3 IT mistakes that helped bring down Russian spy ring

You’d think a gang of spies would have a pretty good handle on data security — after all, it’s their job to find and exploit security holes. But no, it turns they make many of the same mistakes as your company’s users.

While looking into the Russian ring accused of spying on the U.S., federal investigators found the gang had plenty of security holes of their own — and their lack of IT support and know-how has been a big help in the feds’ investigation.

One of the most glaring errors: the gang’s apparent lack of an effective password policy. One of the alleged spies used a disk protected with a 27-character password to hold confidential documents.

That would certainly qualify as a strong password. However, it was written down on a Post-It note stuck to the computer, which officers found when they searched the suspect’s home, Network World reports. That gave the U.S. agents access to a treasure trove of incriminating files.

Another suspect regularly used unsecured public wireless networks to communicate with Russian government officials. U.S. agents tracked the spy and saw her using the free WiFi offered in book stores and coffee shops.

In addition to clear and enforced security policies, the spy ring could have used some better help desk support. Some laptops took months to troubleshoot, and one spy was so frustrated with her computer that she turned it over to an undercover U.S. agent who promised he could repair it.

All these mistakes go to show that the spies’ targets may not have much to worry about — and that, once again, everybody needs IT.