FBI Emails and Passwords Leaked by Anonymous Hacker!

By

Mar 21st


An Anonymous Hacker hacker calling himself CyberZeist, today released over 280 FBI related email addressed and passwords, apparently hacked via a spear phishing attack.

CyberZeist, previously a member of the hacking group UGNazis states that this release is a small portion of a much larger release.

Spear Phising relies on the weakest link in IT security, humans. It starts by getting a single email address and sending a targeted email designed to get the user to respond. In this case it looks like a targeted user responded to an email request to reset their password, providing details to the hacker.

Once the hacker is able to compromise a single email address they can then use that email account to login and send other targeted emails to other internal users. Who wouldn’t click a link that you received from a “trusted” source. Not only that, as the hacker has access to a valid user account it is likely he now has access to all of the address book, which would typically include contact details of users including, full names, email addresses, phone numbers and job titles.

All of a sudden a single user clicking on a single targeted email has opened up your entire organisation to a breach.

What I find interesting about the published compromised accounts was how poor the passwords were, some samples below, full email addresses obscured. There were also a significant number that had password that included part of their first or last name.

These users all had passwords in the typical hacking dictionary attack, only because they are in the Top 1000 Passwords ever used:

joseph.m******n@**.fbi.gov – passwords123

tammy.m*****@**.fbi.gov – passwords123456

sidney.m******@navy.mil – password123

thane.c*****@verizon.net – 12345678987654321

ronald.m*****@**.fbi.gov – password111111

jason.p*****@**.fbi.gov – pass911pass911

joseph.f*****@**.fbi.gov – pass1234567890

Jesse.R*****@**.fbi.gov – $$$$$$$$$$$$$

y*******.cv@**.fbi.gov – password404

Tumb*****@**.fbi.gov – passowrds1234567

s*****.me****@**.fbi.gov – qwerty98765

an*****@**.fbi.gov – passwords121212121

joseph.h*****@**.af.mil – 128482joshqwerty

j*****.*.d******e@uscg.mil – qwerty9876

matthew.k******@navy.mil – matt123456

darrell.f******@**.fbi.gov – qwert123password

laura.e******@**.fbi.gov – passwored12

Lourdes.a*******@**.fbi.gov – password$qwerty

Joline.c******@**.fbi.gov – qwertylol@me

Mu****er.***@**.fbi.gov – letmein16011990

If the FBI can’t aviod common passwords what chances does the average user have?

Leave a Reply

 
© 2006-2019 Security magazine.