2008-02-29 15:38
- Computer Sweden:
Microsoft, Symantec officials' passwords revealed by hacker
Av
| 
Passwords for many of Sweden's cyber elite are now available on the Internet following a hack against The Swedish Computer Society, an organization of IT professionals. Among the victims are a former security officer at Microsoft, a Symantec security expert and the director of Sweden's largest Internet bank.
The list of logins for more than 24,000 mail accounts was published Thursday afternoon on an anonymous server. Several of Sweden's major Internet forum soon linked to the list. The list contains user names, encrypted passwords and e-mail addresses.
The CEO of Dataföreningen (the Swedish Computer Society), Annica Bergman, confirmed the theft Thursday night after an emergency meeting with the board of Dataföreningen. It is not known how long the hackers have had access to the servers and the logins.
”We're investigating. But they claim themselfes they have been watching us for long”, says Annica Bergman.
Many prominent persons in the Swedish IT industry are affected. One of them is Predrag Mitrovic, the former security director of Microsoft Sweden. He says that he has worked with IT security for many years, but this is the first time that he himself is attacked:
"This is the first time my own details have been compromised.”
However, he says that he does not use his Dataföreningen password anywhere else:
”I'm a security nerd, so that password won't do them much good.”
Per Hellqvist, a security expert at Symantec who is one of Sweden's most well-known writers on IT security, is on the list:
”I am assuming it will be cracked,” he says. He can't rule out that he might have used the same password on other Internet sites.
”I am not quite sure what password I used there, but I am sure I'll get a whacking for using a plain password. I decided the information on this specific site didn't require a stronger one.”
The stolen database also includes an account registered to Ingemar Borelius, the director of the Internet bank of Sweden's largest bank, Nordea. Nordea was under heavy criticism in 2007, when it was disclosed that organized crime, by installing Trojans on computers belonging to Nordea's customers, had been able to steal at least ten million Swedish kronor.
Ingemar Borelius says that he is not aware of having an account at Dataföreningen and is not willing to make any comments.
Accounts belongings to officials of the Swedish police, the security police, the armed forces, the Swedish parliament and corporations like Astrazeneca and Ericsson have also been compromised.
All passwords in the list were encrypted. However, as the information was published on the internet, users in hacker forums began working on decrypting. Only a few hours later, the first plain-text passwords were available on the Internet.
The stolen information also includes the e-mail addresses of the users, so there's an added risk that many e-mail accounts have been compromised, as many users have the same password for more than one site. Dataföreningen recommends that all passwords be changed.
New users at the Dataföreningen web site are assigned unique passwords at registration, however, they are advised to change to passwords of their own choice.
On Friday, the two web sites affected, i. e. the home page of Dataföreningen and a community, were unavailable on the web, and no explanation was provided.
Synpunkter på sajten? Kontakta Linus Larsson | Kontakta CS redaktion | Policy om personuppgifter & copyrightinfo
OBS! Denna artikel är mer än tio dygn gammal och är därför stängd för vidare debatt.