The Man Who Hacked the Bank of France 184
First time accepted submitter David Off writes "In 2008 a Skype user looking for cheap rate gateway numbers found himself connected to the Bank of France where he was asked for a password. He typed 1 2 3 4 5 6 and found himself connected to their computer system. The intrusion was rapidly detected but led to the system being frozen for 48 hours as a security measure. Two years of extensive international police inquiries eventually traced the 37-year-old unemployed Breton despite the fact he'd used his real address when he registered with Skype. The man was found not guilty in court today (Original, in French) of maliciously breaking into the bank."
Hacking? (Score:5, Insightful)
If this is "hacking" then opening an unlocked front door by turning the handle is lock-picking
Re:amazing (Score:5, Insightful)
The surprising thing about this story is the court in France was found not guilty. In the United States of Amerika he would have been sentenced under the anti-terrorism laws. The person responsible for IS security at the Bank of France, however, should be terminated with prejudice.
Re:amazing (Score:5, Insightful)
i have the same combination on my luggage!
It's a bit harder to defend breaking into your luggage than randomly dialing phone numbers and entering what is widely considered a "default" password in to get access. In the former case, it's reasonable to conclude that, regardless of password, if your luggage has a lock on it, it's meant to be private. In the digital world, however, access control mechanisms frequently are assigned a default password because the access mechanism itself is integral to the system -- ie, you can choose not to put a pad lock on a door, you can't disable the login screen. In the minds of a lot of people, assigning a password of "password", "1234" (or variant), "letmein", or "admin", is equivalent to not putting a pad lock on a door.
In other words, it's not breaking and entering if you leave the door to your house unlocked. It's simple trespass and there are numerous legal defenses and excuses for that. The French court merely (and correctly, IMO) said there is an electronic analogue to this legal reasoning. That said, change your luggage combo dude, or I'm klepto'ing that hawaiian shirt you love so much. :P
Note to editors: how to get /. to read the article (Score:4, Insightful)
Just knowing the article (sidebar?) is NSFW probably resulted in an order or magnitude more /.ers clicking through the link.
Re:NSFW link (Score:3, Insightful)
Really, this is NSFW for you guys? Time to move back across the pond...
123456 = no password intended (Score:4, Insightful)
I can tell you're one of the people who simple don't get the IE/Apache "do not track" square dance.
If the client has no ability to suppress the password screen, it's not much different than Microsoft setting a global "do not track" attribute that was intended to reflect an explicitly activated user preference, which renders it meaningless.
The closest you can come with many software packages to explicitly leave the door ajar (since you can't disable the password screen completely) is to set the password to 123456 or ftp. The later is considered obscure.
Among those with strong presumptions of security competence, typing 123456 is the moral equivalent to checking whether This Door Is Intentionally Left Ajar
Among those with no presumptions of security competence, no signal exists which reflects end-user discretion. This of course soon degenerates to the tyrany of the social machine. Check out the Barry Schwartz TED talk if you don't believe me for the episode on Mike's Hard Lemonade. Social services terrorized the child and they all knew (or strongly suspected) that it was all a big mistake.
Re:This reminds me of the time (Score:4, Insightful)
He didn't get detention for messing with the teachers file, his crime was much more serious: Exposing teacher stupidity.