The Man Who Hacked the Bank of France

First time accepted submitter David Off writes "In 2008 a Skype user looking for cheap rate gateway numbers found himself connected to the Bank of France where he was asked for a password. He typed 1 2 3 4 5 6 and found himself connected to their computer system. The intrusion was rapidly detected but led to the system being frozen for 48 hours as a security measure. Two years of extensive international police inquiries eventually traced the 37-year-old unemployed Breton despite the fact he'd used his real address when he registered with Skype. The man was found not guilty in court today (Original, in French) of maliciously breaking into the bank."

amazing

[masternerdguy]

i have the same combination on my luggage!

Re:amazing

The surprising thing about this story is the court in France was found not guilty. In the United States of Amerika he would have been sentenced under the anti-terrorism laws. The person responsible for IS security at the Bank of France, however, should be terminated with prejudice.

Re:amazing

[girlintraining]

i have the same combination on my luggage!

It's a bit harder to defend breaking into your luggage than randomly dialing phone numbers and entering what is widely considered a "default" password in to get access. In the former case, it's reasonable to conclude that, regardless of password, if your luggage has a lock on it, it's meant to be private. In the digital world, however, access control mechanisms frequently are assigned a default password because the access mechanism itself is integral to the system -- ie, you can choose not to put a pad lock on a door, you can't disable the login screen. In the minds of a lot of people, assigning a password of "password", "1234" (or variant), "letmein", or "admin", is equivalent to not putting a pad lock on a door.

In other words, it's not breaking and entering if you leave the door to your house unlocked. It's simple trespass and there are numerous legal defenses and excuses for that. The French court merely (and correctly, IMO) said there is an electronic analogue to this legal reasoning. That said, change your luggage combo dude, or I'm klepto'ing that hawaiian shirt you love so much. :P

Re:amazing

[michelcolman]

Three digits on the lock on the left, and three on the lock on the right, makes 6 digits on my luggage. I had been trying to open it for years, unsuccessfully, and guess what!

He just used a German name...

and the French bank raised its arms in defeat and let him right on in to loot and pillage.

Re:He just used a German name...

[pnot]

Heaven forfend that anyone should resort to stereotypes in a thread about a "the French always surrender LOL" joke.

This reminds me of the time

[The+MAZZTer]

At high-school, someone set a network share as IE's homepage and when I logged in and launched IE I got in trouble for it.

Oh, and permissions weren't even properly configured on the share, but they could read logs apparently.

Re:This reminds me of the time

I really hoped you learned your lesson after that. Do not ever use IE.

Re:This reminds me of the time

I got into trouble at a job once (customer service), because I shared a folder on my hard drive with read-only access for everyone. Somehow, they noticed it was being accessed from the Internet. They suspected me of stealing valuable company data. I had to point out that the contents of the folder were publicly available, and I had only shared them as a convenience for my coworkers. I also tried to point out the idiocy of allowing MS file sharing protocols across the firewall, and assigning public IPs to end-user workstations, but they didn't listen. They had an MSCE on staff who knew all about that sort of thing, and I was just a customer service rep. I quit a short time later.

I still get kind of mad thinking about it, but I am sure they are long gone, as the entire industry moved overseas shortly thereafter. This was in the 90s.

Re:This reminds me of the time

[Quirkz]

A buddy of mine once got detention because he took a teacher's documents folder and placed it about five layers deep inside a set of folders with names like "look inside" "click me" and "keep going". The top level folder was put exactly where the old documents folder was, and other than being nested nothing was renamed, harmed, or anything else. The teacher still went ballistic when she couldn't figure out how to click through a couple of extra folders to find her documents.

I once got a stern talking-to by the journalism teacher when I replaced the standard Mac OS startup screen with a custom image of a badly-drawn bomb (we're talking paintshop in the early 90's here) and the message "this system will self destruct in 10 seconds." Someone outside the department had sat down to use the computer for a minute and apparently panicked when they thought the computer had been turned into an actual bomb.

NSFW link

[jdastrup]

I guess "Original, in French" should have warned me

Sure it is

[SuperKendall]

Luggage is four numbers. You cannot have six numbers.

Sure it is. You just start working backwards after you reach the fourth number.

It's a brilliantly easy way to remember

1265

Re:That is not reasonable security

[AGMW]

In the US I think we'd have class action lawyers going after them immediately for lack of security due diligence. They would deserve it, too.

Oh, you mean like when Gary McKinnon, who similarly walked into unsecured US military and NASA computer. The difference - oh yes, no one noticed for ages!

Re:This guy should get a meddle for showing stupid

[RenderSeven]

Why would you give someone a Pink Floyd album for that?

Hacking?

If this is "hacking" then opening an unlocked front door by turning the handle is lock-picking

Re:Why is there no liability on the part of the Ba

[purpledinoz]

Well, at least he didn't use '12345'. But he could have put in a bit more effort and used '1234567'...