A security report from 2014 resurfaced this week, revealing that the password for the server managing the CCTV network at the Louvre, the Parisian museum that suffered huge financial losses last month when a team of robbers successfully targeted historic jewels, was actually LOUVRE.
However, such predictable passwords are alarmingly common.
Logging into social media accounts, shopping apps, and subscriber platforms can be an arduous task, leaving many bootleggers across the room frustrated and wondering why they need to hire a crack team just to access their personal accounts.
Perhaps it’s time to consider the demand for 16-character combinations of letters, numbers, and symbols as a measure rather than madness, and to learn from the mistakes of previous weak password creators.
Below are some examples of technical mishaps and infamous failures (swords).
In May 2021, one of the largest fuel pipeline systems in the United States was paralyzed by a cyberattack, bringing operations to an abrupt halt. At the time, the FBI said the hackers involved belonged to Darkside, a criminal organization believed to be based in Russia.
Colonial Pipeline announced that its network was accessed through a compromised password linked to a defunct virtual private network account that was used for remote access. The account was not protected by an additional layer of security called multi-factor authentication.
It is unclear how the attackers obtained the compromised credentials. But the company maintains that the password in question was not easily guessable, with CEO Joseph Blunt telling a U.S. Senate committee in June 2021: “It was a complex password, so let me be clear on that. It was not a Colonial123 type of password.” The shutdown continued until the company responded to a ransom demand and paid $4.4 million to stop the attack.
By the following year, the FBI had recovered millions of dollars extorted from Colonial Pipeline by Darkseid.
According to Bruce Blair, a former Air Force launch officer and nuclear policy expert, from 1962 until the mid-1970s, the most powerful number on Earth was a simple eight zeros.
In a twist as absurd as President Peter Sellers’ declaration of the war room as a place where gentlemen should not fight in Stanley Kubrick’s 1964 dark comedy Dr. Strangelove, Prime Minister Blair claimed that just eight zeros made the difference between launching a US nuclear attack.
Prime Minister Tony Blair said the “two-person rule” – requiring two qualified crew members to be present at the launch cord location – was seen as a key human safety measure, but the measure was not always reliable. Blair said the two members of the shift often organized alternate sleep shifts that left just one person with a simple password and all privileges.
Eventually, Strategic Air Command modified the system to include a unique activation code that was sent from higher authorities to the launch crew. This change adds an extra security step to the process and, as Blair said, “flip a switch is no longer enough.”
Nuclear experts’ shocking revelations come decades after it was decided that just eight zeros might be a bit lenient when it comes to starting a nuclear war.
A defenseless transport company in eastern England has been taken down by a group of hackers, leading to the loss of hundreds of jobs, according to British media.
KNP, which operates in Northamptonshire, was targeted in June 2023 by hacker group Akira, who gained access to the company’s systems by guessing employee passwords. Once in, the hackers encrypted KNP’s data and locked its internal systems before demanding a ransom.
Unable to pay, the company’s data was lost and its 158-year-old business collapsed.
KNP director Paul Abbott admitted he never told employees who used weak passwords that it was their information that had been compromised and could have led to the collapse of the company. “I want to know if that’s you?” Mr Abbott told the BBC.
Phone hacking scandal:
Hugh Grant, Prince Harry and Sienna Miller are among the stars whose phones have been hacked in a years-long British tabloid scandal.
The formal investigation was launched following complaints that personal information that is only shared in private areas is routinely exposed on the front pages of national newspapers, causing distress and threatening the safety of those targeted.
Investigations revealed that celebrities’ voicemails had been hacked by private investigators hired by journalists and publishing companies who operated on the assumption that few people would change the default voicemail access code that came with their cell phones. Simple combinations such as 1111, 4444, and 1234 were used to access messages waiting in the inbox.
The UK phone hacking scandal led to the closure of the News of the World in 2011, followed by an investigation into the practices and ethics of the British press.
Kemi Badenoch, leader of the British Conservative Party, spends much of her time as opposition leader criticizing the current British government. But her record isn’t that pretty.
Back in 2018, the politician confessed to hacking Labor MP Harriet Harman’s official website 10 years ago and changing the content to favor Conservatives.
However, this was not a mastermind crime. The password needed to edit Herman’s website was indeed “Harriet Herman.”
Mr Badenoch, who was not an MP at the time of the hack, later apologized, calling it a “stupid prank”.
The country’s data privacy watchdog found that between August 2021 and 2022, cyber attackers gained access to computers containing the Electoral Register, a list of the names and addresses of millions of voters across the UK.
According to an investigation by the Information Commissioner’s Office (ICO), hackers gained access to the system by imitating legitimate user accounts. The ICO determined that this was possible because appropriate security measures were consistently neglected.
No software designed to fix the security holes was installed, and the company did not enforce policies to ensure employees used secure passwords. After investigating, the ICO found 178 active email accounts with passwords that were the same or similar to those set by the organization’s IT desk when the accounts were activated.
The Election Commission was formally reprimanded for its negligence. No evidence of data misuse was reported.
