Wow. Bad move, Anon (and I'm the last person who would normally say that). This was a really crappy thing to do to innocent folks just trying to make an honest career, many of whom probably use the same credentials for their online banking and other important services. It gives a bad name to "hacktivists" (which are growing increasingly important in holding our government accountable) and will only take credibility away from the cause of transparency. Congress members will very likely take an "us vs them" mentality and lump Anon with "them" who want transparency wrt the NSA revelations.
Counter-productive and juvenile, that's all this was.
If Anon was able to get these passwords, I'd bet foreign spy agencies and black hats can as well. Plus with passwords as bad as these, it would have been trivial for someone to have guessed them in the first place.
These aren't politicians they're staffers. Many people enter the political realm to affect policy change. Many of these people are driven by a desire to do good. You are painting with too broad a brush and your comment doesn't really add anything to the conversation.
Do some people enter politics because they just want power or they want to polish their ego? Sure! But that doesn't mean everyone in the industry is inherently a bad actor.
Even politicians (as opposed to staffers) sometimes take stands on moral issues - that would hurt them politically (rare but it happens)
At the risk of starting a politics flame war, I know/have known dozens of hill staffers, and to a person they're under paid and over worked. Their salaries are public, most of the low level people make < 35k (which doesn't go far in DC) for far longer than 40 hour work weeks.
A cynic could say they're just resume padding to sell out later, but if you're trying to mooch off of the taxpayer, being a low level capitol staffer is NOT the way to go about it.
"Sir, there are two passions which have a powerful influence in the affairs of men. These are ambition and avarice—the love of power and the love of money. Separately, each of these has great force in prompting men to action; but, when united in view of the same object, they have, in many minds, the most violent effects. Place before the eyes of such men a post of honor, that shall, at the same time, be a place of profit, and they will move heaven and earth to obtain it. The vast number of such places it is that renders the British government so tempestuous. The struggles for them are the true source of all those factions which are perpetually dividing the nation, distracting its councils, hurrying it sometimes into fruitless and mischievous wars, and often compelling a submission to dishonorable terms of peace.
And of what kind are the men that will strive for this profitable preeminence, through all the bustle of cabal, the heat of contention, the infinite mutual abuse of parties, tearing to pieces the best of characters? It will not be the wise and moderate, the lovers of peace and good order, the men fittest for the trust. It will be the bold and the violent, the men of strong passions and indefatigable activity in their selfish pursuits. These will thrust themselves into your government and be your rulers. And these, too, will be mistaken in the expected happiness of their situation, for their vanquished competitors, of the same spirit, and from the same motives, will perpetually be endeavoring to distress their administration, thwart their measures, and render them odious to the people."
Staffers on the Hill are paid very little and work long hours. They tend to be very interested in policy implementation and are sweating more than the average hire out of college because they want to make a positive difference.
My brother, a great guy, is starting his degree in civil engineering and is seriously considering one day working for the government to help develop systems that deliver water to people whom would otherwise not have enough water to survive. Should Anonymous hack his email account and dump his passwords on the internet?
As a sidenote, it is interesting that water issues underlie so much CA politics even now, many decades later, and will continue to do so in the foreseeable future.
That's actually a pretty good argument if there were a more or less constant number of robbers. In a situation where you were definitely going to be robbed - as seems to be the case if you want it to be analogous with government: Would you rather be robbed by a complete drugged out psychopath who'll kill you if you twitch or someone relatively calm who definitely won't kill you if you just hand over the money?
nice turn. Drugged out psychopaths can't organize into long functioning multi-layered mafia organizations who would control whole cities and whose extortion activities go well beyond simple robberies of private citizens where is the "nice" guys can and do.
Are you claiming that evil people are stupid? I'm not sure what the analogous risk is meant to be for governments there - they already seem plenty organised.
Oh that is so untrue. Not everything to do with politics is the party political system. I've worked with planning officers and researchers who work in government before, and many of them are really nice people who are honestly trying to do their best for the people around them and the places they live.
Lots of people just spend their lives trying to research how to make the world a little less crap, or planning infrastructure, or trying to keep people in housing. With limited resources, and a system that backfires on them from time to time because they've relatively little power in the grand scheme of things (depending on government structure and incentives) but that doesn't make them bad people.
Anon has always been counter-productive and juvenile. To expect anything more than that is stretching it.
Anon is occasionally lucky with their targets (ie: they happen to line up to a good cause), but internet vigilantism consistently does crappy things to innocent people.
The very nature of Anonymous precludes false flag operations, as from its inception, anyone who claims to be Anonymous is, ipso facto, Anonymous. It doesn't mean they're the same group of people everyone else is thinking of, but it's never meant that. It's simply a distinction that's lost on many of the people who comment on Anon's activities.
Russian Gangs are known to fly the flag of Anonymous, but I bet you that the rank-and-file members of Anon would prefer not to be confused with those guys.
Doesn't matter. The very idea of Anonymous is that it's a label, not a group. It's a flag that anyone and everyone can choose to fly, with no one group any more deserving of doing so than any other. That's been the fundamental idea of Anonymous since its inception, and is one of the most misunderstood points about it.
Sure, there are the "core" Anonymous groups that you might associate with LulzSec, but those were very different from the WhyWeProtest Anonymous groups that continue to fight the Church of Schientology, which are in turn different from the Anonymous groups that supported Occupy Wall Street, which are in turn different from those involved in the Arab Spring, which are in turn different from those working with the FBI to take out child porn rings on TOR, etc. They may share some common ideals, and perhaps even membership, but they're all disparate groups and none is more or less Anonymous than any other. The people who did this are just as deserving of the label as those who worked to bypass internet surveillance in Iran, as they both choose to fly the flag.
