The "Anonymous" hacker group has caused headaches for Western organizations including the FBI. Now the group has also hacked the Syrian government. And Anonymous had some help--from user carelessness about passwords.

The government of Bashar al-Assad has more immediate concerns than the Syria security hack by the Anonymous hackers. It is trying to violently suppress a growing popular rebellion. But the revelation of its poor cyber security cannot make the Syrian leadership more comfortable. And the lesson to be learned applies far beyond Syria.

"Anonymous" Strikes Again

The Anonymous hackers have been garnering worldwide attention for their cyber exploits aimed at both public and private organizations. As noted here at infoboom, they recently struck at the FBI and Scotland Yard. The group has perhaps won some public support, given widespread populist sentiment. But it has certainly made no friends among IT security professionals.

Even the hacker group's critics probably won't have much sympathy for its victim in the Syria security hack. The authoritarian Assad government has been denounced by the Arab League, the US, and other countries around the world.

Moreover, as reported by Chloe Albanesius at PCMag, elements of this particular Anonymous exploit were carried off with humiliating ease. The hackers compromised the email boxes of 78 staffers in the Syrian Ministry of Presidential Affairs. And many of those staffers, as it turns out, were using the password "12345." You don't need to be a brilliant programmer to crack that one.

Among the documents exposed by the Syria security hack were talking points prepared for al-Assad to use in a recent TV interview with Barbara Walters. The talking points were designed to sway American public opinion. Certainly, they weren't meant to be revealed.

Enforcing Security?

The Syrian police state has in the past been brutally effective at suppressing popular dissent. Evidently it was less effective at imposing basic data security awareness within its own ranks.

IT professionals who deal with security may feel a bit of ironic sympathy toward their Syrian counterparts. Who would want to be the person who must speak up and point out that "12345" is a weak password and should be replaced by a stronger one?

For that matter, never mind dictatorships: Who wants to tell the boss that he needs to be more careful about data security? Yet top management is a prime target for hackers. The information that crosses their desks is often particularly sensitive. It may be targeted for a multitude of reasons--from embarrassment to competitive motives.

This is a real-life challenge faced by IT professionals at midsized firms and indeed practically every other organization.

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet.