Monday, September 24, 2018
Bizarre News

1,464 Western Australian government officials used ‘Password123’ as their password. But don’t smirk.

Somewhere in Western Australia, a government IT employee is probably laughing or crying or pulling their hair out, or maybe all of the above. A security audit of the Western Australian government released this week by the state’s auditor general found that 26 percent of its officials had weak, common passwords — including more than 5,000 including the word "password" out of 234,000 in 17 government agencies.

The legions of lazy passwords were exactly what you — or a thrilled hacker — would expect: 1,464 people went for "Password123" and 813 used "password1." Nearly 200 individuals simply used "password," perhaps never changing it to begin with. Almost 13,000 used variations of the date and season, and almost 7,000 included versions of "123."

The laxness might be amusing, but the potential consequences definitely aren’t. Many of these accounts are used to access important information and vital government systems, according to the report — and several can do so remotely, with no additional vetting or credentials. Auditors were able to access one agency’s network, with full system-administrator privileges, by guessing the password: "Summer123." Overall, the report found that most agencies didn’t help users store their information safely and securely; this meant some employees were storing their passwords in Word documents or spreadsheets.

"After repeatedly raising password risks with agencies, it is unacceptable that people are still using password123 and abcd1234 to access critical agency systems and information," Auditor General Caroline Spencer said, according to reporting from Western Australia Today.

In the wake of the report, the government has agreed to step up its security game. It’s developing practices to help employees store their password information more securely. The new Office of Digital government will house a cybersecurity team dedicated to improving security practices governmentwide.

Recent years have seen several huge data breaches at major companies. In 2013, an email account breach at Yahoo exposed the data of 3 billion users. In a 2016 breach at the FriendFinder Network - which included adult content and casual hookup sites like FriendFinder, Penthouse.com and Stripshow.com — hackers accessed 20 years of data, including passwords and personal information. In 2017, a breach at major U.S. credit bureau Equifax exposed the personal information, including Social Security Numbers, birth dates, addresses and drivers’ license numbers, of 143 million consumers.

Weak passwords are easy target for hackers. Last year, Verizon’s annual Data Breach Investigations Report, which looked at hacking incidents at 65 companies, found that "81 percent of hacking-related breaches leveraged stolen and/or weak passwords." This number has gone up from 50 percent in the past three years.

This isn’t a problem specific to the Western Australian government. In 2014, a U.S. Senate cybersecurity report found that several major breaches in important government agencies, including the Department of Homeland Security, the Internal Revenue Service and the Nuclear Regulatory Commission.

"Data on the nation’s weakest dams, including those which could kill Americans if they failed, were stolen by a malicious intruder," the report said. "Nuclear plants’ confidential cybersecurity plans have been left unprotected. Blueprints for the technology undergirding the New York Stock Exchange were exposed to hackers."

An analysis of these agencies’ cybersecurity practices found tendencies mirroring the Western Australian practices: use of "password" was common for sensitive accounts and databases, as was poorly stored and guarded credential information.

Even unskilled hackers can use resources like lists of common passwords or publicly available personal information to break into accounts. The Romanian hacker Marcel Lehel Lazar, known online as "Guccifer," who first revealed Hillary Clinton was using a private email address as secretary of state, was far from a hacking expert. He told the New York Times he broke into more than 100 accounts, including several high-profile figures like Clinton’s adviser Sidney Blumenthal and former Secretary of State Colin Powell, merely by guessing based on their personal information from their Wikipedia pages. (A fun fact: Guccifer was also responsible for leaking former President George W. Bush’s paintings.)

The traditional guidelines for strong passwords — making them long and complicated, including symbols and a mix of upper and lowercase letters, changing them regularly — were actually making it easier for hackers, Paul Grassi of the National Institute of Standards and Technology told NPR last June. The organization’s current guidelines for good passwords dovetails sharply with past wisdom: Passwords should be simple, long and easy to remember. It suggests using normal English words and phrases that are easy for users, but tougher on hackers.

To keep accounts secure, pick something that’s lengthy and memorable; if you change it, switch more than a single letter or digit. And for heaven’s sake, don’t use the word "password."

Comments
Weight Watchers slims its name down to WW

Weight Watchers slims its name down to WW

Weight Watchers is its dropping its brand name in exchange for something slimmer: "WW." The company says the new logo - coupled with the tagline "Wellness that Works" -- puts an emphasis on overall health and well being, with less...
Updated: 21 minutes ago
This is what happens to a shy octopus on ecstasy

This is what happens to a shy octopus on ecstasy

If you give an octopus MDMA, it will get touchy and want to mingle.What sounds like the premise of a children's book set at Burning Man is, in fact, the conclusion of a study published Thursday in the journal Current Biology. Neuroscientist Gül ...
Published: 09/23/18
A Las Vegas professor shot himself on his campus to protest Trump, police say

A Las Vegas professor shot himself on his campus to protest Trump, police say

Before pulling the trigger, the professor was thoughtful.Mark J. Bird had been at the College of Southern Nevada for more than two decades in the department of human behavior. He had a feel for the rhythms of the school day, the timetables of when st...
Published: 09/23/18
Texas grandma kills 12-foot gator, says she’s finally avenged her miniature horse

Texas grandma kills 12-foot gator, says she’s finally avenged her miniature horse

A Texas great-grandmother thinks she’s finally gotten revenge on the massive alligator that ate her miniature horse a few years ago.It took just one shot for Judy Cochran to dispatch the 12-foot, 580-pound gator at her ranch Sunday in Goodrich...
Published: 09/20/18
Novelist who wrote about ‘How to Murder Your Husband’ charged with murdering her husband

Novelist who wrote about ‘How to Murder Your Husband’ charged with murdering her husband

Nancy Crampton Brophy seemed to have a knack for writing about the murder of spouses.The Portland-based romance novelist authored books about relationships that were "wrong" but "never felt so right," often featuring bare-chested men on the cover. In...
Published: 09/16/18

Published: 09/11/18
Suspect flees from police into toxic Florida algae - then desperately pleads for help

Suspect flees from police into toxic Florida algae - then desperately pleads for help

Within seconds of splashing into the water as he fled police, Abraham Duarte knew he had made a mistake. Soon he was retching and pleading desperately for the help of the Cape Coral, Florida, officers he had been attempting to escape, figuring that e...
Updated one month ago
First day of kindergarten? Chinese school welcomes kids with a pole dancer

First day of kindergarten? Chinese school welcomes kids with a pole dancer

BEIJING - A Chinese kindergarten principal has apologized after allowing a pole dancer to perform on the school’s opening day. Yes, you read that right. A Chinese kindergarten thought it was a good idea to have a scantily clad woman writhing around a...
Updated one month ago
‘Monster’ lizard is menacing a family in their backyard. Even trappers are stumped

‘Monster’ lizard is menacing a family in their backyard. Even trappers are stumped

This is one giant lizard the meteor missed — and it’s in a Davie neighborhood.According to Martin County Trappings & Removals, a six-foot Nile monitor or an Asian monitor is driving a Davie family nuts. So far, it’s not cooperating with the rescue gr...
Updated one month ago