Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security IT Your Rights Online

The Man Who Hacked the Bank of France 184

First time accepted submitter David Off writes "In 2008 a Skype user looking for cheap rate gateway numbers found himself connected to the Bank of France where he was asked for a password. He typed 1 2 3 4 5 6 and found himself connected to their computer system. The intrusion was rapidly detected but led to the system being frozen for 48 hours as a security measure. Two years of extensive international police inquiries eventually traced the 37-year-old unemployed Breton despite the fact he'd used his real address when he registered with Skype. The man was found not guilty in court today (Original, in French) of maliciously breaking into the bank."
This discussion has been archived. No new comments can be posted.

The Man Who Hacked the Bank of France

Comments Filter:
  • amazing (Score:5, Funny)

    by masternerdguy ( 2468142 ) on Thursday September 20, 2012 @12:34PM (#41401921)
    i have the same combination on my luggage!
    • Hacking? (Score:5, Insightful)

      by Anonymous Coward on Thursday September 20, 2012 @01:09PM (#41402399)

      If this is "hacking" then opening an unlocked front door by turning the handle is lock-picking

    • Re:amazing (Score:5, Insightful)

      by Anonymous Coward on Thursday September 20, 2012 @01:09PM (#41402405)

      The surprising thing about this story is the court in France was found not guilty. In the United States of Amerika he would have been sentenced under the anti-terrorism laws. The person responsible for IS security at the Bank of France, however, should be terminated with prejudice.

      • Re: (Score:2, Funny)

        by Anonymous Coward

        The surprising thing about this story is the court in France was found not guilty

        Why is that surprising? Are courts in other countries routinely found guilty?

    • Re:amazing (Score:5, Insightful)

      by girlintraining ( 1395911 ) on Thursday September 20, 2012 @01:15PM (#41402469)

      i have the same combination on my luggage!

      It's a bit harder to defend breaking into your luggage than randomly dialing phone numbers and entering what is widely considered a "default" password in to get access. In the former case, it's reasonable to conclude that, regardless of password, if your luggage has a lock on it, it's meant to be private. In the digital world, however, access control mechanisms frequently are assigned a default password because the access mechanism itself is integral to the system -- ie, you can choose not to put a pad lock on a door, you can't disable the login screen. In the minds of a lot of people, assigning a password of "password", "1234" (or variant), "letmein", or "admin", is equivalent to not putting a pad lock on a door.

      In other words, it's not breaking and entering if you leave the door to your house unlocked. It's simple trespass and there are numerous legal defenses and excuses for that. The French court merely (and correctly, IMO) said there is an electronic analogue to this legal reasoning. That said, change your luggage combo dude, or I'm klepto'ing that hawaiian shirt you love so much. :P

      • Only on slashdot would an off handed Spaceballs reference be replied to not as the joke it is, but as if it were an analogy and critique of whether there was any real breakin or not.

        In any case, the article is in French, and I'm sure as hell not going to trust an automated translation engine to interpret what happened. I will point out that in most countries (No idea about France) intent is required to commit a crime.

    • The lesson to be gained from this is:

      Never hire someone who has a degree.

      Their heads are wedged up their asses, and held in place with sheets of parchment.

    • by cvtan ( 752695 )
      You rat! I was going to post this! ARRRRGH! (with apologies to Talk Like a Pirate Day).
    • by jrumney ( 197329 )
      I think this proves your fears of being watched by the French government correct.
  • by Anonymous Coward on Thursday September 20, 2012 @12:35PM (#41401941)

    and the French bank raised its arms in defeat and let him right on in to loot and pillage.

  • by The MAZZTer ( 911996 ) <megazzt AT gmail DOT com> on Thursday September 20, 2012 @12:39PM (#41401995) Homepage

    At high-school, someone set a network share as IE's homepage and when I logged in and launched IE I got in trouble for it.

    Oh, and permissions weren't even properly configured on the share, but they could read logs apparently.

    • by Anonymous Coward on Thursday September 20, 2012 @12:47PM (#41402113)
      I really hoped you learned your lesson after that. Do not ever use IE.
    • by Anonymous Coward on Thursday September 20, 2012 @01:42PM (#41402845)

      I got into trouble at a job once (customer service), because I shared a folder on my hard drive with read-only access for everyone. Somehow, they noticed it was being accessed from the Internet. They suspected me of stealing valuable company data. I had to point out that the contents of the folder were publicly available, and I had only shared them as a convenience for my coworkers. I also tried to point out the idiocy of allowing MS file sharing protocols across the firewall, and assigning public IPs to end-user workstations, but they didn't listen. They had an MSCE on staff who knew all about that sort of thing, and I was just a customer service rep. I quit a short time later.

