Anonymous is at the hacktivist game again, this time targeting South African government as part of its #OpAfrica initiative.
The group hacked a database within the Government Communications and Information Systems (GCIS) department, leaking names, phone numbers, email addresses and hashed passwords of more than 1,000 government employees.
The hackers gained access to an old GCIS portal that hadn’t been updated; South Africa said that the vulnerability has been tracked down and closed.
Operation Africa is “a disassembly of corporations and governments that enable and perpetuate corruption on the African continent.” Anonymous said that in particular, the focus is on the issues of child labor and Internet censorship on the continent.
“We are fighting alongside other operations such as OpNigeria and AnonymousSA to help free the continent from the plague of exploitation that has been occurring for centuries,” it said.
South African developer Evan Knowles said that government employees made it fairly easy for Anonymous to carry out its work, because those hashed passwords are hardly secure. He said that all of the 1,471 passwords from the GCIS data that Anonymous dumped were hashed using the MD5 function without salt. And, that it was trivial to crack 1,116 of them anyway.
“All in all, in the collection of 1116 passwords, there were only 549 unique passwords,” he said. “This included nine passwords which were only one letter long, and 53.1% of the passwords failed a standard, very basic test (contains at least one number, and a minimum length of 6). 29.8% of the passwords contained the word ‘password’. 628 passwords (42.7%) were already in plain text and did not need to be cracked.”
Further, 25.2% of users had passwords that were identical to their first name.
The top 10 passwords in the GCIS dump were: password1; password01; password02; password2; password123; Admin#11; Education2015; Password123; password03; and, Password.
“Not too imaginative, but strangely satisfyingly stereotypical as far as poor passwords go,” Knowles said in his blog.
Photo © oneinchpunch/Shutterstock.com