The South African government passwords cracked in Anonymous database hack

A South African developer has cracked the passwords from the GCIS database that Anonymous hackers leaked online.

By - February 14, 2016 Share on LinkedIn
Anonymous South Africa TobitowTHA defacements

South African developer Evan Knowles recently posted details about the passwords from a Government Communications and Information Systems (GCIS) database that Anonymous hackers leaked online.

The hackers said they attacked the GCIS server as part of Operation Africa, or #OpAfrica, which is about “a disassembly of corporations and governments that enable and perpetuate corruption on the African continent”.

Anonymous said #OpAfrica will also focus on the issues of child labour and Internet censorship in Africa.

Names, phone numbers, e-mail addresses, and hashed passwords of over 1,000 government employees were leaked in the data dump.

The State Information Technology Agency was asked about the hack, but has not provided comment.

However, it is understood that the hackers gained access to an old GCIS portal not widely used, which contained outdated information. The vulnerability has been tracked down and closed.

Passwords cracked

Knowles said that of the 1,471 passwords from the GCIS data Anonymous dumped, it was trivial to crack 1,116 of them.

He found that the passwords were hashed using the MD5 function without salt.

Analysing the passwords, Knowles highlighted the following statistics:

  • 628 passwords (42.7%) were already in plain text and did not need to be cracked.
  • 27.1% of these known passwords contained the word “password”.
  • 2.7% of known passwords were accompanied by an email address.
  • Some passwords were – or contained – the user’s first name, last name, or user name.

After running some simple cracks against the remaining 843 passwords (and getting 488 of them), Knowles said he found the following:

  • 25.2% of users had passwords that were identical to their first name.
  • Out of the 1,116 passwords cracked, there were only 549 unique passwords.
  • 9 passwords were only 1 character long.
  • 53.1% of passwords failed the basic test of containing at least one number and being 6 characters long.
  • In total, 29.8% of passwords contained the word “password”.

The top 10 passwords in the GCIS dump were:

  1. password1
  2. password01
  3. password02
  4. password2
  5. password123
  6. Admin#11
  7. Education2015
  8. Password123
  9. password03
  10. Password

This is how Anonymous hacked over 200 South African websites

Massive number of South African websites hacked by Anonymous

Anonymous hacks SA government database

Share your thoughts

Join the conversation

Connect with Us

androidappletwitterfacebookgoogleplusfeednewsletter

Poll

Would you prefer a 30-hour workweek for 75% pay, or a 40-hour week for full pay?

View Results

Loading ... Loading ...

More News

Where to register to buy the Samsung Galaxy Note 7 in South Africa

Samsung Galaxy Note 7

Pre-registrations for the Samsung Galaxy Note 7 are now available online.

The No. 1 reason companies are rejecting your CV

CV

CareerJunction has provided insight into why certain job applicants have less success than others, even if they have a great track record and excellent qualifications.

What to do when you accidentally post a photo of your private parts online

computer fail exasperation shock internet twitter facebook

This is what you should do if you accidentally post a compromising photo online.

Amazon to test 30-hour workweek for 75% pay

Amazon logo floating

Amazon will launch a programme to experiment with a 30-hour workweek, according to a report by The Washington Post.

Free MyBroadband Newsletter
×