Here in New York, a group of friends and I make it priority to regularly attend concerts, considering so many great acts come into the city. We don't claim to be connoisseurs of underground music or indie bands.
No, we're pretty mainstream, actually. Since we formed the concert crew about a year ago, we've checked out The Killers, Third Eye Blind, Fall Out Boy and - don't laugh - Kelly Clarkson. (I was duped into this after a night of being over-served).
Last Thursday, it was Linkin Park at Madison Square Garden. And they rocked. They played all of their hits and, to a roaring ovation, Jay-Z showed up for the "99 Problems" encore.
Anyway, I was still buzzing the next day when I came across a news story that might just explain why the band seemed to have a spring in its step.
The day before the concert, a woman convicted of "cyberstalking" Linkin Park lead singer Chester Bennington was sentenced to two years in the slammer.
According to news reports, Devon Townsend - at the time a 27-year-old single mother with a baby son - used her government computer at Sandia National Laboratories in New Mexico, which performs nuclear research for the Department of Engergy, to hack into the rock star's email account.
While Townsend was granted high-level access privileges because of her job, all she needed to perform the attack was to properly guess Bennington's mac.com email password - "Charlie" - to gain access to his messages. She was able intercept the crooner's family photos, Social Security numbers, record company dealings, information about travel plans and contact details for friends.
This paragraph from a well-researched "Wired" story
sums up Townsend's score:
Townsend suddenly had access to all of her idol's messages. Soon she had Talinda's (Bennington's wife) Yahoo address, too, and after guessing the password, she reset it. From there, her infiltration was a feat of feverish social engineering. As Townsend pored through the Benningtons' email, she began cataloging every detail of their lives: friends, Social Security numbers, photos, plans. Getting Chester's cell phone data was a snap: All she'd needed was his wireless number, his zip code, and the last four digits of his Social Security number to register his Verizon account online and get complete access to records of his calls. Even Townsend herself seemed astonished at how easy it was. When she opened the Verizon account, the user ID she chose was "ohs*ititworked."
As Townsend was being tracked down with the help of a retired Secret Service agent and cybercrimes specialist, Bennington lived in fear and trusted nobody except his family. The once friendly rocker, who was always open for chatting with fans, was thrust into a life of misery and fear.
In the end - I think I just quoted a Linkin Park song title - this was not a sophisticated cyberattack.
Sure, the laboratory could have deployed better content monitoring solutions - or any at all - to detect that Townsend was spending much of her work day digitally stalking Bennington. Yet, it ultimately came down to choosing an easy-to-guess password. As the Wired
story points out, the password Bennington chose - "Charlie" - is his middle name.
But all is well that ends well I guess. If anything, we now have at least one more security-aware end-user in the world. In this case, that person can now solely focus on what he's good at, rock 'n' roll, not computer forensics.