How many data points does it take to call something a trend? With the hack and subsequent data dump of the internal files of Hacking Team, a company most of us never even knew existed until this week, the world is getting to see a very public examination of the naked inner workings of an organization. This is the second time I can think of this kind of hack occurring. The first was, of course, Sony Pictures.
Some number of hackers have turned two different organizations inside out from a digital perspective, exposing even the mundane stuff for public ridicule. And some of the most harshly ridiculed practices of all in both cases involved passwords and credentials.
In the case of Sony Pictures, the effect was acutely embarrassing. Scores of Excel spreadsheets, detailing personal, business, and IT system passwords, with filenames like “website passwords” and “usernames & passwords”. When Gawker writes an article detailing what morons you are, you know it’s bad: http://gawker.com/sonys-top-secret-password-lists-have-names-like-master_-1666775151
In the case of Hacking Team, enough data was dumped for both the obvious stupidity to come to light, but also for hashed passwords to be brute forced, to be gleefully revealed in horrific detail on twitter. The examples below are (a) a dump of the admin’s Firefox password manager, and (b) an excel spreadsheet containing VPS credentials.
So, let’s assume that this ‘dump and roast’ trend is really a trend, and will continue. Perhaps it puts a little more personal skin in the game. We all get lazy. We all take shortcuts. But perhaps now that there is a risk that all those shortcuts get dissected at a later date, with a very sharp scalpel.
Trying to look competent during examination by your Future Hacker Overlords. It’s an odd thing to imagine as a security influence. But right now, it feels like it might become a thing….