      I still get kind of mad thinking about it, but I am sure they are long gone, as the entire industry moved overseas shortly thereafter. This was in the 90s.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      I got suspended for a week for deleting some 2000+ expired cookies from a machine. A librarian/student saw me, thought God knows what, and reported me for "hacking" and the like.

      Naturally that was a more severe punishment than the time I found spreadsheets of all the district's students' and teachers' information - names, addresses, birthdates, SSNs... On a public share, of course. Reported it to a teacher I trusted and I'll bet the files are still there today.

      • by Quirkz ( 1206400 ) <ross@ q u i r k z .com> on Thursday September 20, 2012 @02:15PM (#41403279) Homepage
        A buddy of mine once got detention because he took a teacher's documents folder and placed it about five layers deep inside a set of folders with names like "look inside" "click me" and "keep going". The top level folder was put exactly where the old documents folder was, and other than being nested nothing was renamed, harmed, or anything else. The teacher still went ballistic when she couldn't figure out how to click through a couple of extra folders to find her documents.

        I once got a stern talking-to by the journalism teacher when I replaced the standard Mac OS startup screen with a custom image of a badly-drawn bomb (we're talking paintshop in the early 90's here) and the message "this system will self destruct in 10 seconds." Someone outside the department had sat down to use the computer for a minute and apparently panicked when they thought the computer had been turned into an actual bomb.
        • by Opportunist ( 166417 ) on Thursday September 20, 2012 @05:00PM (#41405215)

          He didn't get detention for messing with the teachers file, his crime was much more serious: Exposing teacher stupidity.

          • The sad thing is: it ain't so.

            Don't confuse ignorance with stupidity.

            Or do, if you like. But in the mean time, how about you program my VCR for me with this unmarked remote? It won't matter that the UI is in mandarin, will it?

        • by Velex ( 120469 ) on Thursday September 20, 2012 @06:04PM (#41405791) Journal

          While we're waxing nostalgic, I remember when I was in middle school and wanted to start a computer club. And so I did. There were only 3 or 4 of us, and things went ok for the first year.

          Next year rolls around and we have to find a different teacher to sponsor the club, and so we do. So we showed him how we were accessing qbasic, and he sat in every meeting (more like coding session) for a whole semester.

          Then one day, we're all in deep doo-doo. We're being told we're lucky that they didn't call the FBI on us. Our crime: using a netware command to allow a file to be opened by multiple users (or something inane like that). Well, so it seemed logical to appeal to the teacher sponsor since he had just spent 5 months watching us "hack the network," and suddenly he didn't know anything about it.

          Lying bastard.

          The real kick to the nuts was years later there was a blurb in the newspaper about how a girl (omg a woman in computers!) had founded that school's first computer club. The netware administrators who had their panties in a bunch about my club's activities were all female. I guess I just didn't have the right body parts back then. Just goes to show that men aren't the only gender capable of being sexist pigs.

  • by MickyTheIdiot ( 1032226 ) on Thursday September 20, 2012 @12:41PM (#41402019) Homepage Journal

    In the US I think we'd have class action lawyers going after them immediately for lack of security due diligence. They would deserve it, too.

    What's the EU equivalent action?

    • by AGMW ( 594303 ) on Thursday September 20, 2012 @01:00PM (#41402293) Homepage

      In the US I think we'd have class action lawyers going after them immediately for lack of security due diligence. They would deserve it, too.

      Oh, you mean like when Gary McKinnon [wikipedia.org], who similarly walked into unsecured US military and NASA computer. The difference - oh yes, no one noticed for ages!

      • Re: (Score:3, Interesting)

        What that Gary McKinnon wiki proves to me is that NASA reads /.

        In 2006, a Freedom of Information Act request was filed with NASA for all documents pertaining to Gary McKinnon. NASA's documents consisted of printed news articles from the Slashdot website, but no other related documents. This is consistent with NASA employees browsing internet articles about Gary McKinnon; the records of such browsing activity are in the public domain. The FOIA documents have been uploaded to the internet for review, and can be downloaded.[45]

      • Well if the claims are true, then he intentionally caused damage, deleted files, and otherwise caused mayhem to the US Government. IT wasn't like he logged in, had a quick look around and then GTFO'd. No he left threats and harassing messages. I'd say there is a world of difference.
    • I don't know about the rest of the EU, but in France there's basically no equivalent to class actions. There have been talks about putting them into law, but it has been deemed "bad for the economy" (under the previous administration - maybe the new one will bring it back on the table). There's still ground for individual action, though, if only on the basis of privacy protection.
    • A strike!

