This is the result of a security audit:
More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234, Password1234!, and ChangeItN0w!—were weak enough to be cracked using standard methods, a recently published security audit of the agency found.
[…]
The results weren’t encouraging. In all, the auditors cracked 18,174—or 21 percent—of the 85,944 cryptographic hashes they tested; 288 of the affected accounts had elevated privileges, and 362 of them belonged to senior government employees. In the first 90 minutes of testing, auditors cracked the hashes for 16 percent of the department’s user accounts.
The audit uncovered another security weakness—the failure to consistently implement multi-factor authentication (MFA). The failure extended to 25—or 89 percent—of 28 high-value assets (HVAs), which, when breached, have the potential to severely impact agency operations.
Original story:
To make their point, the watchdog spent less than $15,000 on building a password-cracking rig—a setup of a high-performance computer or several chained together - with the computing power designed to take on complex mathematical tasks, like recovering hashed passwords. Within the first 90 minutes, the watchdog was able to recover nearly 14,000 employee passwords, or about 16% of all department accounts, including passwords like ‘Polar_bear65’ and ‘Nationalparks2014!’.
More Stories
Man Arrested Over UK Railway Station Wi-Fi Hack
The suspect is an employee of Global Reach Technology, which provides some Wi-Fi services to Network Rail Read More
Russian Hackers Target Ukrainian Servicemen via Messaging Apps
Russian cyber-attacks on Ukrainian servicemen underscore the escalating use of digital warfare tactics in the ongoing conflict Read More
Data Breach at MC2 Data Leaves 100 Million at Risk of Fraud
The data leak exposed personal data of 100m US citizens, resulting from a misconfigured database made accessible online Read More
U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex
The United States today unveiled sanctions and indictments against the alleged proprietor of Joker’s Stash, a now-defunct cybercrime store that...
When UK rail stations’ Wi-Fi was defaced by hackers the only casualty was the truth
If you believed some of the news headlines in the UK on Thursday, you would think that something much more...
Over a Third of Employees Secretly Sharing Work Info with AI
A CybSafe survey found that 52% of workers have not yet received any training on safe AI use Read More