Last week, we reported that the systems which control the Illinois water supplies were hacked. Over the weekend another similar attack happened in Texas. But this one was possible because the password was just three digits long. That's pretty terrifying.
Threat Post reports how a hacker called "pr0f" took credit for compromising the supervisory control and data acquisition (SCADA) systems, which control infrastructure like water treatment or power plants, of South Houston, a community in Harris County, Texas.
But it wasn't cutting-edge computer science at work. Pr0f just found out that one of the passwords used to log on to the SCADA system was only three characters long. Because it was so short, it hardly took him any time to crack. In an email to Threat Post he said:
"I'm sorry this ain't a tale of advanced persistent threats and stuff, but frankly most compromises I've seen have been have been a result of gross stupidity, not incredible technical skill on the part of the attacker. Sorry to disappoint."
Sure, nothing serious came of the attack. But the scary bit of this story is the fact that people think a three-digit password is secure. More importantly, people that work with systems that control real important infrastructure think that a three-digit password is safe. These people are morons. If you're stumped when it comes to choosing passwords, here's a guide. [Threat Post; Image: marc falardeau]