Apps

Alleged Russian spies wrote passwords on paper

Alleged Russian spies make huge mistake in basic computer security and write down password to secret communication program.

It's not the kind of mistake one would expect spies to make, but apparently even secret agents don't like remembering long computer passwords. And sometimes, they write them down.

In late June, 11 people were arrested and accused of being part of a Russian spy ring operating in the United State. The arrests were the culmination of a years-long FBI investigation.


Watch CBS News Videos Online

The spy who wrote down the password

According to the criminal complaints filed against the individuals, the FBI performed a covert search on Hoboken, NJ apartment rented by two of the accused in July 2005. During the search, agents made copies of several "password-protected" computer disks. The disks reportedly contained a steganography program--an application that lets you conceal data within a computer file, such as hiding a text file within an image. The alleged spies would communicate with individuals inside the Russian Federation by posting images containing hidden information to publicly accessible websites. The disks containing the steganogrphy program were protected by a 27-character password.

You would think that trained spies would know better than to write down the password for such important information, but you would be wrong. According to the complaint:

"During the 2005 New Jersey Search, law-enforcement agents observed and photographed a piece of paper; the paper said "alt," "control," and "e," and set forth a string of 27 characters. Using these 27 characters as a password, technicians have been able successfully to access a software program ("Steganography Program") stored on those copies of the Password-Protected Disks that were recovered during the 2005 New Jersey Search and at subsequent searches of the New Jersey Conspirators' residence."

Protecting your passwords

I'm generally not a fan of writing passwords down, but if you're going to do it at least store the paper in a secure location. Or better yet, store the password in a file protected by strong encryption or use a password vault program, like Password Safe, LastPass, or even OS X's Keychain.

Assuming that this entire affair isn't an elaborate feint by Russian intelligence agencies, it's clear that a few of the accused should have read the following TechRepublic articles on common-sense password security:

More on the this story from around the Web:

About

Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop supp...

503 Service Unavailable

Error 503 Service Unavailable

Service Unavailable

Guru Meditation:

XID: 1639475871


Varnish cache server