Robert Moore, a 23-year old facing a two-year prison sentence for hacking Internet phone service companies, tells Information Week that getting illegitimate access to the phone services was "so easy a caveman could do it". Moore said that sloppy systems administration left obvious security holes, such as the use of default passwords, in place in about 70% of companies he scanned.
Moore's employer posed as a wholesaler of Internet-based phone services, essentially selling one company's minutes to another. Critics say that the online industry's obsession with functionality has meant security never gets the resources it requires to implement even simple security measures, like strong passwords or IP-access restrictions, which Moore said easily, but infrequently, foiled his efforts. (More Internet phone stories.)