Convicted VoIP Hacker Robert Moore Speaks 183
An anonymous reader writes "Convicted hacker Robert Moore, who will report to federal prison this week, gives his version of 'How I Did It' to InformationWeek. Breaking into 15 telecom companies and hundreds of corporations was so easy because most routers are configured with default passwords. "It's so easy a caveman can do it," Moore said. He scanned more than 6 million computers just between June and October of 2005, running 6 million scans on AT&T's network alone. 'You would not believe the number of routers that had "admin" or "Cisco0" as passwords on them,' Moore said. 'We could get full access to a Cisco box with enabled access so you can do whatever you want to the box. We also targeted Mera, a Web-based switch. It turns any computer basically into a switch so you could do the calls through it. We found the default password for it. We would take that and I'd write a scanner for Mera boxes and we'd run the password against it to try to log in, and basically we could get in almost every time. Then we'd have all sorts of information, basically the whole database, right at our fingertips.'"
Re:Well (Score:4, Informative)
And which heads will roll? (Score:3, Informative)
The REAL problem I see with IT is a combination of inept administrators and an abundance of managers who don't understand the significance of things like this. A mistake like this not only represents a failure of an IT worker, but poor oversight by their manager. I've seen an administrator hired who had no technical competence but was able to talk to the managers about cricket. He was then replaced with a person who was even worse when the first dumb admin did the IT thing and left after making a huge mess. And yeah, a year after I'd left, the second administrator, after purchasing a new Cisco router with zero scoping calls me up and asks, "How do I install a Cisco router".
There are books out there like "The practice of system and network administration", they help new administrators immeasurably, but so many just don't give a damn. There needs to be more incentive to have serious consequences for sloppy work. If we're ever going to be taken seriously, we need to find and flog administrators who set up a production router/firewall with a default password.
And what is the 1st thing you do (Score:4, Informative)
Nice to know telecom companies don't have a clue.
How to create a strong password (Score:2, Informative)
"Make it a combination of capital letters, small letters, numbers and special character but PLEASE remember it! Or I'll fine you $5!! "
Here you can find some tips on how to create a strong password. http://www.watchingthenet.com/how-to-create-strong-passwordsand-remember-them.html [watchingthenet.com]