Paul Manafort Guilty Of Bad Password Choices -

Paul Manafort Guilty Of Bad Password Choices

Credit: forbes.com

  • Dec 05 2017 19:30About: 7 days ago
  • 11 views

Facing charges that include money laundering and conspiracy against The United States, Paul Manafort surrendered himself to the FBI this Monday. Manafort is considered innocent of those charges until proven guilty in a court of law, of course, but he's already been found guilty of a pair of cyber security transgressions: choosing bad passwords and re-using those passwords with multiple accounts.

A security researcher who operates under the handle Krypt3ia got hold of a massive trove of data that included emails from Manafort himself. The source: a successful hack of his daughter's cell phone. A second researcher who spoke with Motherboard took Manafort's email address and started digging.

The address turned up in a few places -- notably the Adobe and Dropbox breaches that spilled details on 150 million and 68 million accounts respectively. The passwords associated with the Manafort accounts were encrypted, but the researcher was able to figure them out thanks to some painfully transparent password hints that were in the dump.

Manafort, it seems, had used the same password as some other Adobe users. Those users had set reminders like "secret agent" and "James Bond." With the help of a common security tool, the researcher quickly determined that "bond007" was the password.

Now, combining letters and numbers when you create a password is certainly a good idea. Those letters and numbers in that particular order, however... Not so much. It's also not a great practice to use a password that almost certainly isn't going to be unique.

Compounding his security woes: Manafort's email address and bond007 also appeared to be valid credentials for a Dropbox account. Hopefully, you're well aware by now that you should avoid re-using passwords at all costs. Doing so just makes it that much easier for cybercriminals to break into your accounts.

Security researchers have shown that people who do re-use passwords often do it more than once... so we may yet hear that bond007 unlocked other Manafort accounts, too.



Follow Us on Twitter

crime former Trump campaign manager made some very decisions when securing important accounts.

Related stories with Paul Manafort Guilty Of Bad Password Choices

The Upward Trend Of Software Breaches: Four Priorities For Technology Leaders In The Wake Of Equifax -World News
The Upward Trend Of Software Breaches: Four Priorities For Technology Leaders In The Wake Of Equifax 7 days ago
We must take a more proactive approach to manage software complexity if we’re ever going to reverse the trend of commonplace breaches.
Wetware: The Often-Overlooked Crucial Factor in Cybersecurity -World News
Wetware: The Often-Overlooked Crucial Factor in Cybersecurity 7 days ago
Often, the most vulnerable part of any cybersecurity regime is the “device between the keyboard and the seat,” i.e. the human. To continue the benefits of our networked society, we need more effective approaches to cybersecurity. Addressing the human
TSA Misses 70% Of Fake Weapons But That's An Improvement -World News
TSA Misses 70% Of Fake Weapons But That's An Improvement 7 days ago
The Transportation Security Administration (TSA) missed 70% of fake weapons in tests, but that's actually an improvement.
In Blockchain We Trust: What We Can Learn From The Age of Steam -World News
In Blockchain We Trust: What We Can Learn From The Age of Steam 7 days ago
Innovation has always brought both excitement and fear. We can learn something from an earlier revolution.
Cloud Computing Makes Everyone Their Own Chief Information Officer -- Is That A Good Thing? -World News
Cloud Computing Makes Everyone Their Own Chief Information Officer -- Is That A Good Thing? 7 days ago
While a multi-cloud strategy provides for more flexibility, resiliency and reduced dependence, there is also the risk of unfettered sprawl -- which cloud computing was supposed to fix in the first place.
Distributed-Denial-Of-Service Attacks And DNS -World News
Distributed-Denial-Of-Service Attacks And DNS 7 days ago
Companies need to anticipate the possibility that their DNS services could be the target of DDoS attacks and realize that without DNS, all internet applications and services are unreachable, bringing business to a grinding halt.
The Evolution Of The Password: How To Protect Your Business Against Modern Security Threats -World News
The Evolution Of The Password: How To Protect Your Business Against Modern Security Threats 7 days ago
Layering on additional authentication factors to existing security protocols must be done strategically in order to prevent security fatigue and weak passwords.
Uber Riders Sue Company Over Alleged Rapes, Offer Ideas For Change -World News
Uber Riders Sue Company Over Alleged Rapes, Offer Ideas For Change 7 days ago
After years of assault accusations from ride-hail users, two past Uber riders are filing suit over the company's alleged failure to protect its customers from the start.
Microsoft Just Fixed a Security Flaw In Office That's 17 Years Old -World News
Microsoft Just Fixed a Security Flaw In Office That's 17 Years Old 7 days ago
Better late than never, the old saying goes. It's especially true in the case of a security issue in Office that's been around since the turn of the millennium.
He Who Rules The Data, Rules The World: A Brief History Of Data Governance -World News
He Who Rules The Data, Rules The World: A Brief History Of Data Governance 7 days ago
Data rules the world, but who rules the data? The companies that collect it? The servers that store it? The cables and satellites that transmit it? Or the laws that keep it flowing into the right hands—and away from the wrong ones? Welcome to the world
This New Free Service Helps Keep Malware Off Your Computer -World News
This New Free Service Helps Keep Malware Off Your Computer 7 days ago
Keeping all your devices malware-free isn't always easy. Fortunately, there's a new tool that can help... and it's totally free.
Did Wikileaks Commit A Crime When It 'Guessed' PutinTrump.org's Password? -World News
Did Wikileaks Commit A Crime When It 'Guessed' PutinTrump.org's Password? 7 days ago
Millionaire owner of putintrump.org is looking into whether Wikileaks broke the law by guessing the password to the site.