The South African government passwords cracked in Anonymous database hack

A South African developer has cracked the passwords from the GCIS database that Anonymous hackers leaked online.

By - February 14, 2016 Share on LinkedIn
Anonymous South Africa TobitowTHA defacements

South African developer Evan Knowles recently posted details about the passwords from a Government Communications and Information Systems (GCIS) database that Anonymous hackers leaked online.

The hackers said they attacked the GCIS server as part of Operation Africa, or #OpAfrica, which is about “a disassembly of corporations and governments that enable and perpetuate corruption on the African continent”.

Anonymous said #OpAfrica will also focus on the issues of child labour and Internet censorship in Africa.

Names, phone numbers, e-mail addresses, and hashed passwords of over 1,000 government employees were leaked in the data dump.

The State Information Technology Agency was asked about the hack, but has not provided comment.

However, it is understood that the hackers gained access to an old GCIS portal not widely used, which contained outdated information. The vulnerability has been tracked down and closed.

Passwords cracked

Knowles said that of the 1,471 passwords from the GCIS data Anonymous dumped, it was trivial to crack 1,116 of them.

He found that the passwords were hashed using the MD5 function without salt.

Analysing the passwords, Knowles highlighted the following statistics:

  • 628 passwords (42.7%) were already in plain text and did not need to be cracked.
  • 27.1% of these known passwords contained the word “password”.
  • 2.7% of known passwords were accompanied by an email address.
  • Some passwords were – or contained – the user’s first name, last name, or user name.

After running some simple cracks against the remaining 843 passwords (and getting 488 of them), Knowles said he found the following:

  • 25.2% of users had passwords that were identical to their first name.
  • Out of the 1,116 passwords cracked, there were only 549 unique passwords.
  • 9 passwords were only 1 character long.
  • 53.1% of passwords failed the basic test of containing at least one number and being 6 characters long.
  • In total, 29.8% of passwords contained the word “password”.

The top 10 passwords in the GCIS dump were:

  1. password1
  2. password01
  3. password02
  4. password2
  5. password123
  6. Admin#11
  7. Education2015
  8. Password123
  9. password03
  10. Password

This is how Anonymous hacked over 200 South African websites

Massive number of South African websites hacked by Anonymous

Anonymous hacks SA government database

Share your thoughts

Join the conversation

Connect with Us

androidappletwitterfacebookgoogleplusfeednewsletter

Poll

Have you received unsolicited telesales calls from a mobile network operator?

View Results

Loading ... Loading ...

More News

The FBI can read all your email, and you’ll never know

FBI emblem

Court cases going on right now are revealing that federal officials can read all your email without your knowledge.

Spectrum auction postponed, BEE requirements relaxed

ICASA logo on glass

ICASA has made several changes to its invitation to apply for 4G spectrum, including postponing it yet again and relaxing its BEE requirements.

Don’t fall for free router and cheaper mobile contract telesales promises

Vodacom call centre banned

Vodacom clients recently complained to The Power Report about being tricked into buying a Wi-Fi router contract by being told it would be free.

Hlaudi Motsoeneng gets R11.4-million bonus

Hlaudi Motsoeneng

Former SABC COO Hlaudi Motsoeneng has received an after-tax bonus of R11.4 million this week, which forms part of a bigger R33-million multi-year bonus.

Free MyBroadband Newsletter
×