and we'd run the password against it to try to log in, and basically we could get in almost every time. Then we'd have all sorts of information, basically the whole database, right at our fingertips.'"

3 of 183 comments (clear)

  1. Well by El+Lobo · · Score: 5, Insightful

    Once again, the weakest link in security is often NOT the software (which could also have problems). The weakest link is often the user: leaving the default password of a router, not activating encryption for wireless networks, using the same ID and password.... And , no, don't try to educate the masses. I have tries as an administrator of a large network. They never learn. Or they learn and the next day, they change their password to "qwerty" back again.

    --
    It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!
    1. Re:Well by Timmmm · · Score: 5, Insightful

      It *is* a problem with the software. The software is designed for use by *people*. People who may not remember to change the default password.

      Easy solution - disable the product until the password is changed and intercept http connections so you can give people a helpful page saying "The default password is 'password'. This must be changed before this router/switch can be used. Click [here] to do so."

      I fail to see any flaws with this solution. Also read 'The Design of Everyday Things'.

  2. he should study more (or moore) by User+956 · · Score: 5, Funny

    Convicted hacker Robert Moore, who will report to federal prison this week

    Apparently Moore's law isn't quite up to snuff.

    --
    The theory of relativity doesn't work right in Arkansas.