HUH: Chinese hackers counted on no one clicking ‘update’ in decade-long spree.

The Department of Justice unsealed an indictment Tuesday alleging two hackers worked in collaboration with the Chinese Ministry of State Security to steal everything from video game source code to weapons designs from hundreds of companies around the globe. And, if the indictment is to be believed, the hackers were able to do much of this by exploiting people’s natural laziness about updating their software.

Notably, the indictment claims, the two hackers — Li Xiaoyu, 34, and Dong Jiazhi, 33 — had a decade-long spree that succeeded, in large part, because people and companies often don’t immediately download and install software patches as soon as they become available.

“[To] gain initial access to victim networks, the defendants primarily exploited publicly known software vulnerabilities in popular web server software, web application development suites, and software collaboration programs,” reads a DOJ press release.

It amazes me how many people — including IT pros who ought to know better — shrug off security patches.