The South African government passwords cracked in Anonymous database hack

A South African developer has cracked the passwords from the GCIS database that Anonymous hackers leaked online.

By - February 14, 2016 Share on LinkedIn
Anonymous South Africa TobitowTHA defacements

South African developer Evan Knowles recently posted details about the passwords from a Government Communications and Information Systems (GCIS) database that Anonymous hackers leaked online.

The hackers said they attacked the GCIS server as part of Operation Africa, or #OpAfrica, which is about “a disassembly of corporations and governments that enable and perpetuate corruption on the African continent”.

Anonymous said #OpAfrica will also focus on the issues of child labour and Internet censorship in Africa.

Names, phone numbers, e-mail addresses, and hashed passwords of over 1,000 government employees were leaked in the data dump.

The State Information Technology Agency was asked about the hack, but has not provided comment.

However, it is understood that the hackers gained access to an old GCIS portal not widely used, which contained outdated information. The vulnerability has been tracked down and closed.

Passwords cracked

Knowles said that of the 1,471 passwords from the GCIS data Anonymous dumped, it was trivial to crack 1,116 of them.

He found that the passwords were hashed using the MD5 function without salt.

Analysing the passwords, Knowles highlighted the following statistics:

  • 628 passwords (42.7%) were already in plain text and did not need to be cracked.
  • 27.1% of these known passwords contained the word “password”.
  • 2.7% of known passwords were accompanied by an email address.
  • Some passwords were – or contained – the user’s first name, last name, or user name.

After running some simple cracks against the remaining 843 passwords (and getting 488 of them), Knowles said he found the following:

  • 25.2% of users had passwords that were identical to their first name.
  • Out of the 1,116 passwords cracked, there were only 549 unique passwords.
  • 9 passwords were only 1 character long.
  • 53.1% of passwords failed the basic test of containing at least one number and being 6 characters long.
  • In total, 29.8% of passwords contained the word “password”.

The top 10 passwords in the GCIS dump were:

  1. password1
  2. password01
  3. password02
  4. password2
  5. password123
  6. Admin#11
  7. Education2015
  8. Password123
  9. password03
  10. Password

This is how Anonymous hacked over 200 South African websites

Massive number of South African websites hacked by Anonymous

Anonymous hacks SA government database

Share your thoughts

Join the conversation

Connect with Us



Will you buy a new Apple MacBook Pro?

View Results

Loading ... Loading ...

More News

Apple Mac prices hiked in the UK

MacBook Pro

Apple has significantly hiked the prices of its Mac computers in the United Kingdom.

Samsung Dolby Atmos HW-K950 soundbar – South African pricing

Samsung HW-K950

Samsung started selling its Dolby Atmos-equipped soundbars in the US in August – and now the HW-K950 model has received South African pricing.

Big Apple Sale and other tech specials

Sale Deals

Dion Wired’s Big Apple Sale is offering great discounts on iPads and MacBooks, while Makro and Game have slashed the prices of many tech products.

Saving South Africa’s Internet freedom

Internet censorship

South Africa’s Internet freedom is under threat, but some people have been working hard to make sure that our access to the digital world doesn’t get restricted.

Free MyBroadband Newsletter