Imprisoned hacker Robert Moore says it was child's play to hack into thousands of corporate systems because most IT groups don't follow basic hygiene such as resetting default passwords and keeping logs. While one security researcher says it's the vendors' fault, I lay the blame squarely on CIOs: if they don't allocate resources and enforce behavior that promotes airtight cybersecurity, they should be fired.My colleague Sharon Gaudin broke this story and brought to light the passive complicity of IT in these highly preventable break-ins via a series of exclusive conversations with Robert Moore, the convicted cyberpunk. Moore revealed to Sharon an astonishing variety of anecdotes about how and why it was so easy for him to penetrate thousands of supposedly secure databases, and for your reading pleasure -- or disgust -- here are some of the highlights as reported earlier by Sharon:

Well, that's pretty nauseating stuff. And what's particularly disturbing about it is Moore's repeated refrain that IT is his indispensable co-dependent -- without IT doing its part in his crimes by failing to fully secure corporate systems, then I guess he'd have nothing to do but look at porn all day instead of cracking into your customer data and costing you time, money, trust, and soiled reputation.

If CIOs want to be seen as top-level executives, they need to lead the fight to change policies, processes, and behavior so that none of the pathetic opportunities described above by Moore can occur. If CIOs feel they're not up to that challenge, then they should step aside -- or be told to do so.