According to an employee with knowledge of the system, the password to the Louvre's video surveillance system was simply "Louvre" at the time of the robbery last month.
I’ve known clients that have never removed the default admin account, with a default admin password… and looked at me like I had a horn growing out my ear…
I’ll admit it, I have systems at work with weak or default passwords. But they don’t handle any sensitive information, and exploiting them wouldn’t get you any additional privileges on the network.
that’s just it… any vulnerable system lets them get their nose in the door, then the camel starts snooping around the tent for whatever it can get. Eventually, they find away to something juicy.
The thing is, whether we’re talking about digital or physical security, the weakest thing in any system is the humans. The sloppy passwords (c’mon it should have been Louvre25! lol.) is a human thing. clicking that phising scam is a human thing. kipping off to the egyption bedroom for tryste with receptionist is a human thing.
the simple password isn’t the problem. The people being complacent is.
Until someone figures out how to use this non critical system to exploit other parts of your network. An ssh shell on an internet connected coffee machine in a bank would make a great starting point to gain access to more critical systems for example.
Also, this was found by an audit years ago. Doesn’t mean it was fixed, but doesn’t mean it was still the same during or after the theft.
At least it wasn’t the default password.
I’ve known clients that have never removed the default admin account, with a default admin password… and looked at me like I had a horn growing out my ear…
I’ll admit it, I have systems at work with weak or default passwords. But they don’t handle any sensitive information, and exploiting them wouldn’t get you any additional privileges on the network.
that’s just it… any vulnerable system lets them get their nose in the door, then the camel starts snooping around the tent for whatever it can get. Eventually, they find away to something juicy.
The thing is, whether we’re talking about digital or physical security, the weakest thing in any system is the humans. The sloppy passwords (c’mon it should have been Louvre25! lol.) is a human thing. clicking that phising scam is a human thing. kipping off to the egyption bedroom for tryste with receptionist is a human thing.
the simple password isn’t the problem. The people being complacent is.
Until someone figures out how to use this non critical system to exploit other parts of your network. An ssh shell on an internet connected coffee machine in a bank would make a great starting point to gain access to more critical systems for example.
There was a story a few years back about a casino getting hacked through a smart thermometer in a fish tank.
the Target hack went in through the HVAC system.