in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Laptop Encryption: Don't Forget To Use Strong Passwords

According to theage.com.au, one of the most sought-after (and currently incarcerated) hackers was identified and trapped because he used his pet's name as his password to his Mac disk encryption.  At least, he thinks that's how it happened.  He's probably right, seeing how it was "Chewy123".

The Interview

In an interview conducted with Jeremy Hammond, who was given a 10-year sentence for hacking into government websites and other cyber-hijinks, the incarcerated hacker reveals not only his motivations, political and otherwise, but what happened on the day the feds bust through his door.

It almost sounds like he was expecting it:
Hammond was smoking pot and chatting with friends in the kitchen of his Chicago home when the front door was kicked in. Someone threw a flash bang.

"There were all these dudes with assault rifles," he said.

Everyone else hit the floor, but Hammond dashed to his bedroom to slam shut his encrypted Mac laptop.
The above, of course, means that Hammond closed the lid of the laptop.  By doing so, an encrypted Mac goes into its "protected state": when full disk encryption] is used, the encryption is "on" when the computer is off or when the password has to be entered.  Encryption is turned "off" when you're working on the computer.  By slamming shut his Mac, Hammond had ensured that his encryption kicked in, preventing third parties from browsing through and reading his computer's contents.

Or at least, that was the idea.

Weak Passwords

Encryption works.  This has been proven time and time again.  Modern encryption, such as the AES encryption algorithm used in Macs are so powerful that cracking it by brute force would take decades, maybe even centuries.

And because of that, anyone trying to break into an encrypted system tends to target the password, since these tend to be much shorter and less complex, and thus much easier to crack.  How much easier?  According to some recent research, you can expect any password to fall within a week if the password is less than 15 characters in length.  The current guidelines in certain circles call for a 22-character password if a password is going to be useful.

Chewy123 is not such a password.  Furthermore, there are other problems to this particular password choice: 
  • Chewy is a dictionary word.  Running a list of words found in a dictionary through the password prompt (if you will) is pretty easy and standard when it comes to cracking passwords.
  • 123 is a very oft-used add-on to passwords when trying to create an alphanumeric password.
  • Chew is also Hammond's cat's name.  People looking to break passwords will use personal information like mother's maiden names, birthdates, old addresses, names of friends, and names of pets.

What's the moral of the story?  I guess one is "don't use weak passwords."  And I guess another is " don't do stuff that will get you arrested."  But regardless of what it may be, I think we can conclude one thing for certain: nobody wants to be using long, complex, "un-memorizable" passwords, not even hackers.  But, that will cost you when you least expect it.


Related Articles and Sites:
http://www.theage.com.au/it-pro/security-it/chewy-123-fbis-mostwanted-cybercriminal-used-cats-name-as-password-20141115-11nan3.html
 
<Previous Next>

Laptop Disk Encryption: Coca-Cola Sued For January 2014 Laptop Theft (and Recovery)

Laptop Encryption: Thieves Stick Up Doc, Ask For Passwords To Encrypted Computer

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.