Cyber Security Micro-film series Video Script Ep6 – Password

Agent 404: The phishing emails were sent from an overseas private server which is owned by TAT. The netizen who taught Manager Chow, also called TAT.

Agent 404: Who is TAT?


Agent 404: This phishing email’s victim is studying social work at the University of Hong Kong.


Agent 404: This one is a third year student at the University of Hong Kong.


Agent 404: The University of Hong Kong again?


Agent 404: Cayla is a student from the University of Hong Kong. Manager Chow was also working at the University of Hong Kong. This guy must be related to HKU, or he is right inside the university.


Agent 404: Let’s me complete the mission first.


Agent 404: She is our target this time?


Agent 404: Hi Karen. This is agent 404 from I.S.A., I am coming to help you deal with your information security issue.


Karen: It’s fine now. A girl named Cayla has already helped me.


Agent 404: Cayla?


Karen: Why can’t I log in?


Cayla: Maybe you forget the password.


Karen: Impossible. I logged in to this computer few days before.


Cayla: How about trying “forget password”?


Karen: God. I have to reset the password again. Let me set my phone number as the password.


Cayla: No way. You shouldn’t only use numbers for the password. It’s definitely not strong enough to protect you from  brute force attacks. A strong password should include at least 10 characters, containing digits, symbols, uppercase and lowercase letters. Moreover, simple words, like your name, should not be used.


Karen: That’s too complicated to remember. I probably need to reset the password several times in the future.


Cayla: I have an easier way. Think about a sentence with upper and lower case letters first. Then pick the first letter of each word to make the password. You can also add some numbers and special characters related to the sentence. Isn’t this way much easier? The password will be stronger too.


Karen: A sentence? My English is not good. It’s hard for me to compose one now.


Cayla: You can use Chinese Pinyin. It would be more difficult to be cracked.


Karen: Chinese is absolutely easier. I always visit online discussion forums. I know dozens of internet slang.


Cayla: However, a strong password doesn’t mean that you won’t be hacked. You better use different passwords for different accounts, and do not log in to public computers. You would never know what is installed on the computer which could record your password.


Karen: Thank you so much. How do you know all of these?


Agent 404: Long time no see.


Cayla: 404?


Agent 404: I  think you’re passionate to help people who are suffering from information security issues.


Cayla: So what? Can I become an agent again?


Agent 404: It wasn’t my decision to fire you. It was made by Agent zero. I need to follow his command. But I still think that you have the potential to be an agent.


Cayla: Thanks. Hey. Did you find something from the battery?


Agent 404: Well. We only found that the battery will install malware into the connected device. It will then send out all the information on the device. But we don’t know the destination.


Cayla: Maybe the battery is only for malware installation. All the clues are inside the phone.


Agent 404: Maybe you’re right. Come with me.


Agent 404: Give me your phone.


Cayla: I thought my phone was cleared.


Agent 404: It did. But we have a backup mechanism. If we want to view the cleared data, we still have a way to restore it. Now I am going to restore the data of your phone.


Cayla: Restore my phone? Does it mean that I can be an agent again?


Agent 404: Okay. Finished. Take a look.


Agent 404: Here is the malware. All the data was sent to this IP address.


Cayla: It seems to be aa University of Hong Kong IP address.


Agent 404: You’re right. Let me check the subnet of the University of Hong Kong.


Agent 404: Got it. TAT should be there. Let’s go and get him.


Cayla: Sure.


Cayla: Wait. We don’t have weapons.


Agent 404: The phone is our weapon.


Agent 404: Cayla. Search that side.


Agent 404: We’re in the right place.


Cayla: But we don’t have the password. How can we log in?


Agent 404: Agent zero. We found the place where TAT was probably hidden. Nobody is here. We just found a computer. TAT might use it before. But we don’t have the password.


Agent zero: A lot of people don’t really care about the password. They make one randomly. In fact, there are some online studies listing the most common and easiest cracked passwords of the year. If you are lucky, the password of the computer could be one of them.


Agent 404: It doesn’t work.


Agent zero: Then let’s try a level 2 dictionary attack. Some people want the password to be easily memorized, they would use related words. You can try some TAT-related combinations.


Agent 404: We still can’t log in.


Agent zero: Okay. How about you look over the place and see if there are any written papers? Someone will write down the password on a paper and put it nearby.


Cayla: I have checked the drawers. Nothing’s inside.


Agent 404: Nope. We turned the desk upside down. No paper’s here, only a memo.


Cayla: Wait. Maybe this is the one.


Agent 404: Try it.


Agent 404: We did it.


Agent zero: Well done. Copy all the data and send it to me immediately. We have to analyze it with ISA Technology.


Agent 404: Hello? Agent zero.


TAT: Okay. It should be recording.


TAT: Hi. Agents of ISA. I am surprised that you can find this room. It impresses me.


 Agent 404: No worries. It’s a video.


TAT: Let me introduce myself. I am the one you guys have been looking for, TAT.


TAT: I have been interested in you for a long time.


TAT: Your technology always excites me. And I always wonder how you would defeat my attacks.


TAT: I do want to meet you. However, today is not the right time.


Oh. Almost forget. I left you guys a game. This room has been locked and the communication was interrupted.


TAT: You are smart enough to login to the computer and I believe that it won’t be too hard for you to leave the room. Or do I expect too much from you guys? Well. It’s time to go. See you.


Multi-Factor Authentication

February 2024
February 2024

Mandatory for all staff accounts

May 2024
May 2024

Mandatory for all student accounts