The Sydney Morning Herald reports, “Hackers break into police computer as sting backfires:”
An Australian Federal Police boast, on the ABC’s Four Corners program, about officers breaking up an underground hacker forum, has backfired after hackers broke into a federal police computer system.
Well, if you read the article, you’ll see that they use the term “broke into” rather loosely. It wasn’t much of a break-in as one of the hackers wrote on a forum post:
The hacker wrote ‘I couldn’t stop laughing’ on seeing that the federal police’s server was running Windows, which is known among hacker communities for being insecure. Police had also ‘left the MYSQL password blank’.
No password! Absolutely ridiculous. These are the police, people responsible for security on many levels, and they don’t even put a password on their database? Unbelievable.
People, come on; there’s only one thing worse than having a weak, easily guessable password and that’s having no password at all. I can see why the hacker was in stitches; stupidity is often funny, especially when exhibited by people who should know better.
Let me repeat Golden Rule of Computer Security #1: The best security measures are completely useless if you invite attackers into your PCs or networks.
No better invitation than an open door, is there?