A honeypot basically is an unadvertised computer sitting on line waiting for something to happen. RDP (Remote Desktop Protocol) would be turned on to allow some distant client to log in if they knew the name and password combination. In the linked article the purpose of the honeypots was to simply collect date about remote clients that tried to log in. To summarize:
We have collected RDP passwords over a 334 day period, from 2015-03-12 to 2016-02-09.
During that time we have recorded 221203 different attempts to log in, coming from 5076 distinct IP addresses across 119 different countries, using 1806 different usernames and 3969 different passwords.
Analysis of the data showed some interesting results regarding the most popular usernames and passwords tried when logging into the honeypot.
Most popular passwords
x
Zz
St@rt123
1
P@ssw0rd
bl4ck4ndwhite
admin
alex
.......
administrator
Most popular login names
administrator
Administrator
user1
admin
alex
pos
demo
db2admin
Admin
sql
Attempted login Country origin
China
United States
South Korea
Netherlands
Vietnam
United Kingdom
Taiwan
France
Germany
Canada
We are not surprised that China tops the list of login attempts, but we are all wondering who is Alex?
I'm not a computer geek or hacker, but am familiar with Alex!
I'm going back a few years here, but new UNIX based computers had Alex Alex as the first login and password to get into the system. Once in you changed the root login and password as the first order of business. This caused the next level to open, which used Admin Alex until you changed it.
I'm guessing here, but perhaps when new mobo's are installed in a cluster, they are not initialized right away, so may still carry the old Alex Alex login and password until reset? Just a thought.
That's an interesting bit of information. In all my years of playing on UNIX servers I've not run into the Alex login routine. Then again, the company I worked for was intensely interested in security so that I'm sure all the defaults were altered well before I got there.
I'm sure the programmers who set up a new system changed it right away also.
An auto dealer where my first wife worked got their first computer system. I was intrigued by it at first because it was quite unlike the massive WANG VS I purchased. It was a seven foot tall cabinet, and the wires from the five workstations were fed over the drop ceiling to it. It was not yet programmed, they guy would be back to install their software after the weekend. Nevertheless, it still had a lot of factory software already in it, and everybody wanted to see what it did.
I can look back and chuckle because it wasn't much different than a new PC with only a cursor staring you in the face. But if you typed Alex Alex it would come up with the Unix Menu Screen. But this was only until they installed the auto dealer software.
When I worked at MRTC, their mainframe could be accessed using Alex, then waiting for a log-in prompt, then just type Alex again. Trouble is, doing this did not bring up the familiar system screen, it was probably only access to the machine itself, which I now assume to be root access, but if you didn't know what else to do, there you were. I worked their for five years and they never changed the Alex Alex log-in. With what I know now, this was an open door to hackers!
Our WANG system had a service tech's log-in and password. I assume it to was root access. However, it only worked if I logged in first and unlocked the service access area. It could not be unlocked without a valid log-in. Didn't work like our Linux log-ins work today. There was no Sudo or Su, I had to run a program after I logged in, which allowed the service tech to use his log-in. However, back in those days, we did not have the Internet yet, so there were no outside connections to the computers, only our workstations.
However, we did have dial-in BBS services, but they could not get beyond what was displayed to them on the screen. Maybe hackers could, I don't know, we never had a problem.
