Friday, November 16, 2018
Bizarre News

1,464 Western Australian government officials used ‘Password123’ as their password. But don’t smirk.

Somewhere in Western Australia, a government IT employee is probably laughing or crying or pulling their hair out, or maybe all of the above. A security audit of the Western Australian government released this week by the stateís auditor general found that 26 percent of its officials had weak, common passwords ó including more than 5,000 including the word "password" out of 234,000 in 17 government agencies.

The legions of lazy passwords were exactly what you ó or a thrilled hacker ó would expect: 1,464 people went for "Password123" and 813 used "password1." Nearly 200 individuals simply used "password," perhaps never changing it to begin with. Almost 13,000 used variations of the date and season, and almost 7,000 included versions of "123."

The laxness might be amusing, but the potential consequences definitely arenít. Many of these accounts are used to access important information and vital government systems, according to the report ó and several can do so remotely, with no additional vetting or credentials. Auditors were able to access one agencyís network, with full system-administrator privileges, by guessing the password: "Summer123." Overall, the report found that most agencies didnít help users store their information safely and securely; this meant some employees were storing their passwords in Word documents or spreadsheets.

"After repeatedly raising password risks with agencies, it is unacceptable that people are still using password123 and abcd1234 to access critical agency systems and information," Auditor General Caroline Spencer said, according to reporting from Western Australia Today.

In the wake of the report, the government has agreed to step up its security game. Itís developing practices to help employees store their password information more securely. The new Office of Digital government will house a cybersecurity team dedicated to improving security practices governmentwide.

Recent years have seen several huge data breaches at major companies. In 2013, an email account breach at Yahoo exposed the data of 3 billion users. In a 2016 breach at the FriendFinder Network - which included adult content and casual hookup sites like FriendFinder, Penthouse.com and Stripshow.com ó hackers accessed 20 years of data, including passwords and personal information. In 2017, a breach at major U.S. credit bureau Equifax exposed the personal information, including Social Security Numbers, birth dates, addresses and driversí license numbers, of 143 million consumers.

Weak passwords are easy target for hackers. Last year, Verizonís annual Data Breach Investigations Report, which looked at hacking incidents at 65 companies, found that "81 percent of hacking-related breaches leveraged stolen and/or weak passwords." This number has gone up from 50 percent in the past three years.

This isnít a problem specific to the Western Australian government. In 2014, a U.S. Senate cybersecurity report found that several major breaches in important government agencies, including the Department of Homeland Security, the Internal Revenue Service and the Nuclear Regulatory Commission.

"Data on the nationís weakest dams, including those which could kill Americans if they failed, were stolen by a malicious intruder," the report said. "Nuclear plantsí confidential cybersecurity plans have been left unprotected. Blueprints for the technology undergirding the New York Stock Exchange were exposed to hackers."

An analysis of these agenciesí cybersecurity practices found tendencies mirroring the Western Australian practices: use of "password" was common for sensitive accounts and databases, as was poorly stored and guarded credential information.

Even unskilled hackers can use resources like lists of common passwords or publicly available personal information to break into accounts. The Romanian hacker Marcel Lehel Lazar, known online as "Guccifer," who first revealed Hillary Clinton was using a private email address as secretary of state, was far from a hacking expert. He told the New York Times he broke into more than 100 accounts, including several high-profile figures like Clintonís adviser Sidney Blumenthal and former Secretary of State Colin Powell, merely by guessing based on their personal information from their Wikipedia pages. (A fun fact: Guccifer was also responsible for leaking former President George W. Bushís paintings.)

The traditional guidelines for strong passwords ó making them long and complicated, including symbols and a mix of upper and lowercase letters, changing them regularly ó were actually making it easier for hackers, Paul Grassi of the National Institute of Standards and Technology told NPR last June. The organizationís current guidelines for good passwords dovetails sharply with past wisdom: Passwords should be simple, long and easy to remember. It suggests using normal English words and phrases that are easy for users, but tougher on hackers.

To keep accounts secure, pick something thatís lengthy and memorable; if you change it, switch more than a single letter or digit. And for heavenís sake, donít use the word "password."

Comments
Two SUVs collide in Pasco intersection, injuring eight people

Two SUVs collide in Pasco intersection, injuring eight people

They were all riding in the vehicles that crashed at State Road 52 and Hayes Road.
Updated: 6 hours ago
A man shouted 'Heil Hitler' and 'Heil Trump' during 'Fiddler on the Roof' - and people ran

A man shouted 'Heil Hitler' and 'Heil Trump' during 'Fiddler on the Roof' - and people ran

Several minutes into intermission during a musical about Jewish traditions, a man stood up, raised him arm in a Nazi salute and started to shout.Members of the audience said the man called out "Heil Hitler!" and "Heil Trump!" at t...
Updated: 11 hours ago
Controversial ZooTampa vet called himself

Controversial ZooTampa vet called himself "rogue" in book

The book was self-published seven months before federal officials said they had "credible reports" he mistreated manatees and may have killed two by accident.
Updated: 12 hours ago
Batkid won hearts. Now he's got something much better: He's cancer free.

Batkid won hearts. Now he's got something much better: He's cancer free.

When he was 5 years old and battling leukemia, the boy known as Batkid captivated the country as he dramatically "saved" Gotham from the bad guys in 2013. He just clinched another, much bigger, victory: He passed his 5-year mark being cance...
Published: 11/15/18
Police release name of man accused of leading officers on car chase that ended in crash

Police release name of man accused of leading officers on car chase that ended in crash

Reginald Mosley, 31, is charged with fleeing from police and attempted carjacking, among other crimes. A passenger in the car he was driving is still at large.
Published: 11/15/18
All-girls school teacher accused of inappropriate relationship with 14-year-old

All-girls school teacher accused of inappropriate relationship with 14-year-old

Science teacher Jason Osborne is accused of engaging in an inaproproiate relationship with a 14-year-old student at Ferrell Girls Preparatory Academy in Tampa.
Published: 11/14/18
Deputies identify woman found dead in Egypt Lake home

Deputies identify woman found dead in Egypt Lake home

The Hillsborough County Sheriff's Office said Micheline G. Messersmith was the victim of a homicide reported Monday in Tampa's Lake Egypt Estates neighborhood.
Published: 11/14/18
A woman went to Mexico for a cheap nose job. Now she's in a coma and might never wake up.

A woman went to Mexico for a cheap nose job. Now she's in a coma and might never wake up.

A Texas woman decided to get a nose job in Mexico instead of the United States because it was much cheaper -- just $138.But now she is on life support after the procedure went terribly wrong. Her family has been told that they can either remove her f...
Published: 11/13/18
'Game of Thrones' returns in April 2019 - here's what we know so far about the final season

'Game of Thrones' returns in April 2019 - here's what we know so far about the final season

We finally know exactly when to expect winter to come.HBO announced Tuesday that their hugely popular series "Game of Thrones" will premiere in April 2019 for what will be its eighth and final season.But before you get excited about a new t...
Published: 11/13/18
Pilots saw a 'very bright' UFO streaking over Ireland. If it wasn't aliens, what was it?

Pilots saw a 'very bright' UFO streaking over Ireland. If it wasn't aliens, what was it?

By Cleve R. Wootson Jr.Washington PostThe confused person on the radio was not someone typically associated with dodgy reports of extraterrestrial interaction. There were no claims that large-eyed green men crossed the cosmos to turn livestock inside...
Published: 11/13/18