The U.S. Justice Department has recently made public a serious case of hacking involving three Filipinos accused of infiltrating and successfully stealing free calls from thousands of PBX systems located in the United States.

The vulnerability? Systems administrators of over 2500 companies had neglected to use strong password security and in many cases, had left default passwords in place.  This effectively meant that attackers could virtually infiltrate almost every aspect of their telephone network and direct communications.   Police said that the hackers were working for a third party in Italy who was subsequently exploiting these systems and sending the profits directly to terrorist groups operating in Southeast Asia.

This is just another example of gross negligence on the part of corporate IT professionals and that of equipment manufacturers.  In an age where cybercrime is not a possibility, it is a reality – equipment such as this should never reach end users with a standard password.  Examples such as this really do enforce the need for proactive security policies, which it would seem are not the norm any more in corporate America.

The risks of corporate espionage are high for any organization large or small, as these days, even small-time hackers will target companies looking for credit card information, personal data and anything they can get their hands on.  Effectively, a default password left on any device may as well be a “HACK ME” sign.

But, the question we have to ask is, how many other network appliances are there in your company with default passwords?    Password security may be an inconvenience for many, but it is a necessity for most.  Next time you think about leaving a device with a default password, think about the consequences of leaving the keys in your car.  You wouldn’t do that, so why leave the gates to your network wide open?