Convicted VoIP Hacker Robert Moore Speaks

An anonymous reader writes "Convicted hacker Robert Moore, who will report to federal prison this week, gives his version of 'How I Did It' to InformationWeek. Breaking into 15 telecom companies and hundreds of corporations was so easy because most routers are configured with default passwords. "It's so easy a caveman can do it," Moore said. He scanned more than 6 million computers just between June and October of 2005, running 6 million scans on AT&T's network alone. 'You would not believe the number of routers that had "admin" or "Cisco0" as passwords on them,' Moore said. 'We could get full access to a Cisco box with enabled access so you can do whatever you want to the box. We also targeted Mera, a Web-based switch. It turns any computer basically into a switch so you could do the calls through it. We found the default password for it. We would take that and I'd write a scanner for Mera boxes and we'd run the password against it to try to log in, and basically we could get in almost every time. Then we'd have all sorts of information, basically the whole database, right at our fingertips.'"

Geico commercial filming

[camperdave]

It's so easy a caveman can do it

So, not only do cavemen work in video production, they do network admin?

Obligatory...

[Stormwatch]

"So the combination is one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!"

he should study more (or moore)

[User 956]

Convicted hacker Robert Moore, who will report to federal prison this week

Apparently Moore's law isn't quite up to snuff.

Re:Obligatory...

[Zymergy]

Remind me to change the combination to my luggage!

Re:Geico commercial filming

[User 956]

"It's so easy a caveman can do it". So, not only do cavemen work in video production, they do network admin?

No, read more closely. He wasn't talking about cavemen in general. He was talking about one particular caveman. [wikipedia.org]

Comment removed

[account_deleted]

Comment removed based on user account deletion

At least that "Hacker" actually used some skill.

[Anonymous Coward]

Maybe not a lot, but more than most of the media's super-hyped so-called "hackers" ever do.

A few years ago a major New Zealand ISP was "hacked" -- or so the media said. The biggest talkshow host of the time interviewed the alleged "h4x0r" live, and proclaimed him to be a "computer genius". We were all in deadly and imminent danger of being hacked by guys like him he said.

The "hacker" in question was a 13 year old whose friend's older brother worked for the ISP. The older brother had stupidly given his staff login and password to his kid brother, who had, naturally, shared it with his friend, the "genius hacker". This friend then logged in and deleted a bunch of hosted websites.

Pretty frikken 1337, huh?

Ridiculous!

[cromar]

You would not believe the number of routers that had "admin" or "Cisco0" as passwords on them...

That's ridiculous. Everyone knows the most commonly used passwords are "love," "secret," and "sex." Oh and don't forget "God." It's that whole male ego thing.

Re:Ridiculous!

[wilymage]

It's got a 28.8 bps modem!

Re:At least that "Hacker" actually used some skill

[WhatAmIDoingHere]

So he's a social engineer skript kiddie?

Damn...

[Cornflake917]

That caveman from the Geico commercials was just starting to make progress with his therapist. Let's hope the poor guy doesn't stumble upon this article. This hacker might get a few unexpected prison visits from whiny cavemen.

Re:Random passwords

[Solra Bizna]

I just received a modem/router from Verizon for DSL access and they had wireless access preset to a "random" SSID and WEP key which was printed on the modem. Of course, they then went and had the administration account be admin/password.

That's actually not so bad. In order to get on the wireless network to use the admin password in the first place, they would need to guess your SSID and WEP key. And everyone knows that's impossible, right?

-:sigma.SB

Re:Am I missing something?

[thatskinnyguy]

I believe he more or less falls into the category of a "researcher". You probably could write a master's thesis on the password data/statistics alone!

Re:So easy a caveman could do it

[lawpoop]

What ever happened to the supercool hacking-thang called "not getting caught"?

I'm sure it happens all the time; it just never makes the news...

It could even be happening right now...

Wow, what a fall from grace...

[Anonymous Coward]

...after playing James Bond in all those movies.

hacking??

[Anonymous Coward]

This isn't hacking, this guy isn't a hacker.

Are we supposed to be impressed by his elite port scanning abilities?