While carrying out computer forensics to discover the extent of the damage, Murdoch became interested in learning the hacker's Wordpress password.
As Wordpress passwords are MD5 hashed and stored in the user database, Murdoch wrote a script which hashed all words in the English dictionary to find a match.
When this failed Murdoch switched to a Russian dictionary, as comments in that language were discovered in the new code installed on the server. This did not work either, so he turned to Google.
Murdoch inputted the MD5 password hash into Google and got several hits with one thing in common: the name 'Anthony'. Sure enough, 'Anthony' was the password.
"Because of this technique, Google is acting as a hash pre-image finder, and more importantly finding hashes of things that people have hashed before," said Murdoch.
"Google is doing what it does best: storing large databases and searching them. I doubt, however, that they envisaged this use."
.png&h=140&w=231&c=1&s=0)
.png&w=100&c=1&s=0)
iTnews Benchmark Security Awards 2025
Digital Leadership Day Federal
Government Cyber Security Showcase Federal
Government Innovation Showcase Federal
Digital NSW 2025 Showcase
_(1).jpg&h=140&w=231&c=1&s=0)
