FBI’s most wanted cybercriminal used his cat’s name as a password

When he was arrested at his Chicago home in 2012 for hacking the website of security think tank Stratfor, the dreadlocked Jeremy Hammond was the FBI's most wanted cybercriminal. Authorities tracked him down with the help of top LulzSec member Hector Xavier Monsegur. But it has never been known how they managed to search his encrypted computer, the lid of which the hacker was able to close as agents armed with assault rifles were raiding his home.

An Associated Press profile of the 29-year-old's life behind bars provides a possible answer. Hammond's password was "Chewy 123."

Hashing algorithms protecting encryption keys are by design extremely slow, making cracking attacks harder to carry out. The more guesses the attacker tries the exponentially longer it will take. As demonstrated in previous Ars articles such as Why passwords have never been weaker—and crackers have never been stronger and Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331”, "Chewy 123" would be among the earlier candidates any experienced cracker would try. And assuming agents performed any research on their then suspect, "Chewy 123" would almost certainly have been near the top of the list. "Chewy," it turns out, was the name of Hammond's cat.

Read 1 remaining paragraphs | Comments