    • Knowing the EU, I guess the equivalent action is to pass a law (sorry, a "guideline") immediately that makes it illegal to try default passwords on machines, and doing so makes you a hacker immediately, essentially turning the table around and making the culprit the victim and vice versa.

  • by 140Mandak262Jamuna ( 970587 ) on Thursday September 20, 2012 @12:42PM (#41402039) Journal
    Not only they stole all my money, they stole my secret password too. 1 2 3 4 5 6 is mine. Now go away thieves. I am not giving it back to you.
    • by Anonymous Coward
      Hah! My precious "hunter2" is safe!
  • NSFW link (Score:5, Funny)

    by jdastrup ( 1075795 ) on Thursday September 20, 2012 @12:45PM (#41402079)
    I guess "Original, in French" should have warned me
    • by Anonymous Coward
      I wouldn't have followed the link without having seen your warning. I know it isn't, today, but the pictures of topless french women waging a naked war should be safe for work - we are still way to puritanical in the US (I don't know where you are)...
    • by Anonymous Coward

      Damn you! I couldnt resist opening the link now that I know it is NSFW. Now I have sinned by RTFAing.

    • by Overzeetop ( 214511 ) on Thursday September 20, 2012 @01:52PM (#41402973) Journal

      Just knowing the article (sidebar?) is NSFW probably resulted in an order or magnitude more /.ers clicking through the link.

    • Yup, whups... I wanted to read the French language version to see if I could follow what the article was saying. Got a few lines in then I saw the sidebar. D'oh.
    • Re: (Score:3, Insightful)

      by phme ( 1501991 )

      Really, this is NSFW for you guys? Time to move back across the pond...

      • by Velex ( 120469 )

        You're forgetting that the female breast is a highly offensive body part. In fact, if children under the age of 2 are exposed to the uncovered female breast, they could be traumatized for life.

  • by ackthpt ( 218170 ) on Thursday September 20, 2012 @12:45PM (#41402091) Homepage Journal

    Ha! Another chapter in great security waitasec, that's my password, too...

    I remember back when some clowns in Milwaukee , the 414's, who wanted to sell their story to Hollywood for a movie, books, etcs. All they did was use default passwords on DEC systems to log in ([1,2] was SYSTEM unless you changed it on first day.) Even our Digital field techs would set the Field Service operator account password to DECAPR, DECMAY or whatever the month was.

    • The actual password once typed on a phone keyboard appears to be encrypted as: 1CFGLO why is it considered unsecured?
  • NSFW (Score:3, Informative)

    by Anonymous Coward on Thursday September 20, 2012 @12:47PM (#41402127)

    NSFW photo in sidebar, thanks to Femen.

  • . . . .that's the same password I always use????? I knew I should have banked with the Bank of France!
  • by macbeth66 ( 204889 ) on Thursday September 20, 2012 @12:58PM (#41402267)

    The idiot that initially typed in that password should be the one charged in this matter. It would have been more secure with 'Joshua' or 'CPE1704TKS'.

    And yes, I am being sarcastic. Those passwords suck too.

  • by Penurious Penguin ( 2687307 ) on Thursday September 20, 2012 @01:09PM (#41402397) Journal
    Maybe they expected all attempts would be foiled by eternal debates on the meaning of each digit and whether they really existed or not. If so, (Infinity ^6) is pretty strong and they were probably on to something, at least existentially.
  • But more importantly, did you hear the Femen have landed in Paris?!

  • 654321 (Score:2, Interesting)

    by Anonymous Coward

    A note to Timothy
    > from the whereas-6-5-4-3-2-1-would-have-stopped-him dept.

    actually 654321 was an alternative password that also worked !

  • by Anonymous Coward

    Read in French : http://www.pcinpact.com/news/73975-non-systeme-informatique-banque-france-na-pas-ete-pirate.htm
    He phoned to a technical service used a bad code that resulted an alarm.
    Due to this overrated alarm the site was closed during 48h...

  • Perhaps the password was 123,456 and came from a random number generator.

    • by Qzukk ( 229616 )

      That's a pretty big number to have been chosen by a fair dice roll

      • No, the only problem is that one million sided dice are hard to read. You need a good level to do so. And that's after you've rolled it with a crane
  • by damaki ( 997243 ) on Friday September 21, 2012 @01:06AM (#41408085)
    I know that truth is not really popular around Slashdot, but nothing was actually hacked, as said here [google.fr]
    A software alarm popped up for unauthorized login and that's all. It's just that it looked like a hack attempt of a critical national institution.
    BTW, looking at the comments, it seems like people did not understand that Banque de France is not a real bank. It's a national administration, just printing money, loaning money to banks and insurance for collateral and managing over-indebtedness.

One good suit is worth a thousand resumes.

Working...