The password for the "particular computer system which handles the consumer indebtedness files (basically people who are flagged as having a very bad credit history)" was 123456. Nobody could have made an ACH transfer from the french government's account.
As a community can we please refrain for linking to Hyperbolic Link Bait? This is the second time in 24 hours I have seen such a hyperbolic and misleading title.[1] If it is a great article a little hyperbole is acceptable, but both articles have been lousy. There is no reason to encourage websites to keep this behavior up.
[1] The other article was originally titled something along the lines of "Chinese hackers break in to White House military office network in charge of the president’s nuclear football" Fortunately the HN moderators stepped in and edited the title here at HN. http://news.ycombinator.com/item?id=4595042
Moreover what is written is not at all true. My manager is French and here's what he said: the guy got that number from the forum. He called and was prompted for a pass so he entered 1234 (not even 123456 as claimed in the article). The line said wrong password so he closed down. However the phone server raised an alert about a failed login attempt so they closed down the line and investigated for a potential breach. And yes 654321 would have worked as well as any other wrong password in fact.
"For the Minuteman ICBM force, the US Air Force's Strategic Air Command worried that in times of need the codes would not be available, so they quietly decided to set them to 00000000. The missile launch checklists included an item confirming this combination until 1977"
They at least had a decent reason for it. That case is interesting because the ICBM force had two completely contradictory goals. First, they wanted to ensure that no ICBM could be launched without authorization, but second, they wanted to ensure that, in the event of war, all ICBMs could be quickly launched even with a massive failure in the command hierarchy. Weird stuff happens when an organization has opposing goals like that.
I don't think the same thing applies to a bank, so they have no excuse there.
Note that I'm pretty sure that control of the UK Trident fleet depends purely on trusting the senior officers on the boats to behave themselves - again, for what seemed like good reasons.
NB In the most extreme of events, actions would be based on the (rather pleasingly British) notion of hand written letters from the PM:
> Journalist and historian Peter Hennessy has made an assertion, in one of his books, that a test that the commander of a British nuclear-missile submarine must use to determine whether the UK has been the target of a nuclear attack (in which case he has sealed orders which may authorise him to fire his nuclear missiles in retaliation), is to listen for the presence of Today on Radio 4's frequencies.
The 123456 pass was for a phone service dedicated to the Banque de France itinerant techies.
The "hacker", when asked a password, tried randomly 123456. He gained access to complex options (each being quite technical.) He tried one randomly, it triggered a kind of panic mode.
He only discovered it was a Banque de France telephone number when arrested by the police, four years ago.
As a community can we please refrain for linking to Hyperbolic Link Bait? This is the second time in 24 hours I have seen such a hyperbolic and misleading title.[1] If it is a great article a little hyperbole is acceptable, but both articles have been lousy. There is no reason to encourage websites to keep this behavior up.
[1] The other article was originally titled something along the lines of "Chinese hackers break in to White House military office network in charge of the president’s nuclear football" Fortunately the HN moderators stepped in and edited the title here at HN. http://news.ycombinator.com/item?id=4595042