Tactical Advice

Weak Passwords Allow Fort Disco Brute Force Attack to Succeed

The simple act of choosing an effective password can go a long way toward securing systems and websites.
Weak Passwords Allowed the Fort Disco Brute Force Attack to Succeed
Credit: iStockPhoto/ThinkStockPhotos

When it comes to security, system administrators hold the keys to the kingdom. Look no further than the Edward Snowden affair to understand the importance and ramifications of this role. Being a system administrator comes with many responsibilities, including maintaining administrative passwords for networks and websites. Unfortunately, when it comes to thinking up secure passwords, it appears that far too many sys admins lack imagination.

On August 7, Matt Bing, a research analyst for Arbor Networks, a security solutions provider, reported on a brute force attack campaign dubbed Fort Disco. In this attack a 25,000-machine botnet used brute force techniques against blog sites and content management systems. To date, more than 6,000 sites have been victimized by this attack.

The end goal of the malware campaign seemed to be access to the typically immense bandwidth of the data centers hosting these sites, allowing the attackers to carry out similar attacks on a much greater scale, among other things.

But the weak link here, which made this attack campaign viable, was the weak passwords that the malware proprietors easily cracked to gain access and wreak havoc. Among the brute force attempts carried out by this botnet, the two most successful password attempts — unbelievably — were “admin,” which was successful 893 times, and “123456,” which yielded access 588 times. (See below for the Top 10 Worst Passwords Ever).

Putting a little time and creativity into password selection can save a lot of grief. Strong password best-practice techniques include using at least seven characters; using a mixture of uppercase and lowercase letters, numerals, and symbols; avoiding personally identifiable information such as user name, birthday, street address or phone number; changing passwords on a regular basis; and not using a word that can be found in the dictionary as the full password.

If the password you’ve assigned to your network, server, etc., is as simple as the abc’s or the 123’s, you’re probably doing it wrong.

Top 10 Worst Passwords Ever
Password Number of Fort Disco Compromises
Admin 893
123456 588
123123 371
12345 360
{domain} 248
pass 218
123456789 171
1234 150
abc123 136
123321 131
Sign up for our e-newsletter

Security

Three Ways to Integrate Fire... |
Follow these tips to align the devices with log management and incident tracking systems.
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...

Storage

The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...
The Value of Converged Infra... |
Improvements in security, management and efficiency are just a few of the benefits CI can...

Networking

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Hardware & Software

New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
The Tools That Power Busines... |
Ever-evolving analytic software can greatly improve financial institutions’ decision-...