Security14.02.2016

The South African government passwords cracked in Anonymous database hack

By Jan Vermeulen

Anonymous South Africa TobitowTHA defacements

South African developer Evan Knowles recently posted details about the passwords from a Government Communications and Information Systems (GCIS) database that Anonymous hackers leaked online.

The hackers said they attacked the GCIS server as part of Operation Africa, or #OpAfrica, which is about “a disassembly of corporations and governments that enable and perpetuate corruption on the African continent”.

Anonymous said #OpAfrica will also focus on the issues of child labour and Internet censorship in Africa.

Names, phone numbers, e-mail addresses, and hashed passwords of over 1,000 government employees were leaked in the data dump.

The State Information Technology Agency was asked about the hack, but has not provided comment.

However, it is understood that the hackers gained access to an old GCIS portal not widely used, which contained outdated information. The vulnerability has been tracked down and closed.

Passwords cracked

Knowles said that of the 1,471 passwords from the GCIS data Anonymous dumped, it was trivial to crack 1,116 of them.

He found that the passwords were hashed using the MD5 function without salt.

Analysing the passwords, Knowles highlighted the following statistics:

628 passwords (42.7%) were already in plain text and did not need to be cracked.
27.1% of these known passwords contained the word “password”.
2.7% of known passwords were accompanied by an email address.
Some passwords were – or contained – the user’s first name, last name, or user name.

After running some simple cracks against the remaining 843 passwords (and getting 488 of them), Knowles said he found the following:

25.2% of users had passwords that were identical to their first name.
Out of the 1,116 passwords cracked, there were only 549 unique passwords.
9 passwords were only 1 character long.
53.1% of passwords failed the basic test of containing at least one number and being 6 characters long.
In total, 29.8% of passwords contained the word “password”.

The top 10 passwords in the GCIS dump were:

password1
password01
password02
password2
password123
Admin#11
Education2015
Password123
password03
Password

This is how Anonymous hacked over 200 South African websites

Massive number of South African websites hacked by Anonymous

Anonymous hacks SA government database

Show comments

Forum discussion

The South African government passwords cracked in Anonymous database hack

Passwords cracked

Latest news

Best uncapped Internet for people who want to escape fibre hikes

Inside the University of Pretoria’s R280 million Engineering 4.0 facility

Cape Town cutting electricity application times

Samsung marks a step forward with AI for everyone by introducing the new Galaxy A56 5G, Galaxy A36 5G and Galaxy A26 5G

R15,000 Temu gaming PC you can import to South Africa

Big DStv channel changes

Henkel makes further progress across all areas of its sustainability strategy

MTN and Axxess beats Rain, Supersonic, Telkom in fixed-5G price shootout

Big electricity price hike in South Africa gets green light

More news

New DStv prices announced

Great news for people using Starlink in South Africa and neighbouring countries

Nine-hour power outages in large parts of South Africa’s biggest city

Logicalis Global CIO Report: Return on Innovation

Truth about Ramaphosa cryptocurrency and hacked Parliament accounts

How much data MTN subscribers use in South Africa

How South Africa’s top companies reach their target market

MTN reports R11.2-billion loss

Reality of electronic voting in South Africa

Trending news

Standard Bank South Africa CEO resigns

Goodbye TV licence — big-screen monitors and projectors to replace your TV

Good news about petrol and diesel prices

Hands-on with the latest smartphone photography powerhouse – vivo V50 review

Big questions after attack on CO.ZA

Good news for Starlink and smartphone prices in South Africa

Samsung Galaxy S25 Ultra review – AI becomes your personal assistant

The South African company that tripled investors’ money

The former medical device salesman providing affordable Internet in South African townships

Industry News

PPC: Pioneering Cement Industry Transformation with H3C’s Advanced Network Solutions

Market trends South African traders need to watch

Microsoft 365 Family and Personal – Now with Copilot!

Afrihost wins 2025 MyBroadband Awards for ISP of the Year, and Hosting Provider of the Year

The future is here with Windows 11 – Upgrade today

Poll

Passwords cracked

More on Anonymous and #OpAfrica

Latest news

More news

Trending news

Industry News

Poll