[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] Memo to feds: Stop using the same passwords for personal and
From: InfoSec News <alerts () infosecnews ! org>
Date: 2011-12-30 9:56:46
Message-ID: alpine.DEB.2.02.1112300356340.21696 () infosecnews ! org
[Download RAW message or body]
http://www.nextgov.com/nextgov/ng_20111229_4856.php
By Aliya Sternstein
NextGov.com
12/29/2011
Recent and future government victims of the hacker collective Anonymous
may want to stop using agency passwords on nonwork websites, say
officials with the Arizona Department of Public Safety, which learned
that lesson the hard way.
During the weekend, hacker activists purportedly from Anonymous leaked
the apparent passwords and some credit card data of federal subscribers
to intelligence publisher Stratfor, according to the attackers' online
messages. It is unclear whether the clients, whose government email
addresses also were revealed, were using any of the passwords for
federal government systems. But in Arizona, Anonymous allegedly unlocked
state government systems by stealing and reusing the passwords officers
used to access their personal email accounts and nonwork websites, said
Officer Carrick Cook, spokesman for the police department.
"People were using the same password for a lot of different things," he
said. "Cops are kind of silly when it comes to that and using the same
password twice."
A former Anonymous member said some of the functioning passwords came
from pornography websites. Jennifer Emick, who became a security
consultant after abandoning the group's antics, said the police had
registered on the elicit sites using their government e-mail addresses
and government passwords. The attackers, who either operated the porn
sites or hacked them, entered the customers' passwords into their
corresponding government accounts to see if that would open department
databases, she said. It worked, current Anonymous members confirmed.
[...]
_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic