back to article Doubts cast on Islamic State's so-called leak of US .mil, .gov passwords

Islamic State's frothing fanatics have leaked online what they claim to be the email addresses and plaintext passwords of 1,500 American military personnel – including CIA staff. The details include full names, email addresses, unencrypted passwords, ZIP codes, places of work, and telephone numbers. They come in a format that …

  1. Captain DaFt

    "And the plaintext passwords are hilariously weak – like "david8" weak. The sort of password you wouldn't expect a military or government network to accept."

    Seriously? Someone needs their cynicism topped up. That's exactly the kind of password I'd expect.

    Other than that, yes, it looks like the kind of list you'd scrape together to look "official".

    1. diodesign (Written by Reg staff) Silver badge

      Re: President Password

      "That's exactly the kind of password I'd expect."

      We are quite cynical. Even so, if you can get away with "david9" on a .mil or .gov account then we're all completely, oh what's the technical term? AH yes, completely fucked.

      C.

      1. Jonathan Richards 1 Silver badge
        Facepalm

        Re: President Password

        > if you can get away with "david9" on a .mil or .gov account...

        Such a password wouldn't be accepted on any .mod.uk system with proper security accreditation.

      2. tom dial Silver badge

        Re: President Password

        The passwords described would not have worked in the US DoD in 2005 or 6, possibly earlier. The standards when I retired at the end of 2011 were length of 12, at least two each of upper case, lower case, digits, and special characters (subject to acceptance by the application or system). New passwords were to be different from any of the last 10, from any used less than a year in the past, and from the password used on any other system. Three consecutive occurrences of the same character were never allowed, and some systems disallowed all repeats, ascending or descending digit sequences, or both. Password change was required every 60 days or less and most systems and applications enforced that.

        Some of the properties, of course, could not be validated automatically, and some systems and applications enforced standards better than others. Password managers were gaining popularity, but spreadsheets or notes in drawers were more or less the norm.

      3. Captain DaFt

        Re: President Password

        "Even so, if you can get away with "david9" on a .mil or .gov account then we're all completely, oh what's the technical term? AH yes, completely fucked."

        Tell that to Gary McKinnon, he could use a laugh.

  2. msknight

    How long...

    ... before someone gets the old "Taliban answering machine" recording from the internet, and puts it on the end of one of those numbers?

    https://www.youtube.com/watch?v=ww-xEcfhfFY

  3. Anonymous Coward
    Anonymous Coward

    clearly the phone test

    was to the UK local authority - no surprise there is no answer, thats the same result the general public gets...

  4. Nigel 11

    Where it came from

    <paranoia class="professional carefully-nurtured">

    The data came from a 3-letter agency. Anyone who has made any use of it will be bumped up their watch list. Like the Reg's journalist (except journalists are probably already a lot higher on the list than John Doe, it goes with the profession).

    You'll note I say "up" not "onto". Everyone who has ever made a phone call is on the list already.

    </paranoia>

    1. This post has been deleted by its author

  5. Chris King

    Islamic State fears Stockport ?

    Are they deadly afraid of large railway viaducts, the UK's only hat museum and Conference League football teams ?

  6. macjules Silver badge
    Unhappy

    Tsk tsk

    By 'Islamic State Hacking Division' I presume you mean a 13 year old using his/her school laptop and a www.wordpress.com account? They started off searching for mil and gov keywords but grew more and more angry as all they got from a Google search were endless references to milf contact pages and redirects to London Underground at tfl.gov.uk.

    Islamic State Hacking Division has now been relocated to the bedroom, without any supper.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022