A 'Ridiculously Weak' Password Causes Disaster for Spain's No. 2 Mobile Carrier

Orange Espana, Spain's second-biggest mobile operator, suffered a major outage on Wednesday after an unknown party obtained a "ridiculously weak" password and used it to access an account for managing the global routing table that controls which networks deliver the company's Internet traffic, researchers said. From a report: The hijacking began around 9:28 Coordinated Universal Time (about 2:28 Pacific time) when the party logged into Orange's RIPE NCC account using the password "ripeadmin" (minus the quotation marks). The RIPE Network Coordination Center is one of five Regional Internet Registries, which are responsible for managing and allocating IP addresses to Internet service providers, telecommunication organizations, and companies that manage their own network infrastructure. RIPE serves 75 countries in Europe, the Middle East, and Central Asia.

The password came to light after the party, using the moniker Snow, posted an image to social media that showed the orange.es email address associated with the RIPE account. RIPE said it's working on ways to beef up account security. Security firm Hudson Rock plugged the email address into a database it maintains to track credentials for sale in online bazaars. In a post, the security firm said the username and "ridiculously weak" password were harvested by information-stealing malware that had been installed on an Orange computer since September. The password was then made available for sale on an infostealer marketplace.

they needed malware to find that password?

[Joe_Dragon]

they needed malware to find that password?

Re:

[RossCWilliams]

And if they got it with malware what difference did the quality of the password make. Passwords in general are like locking your doors, it will keep honest people honest but determined criminals have no problem getting in.

Re:

[znrt]

no, they got the password thanks to malware, it was later revealed by a third party that the password was leaked and actually weak.

don't get confused by clickbaity headlines: the weakness of the password did not cause this breach.

Re:

[nukenerd]

don't get confused by clickbaity headlines: the weakness of the password did not cause this breach.

So the headline is not clickbaity, it is just plain wrong.

Re:

[znrt]

it's both, and that's not a rare occurrence at all. actually, being wrong is a normal consequence of producing click-bait, because the priority becomes getting attention, not conveying useful information in a very compact form.

Beef up security

[The-Ixian]

RIPE said it's working on ways to beef up account security

Hmmm, yeah, that's a tough one. They are going to have to pay some brainiacs big consulting dollars to figure this one out.

Re:

[Forty Two Tenfold]

That's even more Burger King product placement than normal.

Re:

[Ed Tice]

Clearly I spent too much of my career learning actual skills. I would be much better off if I had instead learned the ability to get some of those braniac consulting dollars :(

Ridiculously weak?

[smooth wombat]

Clearly these folks don't know a thing about secure passwords. The lock to my luggage is more secure. It's the unbreakable 1-2-3-4-5. No one could ever guess it.

Re: Ridiculously weak?

[Ronin Developer]

Amazing! I have the exact same combination on MY luggage!

Re:

[jmccue]

Amateurs, you should have used the ultra secure password the US Military used to launch their nuclear missiles, 00000. Fully approved by the US Military.

Re:

[backslashdot]

I set mine to 9-9-9-9-9. I found my luggage thief by getting a list of people who purchased Advil the day after it got stolen.

Re:

[antdude]

https://www.youtube.com/watch?... [youtube.com]

Spaceballs FTW!

RIPE

[mick232]

Established in 1992 and one of the core organizations of the Internet. But 31 years later still haven't heard of state of the art security like 2FA.

Only getting worse

[xack]

With the ipv4 space increasingly crowded and the demand for "clean" ips for malware use to send spam more and more ip ranges will be hijacked.

Reminds me of some startups

[sinkskinkshrieks]

Where they reuse a 7-8 character password that maybe has a digit and a punctuation symbol, but is otherwise a dictionary word.

Hudson Rock

[SomePoorSchmuck]

Security firm Hudson Rock plugged the email address into a database it maintains

I sure hope Hudson Rock aids ripe so this rather queer access violation never again penetrates so deep in the closet where ripe keeps their servers.

Bad Headline

[quantaman]

The "ridiculously weak" password didn't cause disaster, the malware did:

In a post, the security firm said the username and "ridiculously weak" password were harvested by information-stealing malware that had been installed on an Orange computer since September.

You should still have good passwords, but they won't save you if your password is stolen. That is the whole point of 2 factor authentication.

What could possibly go wrong by publishing that?

[kmoser]

using the password "ripeadmin" (minus the quotation marks)

Anybody stupid enough to use such a weak password is also stupid enough to not change it. Anyone want to test my theory?

Password has been changed

[gnasher719]

The new password is "ripeAdmin123!â, using upper and lowercase, digits and a special character.

Re: Password has been changed

[Anamon]

Also, please keep in mind that due to the new password rotation policy, the integer in the password has to be increased by 1 every three months.

Malware Just Harvesting Ripe Admins

[willkane]

The malware waited until the admin account was fully developed/mature.