Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Government Security Idle IT

Hacked Syrian Officials Used '12345' As Email Password 231

Nominei writes "The Israeli newspaper Haaretz reports that the Syrian President, aides and staffers had their email hacked by Anonymous, who leaked hundreds of emails online. Reportedly, many of the accounts used the password '12345' (which their IT department probably warned them to change when the accounts got set up, of course)."
This discussion has been archived. No new comments can be posted.

Hacked Syrian Officials Used '12345' As Email Password

Comments Filter:
  • by Anamelech ( 821849 ) <anamelech@gmai[ ]om ['l.c' in gap]> on Thursday February 09, 2012 @10:26PM (#38991583)
    I've got the same combination on my luggage!
  • Only 12345? (Score:5, Funny)

    by froggymana ( 1896008 ) on Thursday February 09, 2012 @10:31PM (#38991635)

    I thought that everyone knew to use at least 123456 as their password. After all that increases its security by an order of magnitude!

  • by Anonymous Coward on Thursday February 09, 2012 @10:32PM (#38991645)

    then the IT guy got taken into the alley and shot in the head for his impudence.

  • Seriously? People that use such easy to guess (and therefore pointless) shouldn't even have access to anything that needs protection...
    • by ceoyoyo ( 59147 ) on Thursday February 09, 2012 @11:34PM (#38992043)

      Well, it was their own e-mail....

      Speaking of which, people who don't put objects in their sentences shouldn't even have written them. ;)

    • I agree and since the people they are supposed to be governing clearly need protection....
    • by MyHair ( 589485 )

      Seriously? People that use such easy to guess (and therefore pointless) shouldn't even have access to anything that needs protection...

      Pfffft. You ever worked for a Director/VP or higher? Try telling them how to set their passwords. I've seen "boss", "super" and other motivational-poster-worthy simple words. And they want everything to auto-login. One of the last major worm outbreaks I encountered originated in the senior executive offices.

      Okay, that was a few years ago. Maybe that company has learned a few

    • They're politicians and bureaucrats. How much fucking brains do you think they have? I'm willing to bet that password strained their limited intelligence. Rocket scientists they're not.
  • You know... (Score:4, Insightful)

    by koan ( 80826 ) on Thursday February 09, 2012 @10:35PM (#38991667)

    Every time I go to pastebin.com and look at the hacked sites the passwords are always weak, extremely weak, virtually no one uses strong passwords.

    • Re:You know... (Score:5, Insightful)

      by arth1 ( 260657 ) on Thursday February 09, 2012 @10:50PM (#38991771) Homepage Journal

      Every time I go to pastebin.com and look at the hacked sites the passwords are always weak, extremely weak

      No surprise there.

      , virtually no one uses strong passwords.

      Non sequitur. The published passwords are weak because that's the passwords that were easily cracked. Those who have strong passwords are underrepresented on the lists precisely because they have stronger passwords so they weren't brute-forced easily.

      IT departments and well-meaning distro packagers have to take some of the blame too. I can't choose a password like Zph9vZZZ3tPseX4 because it has Z repeated 3 times, and contains a word found in a dictionary?
      Fuck that then, I'll go with abcd1234 instead. Oh, and I have to change it every four weeks? Next time it will be 1234abcd, then abcd12345 and 12345abcd - catch my drift?

      • Re:You know... (Score:5, Insightful)

        by Dwonis ( 52652 ) on Thursday February 09, 2012 @11:02PM (#38991851)

        Every time I go to pastebin.com and look at the hacked sites the passwords are always weak, extremely weak

        No surprise there.

        , virtually no one uses strong passwords.

        Non sequitur. The published passwords are weak because that's the passwords that were easily cracked. Those who have strong passwords are underrepresented on the lists precisely because they have stronger passwords so they weren't brute-forced easily.

        Sure, but every now and then, some *site* uses a poor hash, which allows people like me to do research on password strength and frequency. These results don't exhibit the selection bias you're talking about, because they're a full dump of passwords on the site. This [dlitz.net] is just for one specific site, but I found that 36% of all passwords were easily discoverable using a rainbow table, 33% of passwords weren't unique, and 1 in 72 users had the password "super123" for some reason.

        I actually had a list of email addresses and their corresponding passwords for the site. I wouldn't be surprised if a lot of these passwords could also be used to get access to their corresponding GMail/Yahoo/Hotmail accounts (but I didn't test it out, because I enjoy not being in jail).

        • Re:You know... (Score:5, Interesting)

          by arth1 ( 260657 ) on Thursday February 09, 2012 @11:32PM (#38992027) Homepage Journal

          Sure, but every now and then, some *site* uses a poor hash, which allows people like me to do research on password strength and frequency. These results don't exhibit the selection bias you're talking about, because they're a full dump of passwords on the site. This is just for one specific site, but I found that 36% of all passwords were easily discoverable using a rainbow table, 33% of passwords weren't unique, and 1 in 72 users had the password "super123" for some reason.

          The link you provide supports that this is selection bias - he cracked 26025 out of 93688 passwords, and then made the brilliant deduction that boils down to "of those passwords that I easily cracked, most were found to be easily cracked". No shit, Sherlock.

          Sure, that 36% of passwords are easily cracked is bad in itself, but that's another thing entirely. It can't be used as statistics to extrapolate anything using the word "most". It only applies to that subset of weak password.

          I also have to arrest you for " I found that 36% of all passwords were easily discoverable using a rainbow table". This is incorrect. 100% of all passwords are easily discoverable using a rainbow table. 36% may be easily discoverable using a partial rainbow table, which is not the same thing.

