WingNews logo WingNews GitHub [2]
top | item 4597676

French Central Bank password was 123456 (really)

56 points| tjaerv | 13 years ago |ubergizmo.com | reply

17 comments

order
[+] dfc|13 years ago|reply
The password for the "particular computer system which handles the consumer indebtedness files (basically people who are flagged as having a very bad credit history)" was 123456. Nobody could have made an ACH transfer from the french government's account.

As a community can we please refrain for linking to Hyperbolic Link Bait? This is the second time in 24 hours I have seen such a hyperbolic and misleading title.[1] If it is a great article a little hyperbole is acceptable, but both articles have been lousy. There is no reason to encourage websites to keep this behavior up.

[1] The other article was originally titled something along the lines of "Chinese hackers break in to White House military office network in charge of the president’s nuclear football" Fortunately the HN moderators stepped in and edited the title here at HN. http://news.ycombinator.com/item?id=4595042

[+] martokus|13 years ago|reply
Moreover what is written is not at all true. My manager is French and here's what he said: the guy got that number from the forum. He called and was prompted for a pass so he entered 1234 (not even 123456 as claimed in the article). The line said wrong password so he closed down. However the phone server raised an alert about a failed login attempt so they closed down the line and investigated for a potential breach. And yes 654321 would have worked as well as any other wrong password in fact.
[+] arethuza|13 years ago|reply
If you think that is bad, how about this:

"For the Minuteman ICBM force, the US Air Force's Strategic Air Command worried that in times of need the codes would not be available, so they quietly decided to set them to 00000000. The missile launch checklists included an item confirming this combination until 1977"

http://en.wikipedia.org/wiki/Permissive_Action_Link

[+] mikeash|13 years ago|reply
They at least had a decent reason for it. That case is interesting because the ICBM force had two completely contradictory goals. First, they wanted to ensure that no ICBM could be launched without authorization, but second, they wanted to ensure that, in the event of war, all ICBMs could be quickly launched even with a massive failure in the command hierarchy. Weird stuff happens when an organization has opposing goals like that.

I don't think the same thing applies to a bank, so they have no excuse there.

[+] Dylan16807|13 years ago|reply
Not very bad. The missiles are in a military base and require trained personnel to launch. PAL is just a bonus effort.
[+] s_henry_paulson|13 years ago|reply
The article is really light on details about who he was calling, and what sort of access that phone call would have got him.

Sounds a bit sensationalized.

[+] mddw|13 years ago|reply
French here. The man behind this "hacking" was interviewed here : http://www.pcinpact.com/news/74060-exclusif-pcinpact-intervi...

The 123456 pass was for a phone service dedicated to the Banque de France itinerant techies.

The "hacker", when asked a password, tried randomly 123456. He gained access to complex options (each being quite technical.) He tried one randomly, it triggered a kind of panic mode.

He only discovered it was a Banque de France telephone number when arrested by the police, four years ago.

[+] thechut|13 years ago|reply
This sounds pretty bad. But what exactly was he allowed access to after typing in that code? This story raises more questions than answers.
[+] BudVVeezer|13 years ago|reply
That makes it "thought provoking" doesn't it? ;-)
[+] exabrial|13 years ago|reply
Sounds like a code an idiot would have on his briefcase.
[+] kokey|13 years ago|reply
I remember MCI letting you use something like 00000000000000 as your calling card, way back in 1994 I think.
[+] GoldiKam|13 years ago|reply
How could a bank be so careless