Convicted hacker Robert Moore, who is set to go to federal prison this
week, says breaking into 15 telecommunications companies and hundreds
of businesses worldwide was incredibly easy because simple IT mistakes
left gaping technical holes.
Moore, 23, of Spokane, Wash., pleaded guilty to conspiracy to
commit computer fraud and is slated to begin his two-year sentence on
Thursday for his part in a scheme to steal voice over IP services
and sell them through a separate company. While prosecutors call
co-conspirator Edwin Pena the mastermind of the operation, Moore acted
as the hacker, admittedly scanning and breaking into telecom companies
and other corporations around the world.
“It's so easy. It's so easy a caveman can do it,” Moore told InformationWeek, laughing. “When you've got that many computers at your fingertips, you'd be surprised how many are insecure.”
Ha… these Cavemen folks are getting a bad rap these days.
Moore said what made the hacking job so easy was that 70% of all the
companies he scanned were insecure, and 45% to 50% of VoIP providers
were insecure. The biggest insecurity? Default passwords.
“I'd say 85% of them were misconfigured routers. They had the default
passwords on them,” said Moore. “You would not believe the number of
routers that had 'admin' or 'Cisco0' as passwords on them. We could get
full access to a Cisco box with enabled access so you can do whatever you want to the box. …
We also targeted Mera, a Web-based switch. It turns any computer
basically into a switch so you could do the calls through it. We found
the default password for it. We would take that and I'd write a scanner
for Mera boxes and we'd run the password against it to try to log in,
and basically we could get in almost every time. Then we'd have all
sorts of information, basically the whole database, right at our
Yup, I agree. A caveman could do that. Read the full article at Information Week.