The Man Who Hacked the Bank of France

First time accepted submitter David Off writes "In 2008 a Skype user looking for cheap rate gateway numbers found himself connected to the Bank of France where he was asked for a password. He typed 1 2 3 4 5 6 and found himself connected to their computer system. The intrusion was rapidly detected but led to the system being frozen for 48 hours as a security measure. Two years of extensive international police inquiries eventually traced the 37-year-old unemployed Breton despite the fact he'd used his real address when he registered with Skype. The man was found not guilty in court today (Original, in French) of maliciously breaking into the bank."

This reminds me of the time

[The MAZZTer]

At high-school, someone set a network share as IE's homepage and when I logged in and launched IE I got in trouble for it.

Oh, and permissions weren't even properly configured on the share, but they could read logs apparently.

That is not reasonable security

[MickyTheIdiot]

In the US I think we'd have class action lawyers going after them immediately for lack of security due diligence. They would deserve it, too.

What's the EU equivalent action?

Why is there no liability on the part of the Bank?

[macbeth66]

The idiot that initially typed in that password should be the one charged in this matter. It would have been more secure with 'Joshua' or 'CPE1704TKS'.

And yes, I am being sarcastic. Those passwords suck too.

Re:That is not reasonable security

[drummerboybac]

What that Gary McKinnon wiki proves to me is that NASA reads /.

In 2006, a Freedom of Information Act request was filed with NASA for all documents pertaining to Gary McKinnon. NASA's documents consisted of printed news articles from the Slashdot website, but no other related documents. This is consistent with NASA employees browsing internet articles about Gary McKinnon; the records of such browsing activity are in the public domain. The FOIA documents have been uploaded to the internet for review, and can be downloaded.[45]

654321

[Anonymous Coward]

A note to Timothy
> from the whereas-6-5-4-3-2-1-would-have-stopped-him dept.

actually 654321 was an alternative password that also worked !

Re:This reminds me of the time

[Anonymous Coward]

I got into trouble at a job once (customer service), because I shared a folder on my hard drive with read-only access for everyone. Somehow, they noticed it was being accessed from the Internet. They suspected me of stealing valuable company data. I had to point out that the contents of the folder were publicly available, and I had only shared them as a convenience for my coworkers. I also tried to point out the idiocy of allowing MS file sharing protocols across the firewall, and assigning public IPs to end-user workstations, but they didn't listen. They had an MSCE on staff who knew all about that sort of thing, and I was just a customer service rep. I quit a short time later.

I still get kind of mad thinking about it, but I am sure they are long gone, as the entire industry moved overseas shortly thereafter. This was in the 90s.

Re:This reminds me of the time

[Anonymous Coward]

I got suspended for a week for deleting some 2000+ expired cookies from a machine. A librarian/student saw me, thought God knows what, and reported me for "hacking" and the like.

Naturally that was a more severe punishment than the time I found spreadsheets of all the district's students' and teachers' information - names, addresses, birthdates, SSNs... On a public share, of course. Reported it to a teacher I trusted and I'll bet the files are still there today.

Re:This reminds me of the time

[Quirkz]

A buddy of mine once got detention because he took a teacher's documents folder and placed it about five layers deep inside a set of folders with names like "look inside" "click me" and "keep going". The top level folder was put exactly where the old documents folder was, and other than being nested nothing was renamed, harmed, or anything else. The teacher still went ballistic when she couldn't figure out how to click through a couple of extra folders to find her documents.

I once got a stern talking-to by the journalism teacher when I replaced the standard Mac OS startup screen with a custom image of a badly-drawn bomb (we're talking paintshop in the early 90's here) and the message "this system will self destruct in 10 seconds." Someone outside the department had sat down to use the computer for a minute and apparently panicked when they thought the computer had been turned into an actual bomb.

Re:This reminds me of the time

[Velex]

While we're waxing nostalgic, I remember when I was in middle school and wanted to start a computer club. And so I did. There were only 3 or 4 of us, and things went ok for the first year.

Next year rolls around and we have to find a different teacher to sponsor the club, and so we do. So we showed him how we were accessing qbasic, and he sat in every meeting (more like coding session) for a whole semester.

Then one day, we're all in deep doo-doo. We're being told we're lucky that they didn't call the FBI on us. Our crime: using a netware command to allow a file to be opened by multiple users (or something inane like that). Well, so it seemed logical to appeal to the teacher sponsor since he had just spent 5 months watching us "hack the network," and suddenly he didn't know anything about it.

Lying bastard.

The real kick to the nuts was years later there was a blurb in the newspaper about how a girl (omg a woman in computers!) had founded that school's first computer club. The netware administrators who had their panties in a bunch about my club's activities were all female. I guess I just didn't have the right body parts back then. Just goes to show that men aren't the only gender capable of being sexist pigs.