I fully understand 4chan /b/ culture and so forth. Trust me, I know what you're talking about. Look at how I worded my response, its both "yes" and "no". Russian criminal gangs have the full right to call themselves Anonymous, as does the NSA if they really wanted.
And whether or not it is "right", there are groups of people on the internet who "respond to the call of Anonymous". As long as you invoke the name anonymous, then you recieve them as an ally. This is dangerous behavior, and leads not necessarily to "false flag" attacks (in the strictest sense), but allows the groups that align themselves with Anonymous to be easily manipulated.
Given the history of infiltrating activism groups, and the fact that Anonymous requires effictively zero effort to infiltrate, I'd put the probability at just a shade beneath 100%.
That said, I'd guess that much of the irresponsible vigilantism of Anon probably is still the work of idealistic teenagers and so forth.
In the other hand, that could give them a hint on what is being done by their employers to the rest the world, and that they are directly or indirectly helping to keep being done. Don't twist something into being bad only when is done to you.
Some of my favorite passwords from the list:
notalentassclown3
password2
Password12
password5%
password
Password14
Password1
PASSWORD
Password1@
password3#
Password!1
Password45
Yes, only a single capital letter is needed to make it more secure against automatic methods. But all-caps is probably more secure against an in-person attack, way more so than just 'password'.
I'm afraid that the government will use this incident as "proof" that what they're doing thus far isn't "enough" and they need even more power and control... and, given the victims of this attack, I'm certain they'll get it.
I am very surprised the policy of password strength is very weak. Allowing "smith" as a password? It's too weak that makes me suspicious about the origins of these passwords.
Most (probably all) of the Federal government requires password changes every month or so (not completely sure of the timeline) and you can't use previous passwords. This leads to shitty passwords just so people can remember something that always changes.
Offtopic: One bank I use enforces 8 characters max and changes every 3 months, I ended up with /.+[0-9]{2}/ as the password since I would never trust my bank credentials to any means to save the password, and I would never write it in anything that it's not a password input (that includes a piece of paper).
If my bank get's hacked, don't be too harsh with my password, I swear I can't remember a new, unique, secure and constrained password every 3 months :(
These look like they came from some sort of third party CRM, possibly http://www.iconstituent.com/ given the number of variations of iconstituent in the password list.
I'd be willing to bet that the actual house/senate domains require strong passwords, I've interacted with their IT in a few situations and found them to be on the ball.
Curiously, more three people have the password Iconst!tu3nt, and one more that looks like a garbled version thereof. I wonder why five different people are using near-identical passwords - a default of some sort?
Iconst!tu3nt x3
iConstit*09
iConstituent
I feel bad for the people whose passwords were leaked, but I'm happy to see that there's (as far as I've seen so far) terribly embarrassing among the passwords. (Edit: okay, I was wrong on this one. notalentassclown3, Fuckface^1, poopypants1, DallasSucks10! and 1044shit, I'm looking at you)
>NOTE: FOR THE PURPOSES OF BEING FAR TOO GENEROUS WITH YOU GUYS, WE HAVE REMOVED SOME OF THE PASSWORDS AND SHUFFLED THE ORDER OF THE REMAINING ONES. THESE ARE ALL CURRENT, VALID CREDENTIALS BUT THEY ARE NOT IN THE ORIGINAL PAIRINGS. WE RESERVE THE RIGHT TO SPONTANEOUSLY DECIDE THIS RESTRAINT WAS UNJUSTIFIED.
Some are pretty easy to guess who they belong to. like TX32republican!
They've got nothing to hide, right? Is this FEMA? If our government can't be arsed to secure their authentication servers and passcodes (eg. salt+hash+fuckitandusebcrypt), how the hell can they be trusted with other's private data?
Sure they are, the NSA precisely characterized Snowden as a high-school dropout. As well, I'm not convinced Congress staffers shouldn't be just a schooled as those data analysts. These are the folks first in line to help educate our Congress! They help or wholesale write bills! You're probably right though; no freaking wonder this circus has allowed the NSA and the like fly under their nose.
These look like they came from some sort of third party CRM, possibly http://www.iconstituent.com/ given the number of variations of iconstituent in the password list.
It says something about how thoroughly they vet their vendors, but it's not 'our government's security. (although requiring a full audit that deep before letting them pay a third party just makes them more lumbering and tech-phobic...)
Some people use personally identifiable info in their passwords. Even though they shuffled passwords around so they don't match the username, if the user's name or address is in the password... yikes
So what do we have? A bunch of weak passwords. Not bad they are revealed, actually, should educate some a bit. Still, revealing the passwords without the email addresses would've been a bit more responsible.
On the other hand, do they really store house.gov passwords unencrypted? I'm not even talking about salted vs unsalted hash here, just plaintext? Seriously?
These look like they came from some sort of third party CRM, possibly http://www.iconstituent.com/ given the number of variations of iconstituent in the password list.
Makes me wonder if the responsible thing to do when running a web service is to constantly dictionary-attack and brute-force your own server, and whenever it gets a hit, email the user and force a password change. In theory, the userbase would evolve towards better passwords over time.
Whatever happened to plain old defacing a website, like back in the day? This "dox" obsession isn't nearly as cool as proposing marriage to Madonna from a corporate website (though these days I guess it would be miley cyrus?)
Counter-productive and juvenile, that's all this was.