Assets are also put at risk by people who use easy-to-crack passwords, and repeat them among Facebook, e-mail and bank accounts.
When Daniel Amitay checked to see which passwords people were using in his iPhone app, Big Brother Camera Security, he found that many weren't secure. Out of 204,508 recorded passwords, the most common was "1234," followed by "0000" and "2580," the middle line of the numeric keypad.
CEO Resigns
"By knowing a bit of psychology, people can avoid security," Amitay said. "People choose things from memory, and they are making the job easier for someone who wants to steal their pass code."
In a February attack on Sacramento, California-based security firm HBGary and its sister, HBGary Federal, the hacker group Anonymous said it cracked the passwords of CEO Aaron Barr and Chief Operating Officer Ted Vera, and discovered they used the same passwords in e-mail accounts, LinkedIn, Twitter and elsewhere. Anonymous said it deleted "gigabytes of backups and research data" from company servers.
The group didn't stop there. Using the compromised personal e-mail account of HBGary owner Greg Hoglund, they asked for and were given the user name and password of a second HBGary Federal site, which had to be taken offline.
The HBGary attack tied back in an unusual way to January 2010 security breaches at Google, Adobe Systems Inc., Juniper Networks Inc. and defense contractor Northrop Grumman Corp.
Tracking Executives
Anonymous released HBGary's e-mails, which show that DuPont, Walt Disney Co., Sony Corp. and Johnson & Johnson were also attacked by hackers somewhere in China, but decided not to disclose the intrusion. Barr resigned three weeks later, citing the distraction caused by the hack.
DuPont declined to comment after the HBGary incident, as did Sony and Johnson & Johnson. Disney didn't respond to requests for comment.
Lulz Security, known as LulzSec and made up of former members of Anonymous, announced June 25 it is disbanding after 50 days during which it claimed attacks on computers of the U.S. Senate, Public Broadcasting Service television network and Central Intelligence Agency. Spanish police arrested three suspected members of Anonymous on June 10.
To better thwart attacks targeting decision makers, Santa Clara, California-based Intel is deploying software to analyze employees' log-on patterns, Harkins said. If a user logs on in New York an hour after logging on from a California web address, the system may limit or cut off access.
New Products