A TV5Monde staffer accidentally revealed a password used to access the social media account of the broadcaster in an interview.
Following the successful attack against the network of the TV French Channel TV5Monde, law enforcement and French Intelligence started to investigate the attach chain.
Investigators speculate that one of the possible way hackers obtained credentials for systems at TV French Channel TV5Monde is the view of an interview that accidentally revealed the precious information.
“In an interview with French news program 13 Heures, TV5Monde reporter David Delos unwittingly revealed at least one password for the station’s social media presence. That’s because he was filmed in front of a staffer’s desk—which was smothered in sticky notes and taped index cards that were covered in account usernames and passwords.” reported ArsTechnica.
The passwords visible in the video interview are related to Twitter, Instagram and YouTube accounts. The YouTube password was very easy to read, it was “lemotdepassedeyoutube” (Its translation is “the password of YouTube”).
In a different video it is visible a Post-it attached in front a monitor that reports the password “azerty12345” used on the main server hosting the website and other data of the TV5monde broadcaster.
TV5monde managers are talking about a prepared, powerful and coordinated attack, but honestly, this type of password doesn’t require any specific expertise to crack it, being easily crackable also by an amateur.
There is a moral lesson to take from this story, and the message is that even if you heavily invest in security measures to protect your assets, you continue vulnerable to human error, with social engineering.
Elsio Pinto is at the moment the Lead Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.