Insecure passwords used by managers at nuclear power plants have been found in two lists of stolen credentials that were traded on Russian hacking sites. Employees of EDF Energy, which operates the UK’s 15 civil nuclear reactors, used the passwords “Nuclear1” and “Rad1at10n”, most likely to sign up to the business networking site LinkedIn. Both had held senior positions at nuclear plants. The passwords are insecure because they are based on easily guessable words relating directly to the employees’ jobs. Hackers are able to quickly try all possible variations of a word during an attack, such as substituting “1” for “i”.
Times 24th June 2017 read more »