        • by ceoyoyo ( 59147 )

          So what you're saying is that MOST passwords were pretty decent (not discoverable using a rainbow table) then? That's a little different from the OP's assertion that "virtually no one uses strong passwords."

        • On most web site including some email account i use as a throw away, my password is something like julie. very weak, because I don't care. But on some stuff like online banking my password is more like Sushi-tAbLe#722915;DeadPan (not the real password, but same similar structure). I have to wonder from those study you are speaking of, if they took into account how much importance the user gave to the service/data protected behind the password.
      • by mark-t ( 151149 )
        Where routine password changes are strictly enforced, the system would notice that there were too many characters similar between your old and newly chosen password and would not allow it.
    • I think you mean: Virtually no one who uses strong passwords ends up with their password posted on pastebin.com for you to see. :P

    • by martas ( 1439879 )
      And this, ladies and gentlemen, is the Holy Mother of sampling biases (and a 5-digit-uid /. reader who fell for it... for shame).
  • by kenh ( 9056 ) on Thursday February 09, 2012 @10:51PM (#38991785) Homepage Journal

    Is this really 'hacking' when you guess the password?

    Reminds me of the script-kiddie who 'hacked' into Sarah Palin's email account once he successfully guessed her password was 'popcorn'...

    Wonder how he's doing in prison?

    • Is this really 'hacking' when you guess the password?

      It is hacking if you manually enter a URL, so yes, guessing a password is hacking too. Basically, if people are not creative enough to think of how their security system might be defeated, then anyone who defeats it is a hacker (and deserves a jail sentence).

    • by Dwedit ( 232252 ) on Thursday February 09, 2012 @11:17PM (#38991933) Homepage

      That never happened.

      Someone guessed Sarah Palin's security questions (such as "Where did you first meet your spouse" with the answer of her high school in Alaska), and got into the account. Then the password was changed to popcorn.

  • When people use such stupid passwords, is it really even considered hacking anymore?

    Conversely, does calling this hacking diminish the skills of those who actually know their security inside and out?

    • Here is the mainstream definition of hacking:

      If nobody thought of a way that a security system could be defeated, then anyone who defeats that system is a hacker and has engaged in hacking.
  • The Syrians stole my password for everything! Now I'll have to come up with a new one.
  • by highwaytohell ( 621667 ) on Thursday February 09, 2012 @11:16PM (#38991925)
    It was just the dept staff. Looked like it was hacked through the webmail portal of mopa.gov.sy. The only thing of note was the exchange re the Barbara Walters visit. The Ministry of Presidential Affairs is basically his marketing department. Whilst one would hope they busted into this despots email, the truth is they did no such thing.
  • by hcs_$reboot ( 1536101 ) on Thursday February 09, 2012 @11:25PM (#38991981)
    No, 12345 is actually a very complex password for Bashar al-Assad.
  • I'm curious to know how many hacker just go around typing 12345 and 1qaz into every account out there just to see what they can get.
  • ... when he comes up from the IT department and tells you that your password is weak and you need to change it. However, in Assad's Syria, user change* you!

    * And by "change" I mean "shoot."

  • I had thoroughly convinced myself that the days of people using passwords this stupid was behind us, left to rot in the dark ages of the internet. $faithInHumanity--
  • Comment removed (Score:5, Interesting)

    by account_deleted ( 4530225 ) on Friday February 10, 2012 @12:08AM (#38992227)
    Comment removed based on user account deletion
  • ...apparently the launch keys for each and every silo-based ICBM were/are all "0000000000" (ten zeroes). Scary.

    • Okay, now that the hardest part is solved - where to punch them in?

    • by dbIII ( 701233 )
      It was true.
      Since the requirement for a password was forced on the military from the outside and they wanted the last man standing to be able to launch without being locked out they set the password to all zeros as a workaround for what they considered to be a stupid and dangerous restriction. I can see their point.
  • by Anonymous Coward on Friday February 10, 2012 @12:45AM (#38992379)

    As the hacker saw much to his horror that the Syrian President's e-mail password was indeed 12345 he tried to break the connection but it was too late. Word had spread and all knew that his most important hack was one that a five year old could have bested. A week later the hacker was found with a gun in his mouth and the numbers "12345" scrawled across his walls. His last e-mail was a simple "Who uses 12345 as a password!" Other hackers said that it was a tragedy that he would be remembered for one lame hack. Word came later that day that the Syrian President had beefed up security by using his son's name as his current password. Hackers world wide turned away in disgust and refused to stoop to hacking some one that lacked even basic internet skills.

    Some turned their attention to hacking President Obama's e-mail until it was found he used the password "Romneysucksballs". No hacker would dignify such a password with a hack. Later that day it was revealed that Bill Gates used "stevejobsisaweiner" as his password but most knew this was the case since the late 90s.

  • Re: (Score:2, Troll)

    Comment removed based on user account deletion
  • by flyingfsck ( 986395 ) on Friday February 10, 2012 @03:01AM (#38992975)
    The password doesn't matter if your account is at a place where everything is already readable by the Man.
  • Can you call the access to an account which password is "12345" hacking? To make an analogy, can you call yourself a lock-picker if you open an unlocked door?
  • Even Slashdot has given up on trying to save the word "hacking"...
  • Maybe 12345 is really complicated in Arabic. Like MMMMMMMMMMMMCCCXLV.

Never test for an error condition you don't know how to handle. -- Steinbach

Working...