The BBC is reporting today that a water treatment system in Illinois has apparently been recently infiltrated by hackers, who managed to use the facility's computer network to shut down a necessary pump. Another hacker posted links he claimed showed screenshots of the internal controls of a water treatment system in Texas.
The purported hacker, using the name "pr0f" and conducting an email interview with Threat Post, said accessing the Texas utility was so easy a "child" could have done it. Why? Because the password was only three letters long.
"I'm sorry this ain't a tale of advanced persistent threats and stuff," he wrote, "but frankly most compromises I've seen have been a result of gross stupidity, not incredible technical skill on the part of the attacker. Sorry to disappoint."
Of course, it's hard to know how much to believe someone who won't provide his own name, but with hackers boasting about how easy it is to pick a public utility's password, perhaps it's worth taking a second look at the Worst Passwords of 2011 one more time ....
Hackers Guess The Darndest Passwords: Why '123456' Just Doesn't Cut It
Nov. 20, 2011. There are some obvious benefits to using internet security passwords that are easy to remember - not getting locked out of your bank account is certainly a convenience, as is being able to complete online purchases without having to look up your credit card verification code.
But maybe there are slightly more important considerations to take into account - like, say, not making it easy for someone to steal all of your money.
According to data released this week by U.S. internet security firm SplashData, many people seem to choose convenience over security, opting for passwords they can easily recall instead of ones that will keep hackers at bay. The company compiled a list of the top 25 stolen passwords used by hackers, and it suggest that some people are blissfully unaware that someone out there might actually be after their personal data.
So what's the number-one password hackers can rely upon to gain easy access? That would be the word "password." Tricky, no?
Other top choices are the confounding code "123456", followed by the even sneakier "12345678" and the cunning "qwerty." Presumably these are the codes favoured by people who also hide their house keys under the welcome mat.
Most of SplashData's list is comprised of obvious choices - "111111", "passw0rd", "letmein", etc. - but there are a few surprises: "Michael" comes in at number 24, suggesting that maybe people by that name tend to get hacked more. And where does "bailey" come from? Fans of Mort Walker comic strips?
For your continued security, here is the list in its entirety. May we suggest that, in the event you see some of your own passwords in its contents, you opt to update your access codes sooner rather than later.