Digilehti
Arkisto
In English
Kuukausiliite
Mobiili
Radio Helsinki
Musiikkilataamo
Mediatiedot
Älypää
Oikotie
  HELSINGIN SANOMAT
  INTERNATIONAL EDITION - HOME
     You arrived here at 09:45 Helsinki time Sunday 12.2.2012

   HOME

   ARCHIVE

   ABOUT



   SUOMEKSI -
   IN FINNISH



Police suspect Finnish connection as 80,000 online passwords are compromised

Discussion forum and social network users advised to change password immediately


 print this
The Finnish Communications Regulatory Authority (Ficora) regards it as almost a certainty that the compromising and publishing on the Net of around 80,000 online passwords is an act of Finnish origin.
      The unprecedentedly large data theft came to light on Saturday.
      Apparently passwords have been lifted from five or six Finnish discussion groups, chatrooms, or social networking sites over the space of a couple of weeks.
     
The list of user-names and passwords was soon afterwards removed from its original location on the Net, but has probably been eagerly copied many times over in the meantime.
      Although the actual passwords attached to individual user-names are not shown in written out form, it is easy enough for anyone with a modicum of knowledge to ascertain the password from the so-called "hash" or cryptographic hash function character-string. Things are made even easier by account-users who prefer familiar words as their passwords. These are often easily found in password dictionaries.
     
The case has been handed on to the National Bureau of Investigation as the incident fits all the characteristics of aggravated data theft.
      Initially it was thought that the source of the action might be Sweden, but now most parties believe the hackers to be local.
      The data security and AV company F-Secure has urged people who visit such forums to change their passwords.
      Once again, people are reminded of the wisdom of choosing passwords that are long and that contain upper and lower case characters, numbers, and even symbols in addition to letters.
     
As for motive, Mikko Hyppönen of F-Secure could only hazard the guess of a desire to cause a nuisance.
      There is little in the way of financial gain to be had from the exploit - no secure banking or retailing sites were compromised in the attack.
      However, with a user's login name and password, a third party could log in to a networking service or message board and cause a disturbance there under the guise of another user.


Links:
  Cert.fi (Finnish national Computer Emergency Response Team)
  F-Secure Weblog: Passwords on the Loose (13.10.2007)
  MD5/SHA-1 hashes (Wikipedia)
  Ficora

Helsingin Sanomat
  15.10.2007 - TODAY
 Nearly 13,000 nurses ready for mass resignation
 Minister Risikko: Patients needing non-urgent care likely to suffer most from nurses´ labour dispute
 Traffic discipline very slack in Helsinki
 Incomes talks: no contract for retail workers
 Children playing in forest run into sleeping bear
 Police suspect Finnish connection as 80,000 online passwords are compromised
 Low turnout for recruitment event for Finnish nurses in Sweden
 Russia proposes lorry parking facility on own side of border
 Belgium 0 Finland 0: The mountain just got higher

Back to Top ^