Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacked Syrian Officials Used '12345' As Email Password

Posted by samzenpus on from the I've-got-the-same-combination-on-my-luggage dept.

Nominei writes "The Israeli newspaper Haaretz reports that the Syrian President, aides and staffers had their email hacked by Anonymous, who leaked hundreds of emails online. Reportedly, many of the accounts used the password '12345' (which their IT department probably warned them to change when the accounts got set up, of course)."

16 of 231 comments (clear)

  1. Re:That's amazing by Vintowin · · Score: 5, Insightful

    I've got the same combination on my luggage!

    Came for this, leaving satisfied!! This thread will go to plaid soon.

  2. You know... by koan · · Score: 4, Insightful

    Every time I go to pastebin.com and look at the hacked sites the passwords are always weak, extremely weak, virtually no one uses strong passwords.

    --
    "If any question why we died, Tell them because our fathers lied."
    1. Re:You know... by arth1 · · Score: 5, Insightful

      Every time I go to pastebin.com and look at the hacked sites the passwords are always weak, extremely weak

      No surprise there.

      , virtually no one uses strong passwords.

      Non sequitur. The published passwords are weak because that's the passwords that were easily cracked. Those who have strong passwords are underrepresented on the lists precisely because they have stronger passwords so they weren't brute-forced easily.

      IT departments and well-meaning distro packagers have to take some of the blame too. I can't choose a password like Zph9vZZZ3tPseX4 because it has Z repeated 3 times, and contains a word found in a dictionary?
      Fuck that then, I'll go with abcd1234 instead. Oh, and I have to change it every four weeks? Next time it will be 1234abcd, then abcd12345 and 12345abcd - catch my drift?

    2. Re:You know... by Dwonis · · Score: 4, Insightful

      Every time I go to pastebin.com and look at the hacked sites the passwords are always weak, extremely weak

      No surprise there.

      , virtually no one uses strong passwords.

      Non sequitur. The published passwords are weak because that's the passwords that were easily cracked. Those who have strong passwords are underrepresented on the lists precisely because they have stronger passwords so they weren't brute-forced easily.

      Sure, but every now and then, some *site* uses a poor hash, which allows people like me to do research on password strength and frequency. These results don't exhibit the selection bias you're talking about, because they're a full dump of passwords on the site. This is just for one specific site, but I found that 36% of all passwords were easily discoverable using a rainbow table, 33% of passwords weren't unique, and 1 in 72 users had the password "super123" for some reason.

      I actually had a list of email addresses and their corresponding passwords for the site. I wouldn't be surprised if a lot of these passwords could also be used to get access to their corresponding GMail/Yahoo/Hotmail accounts (but I didn't test it out, because I enjoy not being in jail).

  3. Palin Popcorn Password by kenh · · Score: 4, Insightful

    Is this really 'hacking' when you guess the password?

    Reminds me of the script-kiddie who 'hacked' into Sarah Palin's email account once he successfully guessed her password was 'popcorn'...

    Wonder how he's doing in prison?

    --
    Ken
    1. Re:Palin Popcorn Password by artor3 · · Score: 2, Insightful

      He was 25, so yes, I do think he should be tried as an adult. He should be in prison, but he's not because Fox (and by extension their mindless viewers) adore him for his destruction of an organization that had the gall to try to help poor people.

    2. Re:Palin Popcorn Password by mjeffers · · Score: 3, Insightful

      You've confused your right wing memes.

      ACORN, the group shut down after the faked videos, is the group that was going to destroy the country by letting poor people vote.

      The keywords you want for "destroy our economy by getting poor people mortgages" are either Barney Frank or Fannie Mae/Freddie Mac.

      Just pointing this out to help but if you want to keep your right wing memes straight, watch more Fox news.

  4. Re:12345 by flyingsquid · · Score: 4, Insightful

    If a bunch of kids could hack into Syran government email by typing "12345", you'd imagine that at least one of the big cyberwarfare or intelligence units out there- the U.S., Israel, or China- would have thought of the same trick and has already been monitoring their communications for a while. At least you'd hope so. I'd hate to think that right now there are of a couple of NSA agents looking at each other and saying, "12345... hey, why didn't we think of that?"

  5. Re:passwd -e by Anonymous Coward · · Score: 2, Insightful

    Really, Why weren't these accounts configured to expire on the first login, like most default passwords?

    They are not configured to expire on the first login because most users never truly log in - they tend to access the services through point-and-drool applications that have no facilities for changing the password.
    And even when they do log in, it's likely with dumbed down Windows terminal progs which for unfathomable reasons close the window immediately on disconnect, so the user won't have a chance to read why he was logged out and what to do about it.

    So some admins take the easy way out and don't expire the passwords, while others spend time hand-holding the users individually, and yet others pre-generate strongish passwords for the users, but have to communicate them through untrusted media.

    For what it's worth, I provided a web based password change service for our technical users so they could change their passwords even if they never logged in to the servers. Within a year, and several reminders later, one out of over 300 users had used it.

    tl;dr: You're seldom allowed to break the users' kneecaps when they fail to follow instructions.

  6. Re:That's amazing by Frosty+Piss · · Score: 4, Insightful

    Why do you insult neanderthals?

    --
    If you want news from today, you have to come back tomorrow.
  7. Re:That's amazing by Anonymous Coward · · Score: 0, Insightful

    In this case, the President is an asshole, too.

  8. Re:12345 by retech · · Score: 3, Insightful

    Perhaps they did. Do you seriously think that: 1. they'd let /. know and that B. they'd tell Syria when they have a free pass?

  9. Re:IT did warn them by sycodon · · Score: 3, Insightful

    Should be scored as +1, in all likelihood, true.

    --
    When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
  10. Re:12345 by Culture20 · · Score: 5, Insightful

    Or a couple of NSA agents looking at each other and saying "shit, now we can't read their email"

  11. Gmail, Yahoo, Hotmail... by flyingfsck · · Score: 3, Insightful

    The password doesn't matter if your account is at a place where everything is already readable by the Man.

    --
    Excuse me, but please get off my Pennisetum Clandestinum, eh!
  12. Re:12345 by donscarletti · · Score: 3, Insightful

    They claim they have never allowed an ambush to cover up codebreaking in WWII, just the difficulty in diffusing this information in a covert way meant it did not always get to who needed it in time. From this, it can slowly snowball in retelling to generals and spies sending men into ambushes to cover their efforts, which is stragegically retarded since it is not realistic for the enemy to notice something is amiss just because they don't get lucky in ambushes. However I think people just like the weight of the supposed situation: *movie trailer voice* "the ultimate sacrifice, to protect the ultimate secret".

    --
    When Argumentum ad Hominem falls short, try Argumentum ad Matrem