Anna was all over people being silly with their passwords yesterday, in the serious context of phone hacking at the News of the World.

But do you remember *this* episode?

Like accidentally reformatting your hard disk, or rolling your car into a canal, it’s the sort of thing you only do once – we hope.

It has to be said that Harriet Harman reached the right answer in the end.

More seriously, it also highlights that it not really the ‘hacking’ that is the problem; I’d say that if a password is set to 1234 then the hacking offence itself is analogous to climbing over a garden fence and looking through a window.

To me the important issue is what offenders *do* with the ‘hacking’.

In this case it was a harmless prank; if a result was that Millie Dowler’s parents thought that their daughter was still accessing her phone, the damage caused is altogether more serious.

Gewyne July 7, 2011 at 15:10

“In this case it was a harmless prank; if a result was that Millie Dowler’s
parents thought that their daughter was still accessing her phone, the damage
caused is altogether more serious.”

I was under the impression that it was one voicemail that was a “spam” that
was deleted and the investigator told the Police at the time. The investigator
in these cases seems to have bent over backwards to ensure everything was
recorded and potential dodgy areas were notified to the authorities (Private
Investigator 101). It seems the Police and Authorities are as much or more to
blame in being complicit and allowing the practice to continue.

P@55w0rd July 6, 2011 at 20:23

“In techie circles, what you’re describing here is generally referred to
as…”

Bless.

Unity July 6, 2011
at 10:45

In techie circles, what you’re describing here is generally referred to as
either an ID-Ten-T error (ID10T) or a PBCAK error (problem between chair and
keyboard).

They are by far the most common and persistent errors that techs face,
which is why they’re commonly assigned to a PFY (pimply-faced youth) unless
they’re really, really, seriously, stupidly funny, in which a full-fledged
BOFH may be dispatched to collect the after-work-in-the-pub funny
anecdote.

I once ran a security audit on the network of a medium-sized charity (45
employees, £1.5 million+ annual turnover) using a basic dictionary + brute
force password cracker and cracked all but the network admin’s password in 35
seconds. The worst offenders were the CEO and their deputy (4 secs each) and
the finance officer (a qualified accountant) whose password survive only 6
seconds.

Other than the network admin, only two employees had passwords that forced
the cracker into brute force mode and only then because they’d both used part
of one of their kid’s birthdays in their password.

Surreptitious
Evil July 6, 2011 at 08:43

Not “doing anything horrid” might well reduce the seriousness of the
offence – s1 rather than s2 or s3 CMA – or even provide mitigation, but it is
still actually illegal. In fact, s2 is there purely for when the hacking is
trivial but it empowers commission of a further offence (I’m not sure that it
is used very often, however – a Google for [“s2 computer misuse” conviction]
only gets you guidance notes, not sentencing reports.)

In the real world, graffiti or other petty vandalism may be “pranks” – but
they are not “harmless”. Despite the apparent relative ease of fixing (some)
computer issues, it is the same with the computer or mobile phone stuff – you
may consider the harm trivial; you may (do, like me) despise Harperson and her
statist misandry; but there is harm. And a hacker probably isn’t aware of what
harm they might be doing – I’ve seen this happen with professionals who have
disregarded some limitations on their activities because they didn’t
understand them. Even if the NOTW didn’t write anything from the captured
messages or hadn’t deleted them – that those had been listened to (which would
have been obvious from the mobile company’s records) would have been enough to
spark false hope.

As ever – it is more complicated than it appears on the surface.