

Anonymous posts usernames and passwords of US Congress staffers - jessepollak
http://sebsauvage.net/paste/?ffbc2662e12f6ca9#PmqIe7dqymVyxIConK1ODxgMH8Als2xW+QecE0PBvUg

======
pvnick
Wow. Bad move, Anon (and I'm the last person who would normally say that).
This was a really crappy thing to do to innocent folks just trying to make an
honest career, many of whom probably use the same credentials for their online
banking and other important services. It gives a bad name to "hacktivists"
(which are growing increasingly important in holding our government
accountable) and will only take credibility away from the cause of
transparency. Congress members will very likely take an "us vs them" mentality
and lump Anon with "them" who want transparency wrt the NSA revelations.

Counter-productive and juvenile, that's all this was.

~~~
ddq
Politics. Honest career. Pick one.

~~~
pvnick
My brother, a great guy, is starting his degree in civil engineering and is
seriously considering one day working for the government to help develop
systems that deliver water to people whom would otherwise not have enough
water to survive. Should Anonymous hack his email account and dump his
passwords on the internet?

~~~
VladRussian2
>a great guy, is starting his degree in civil engineering

yep, sounds like he is just young and thus naive.

> working for the government to help develop systems that deliver water to
> people whom would otherwise not have enough water to survive.

government and water at places where not enough water ... what can go wrong
here ... Chinatown.

~~~
foobarbazqux
What happened in Chinatown?

~~~
VladRussian2
[http://www.imdb.com/title/tt0071315/](http://www.imdb.com/title/tt0071315/)

As a sidenote, it is interesting that water issues underlie so much CA
politics even now, many decades later, and will continue to do so in the
foreseeable future.

~~~
foobarbazqux
Oh, I've seen it, I was referring to this:

[http://www.imdb.com/title/tt0071315/faq#.2.1.3](http://www.imdb.com/title/tt0071315/faq#.2.1.3)

------
jstalin
Some of my favorite passwords from the list: notalentassclown3 password2
Password12 password5% password Password14 Password1 PASSWORD Password1@
password3# Password!1 Password45

etc...

~~~
seferphier
this is my favorite

Eric.Slocum@mail.house.gov: Fuckface^1

~~~
rollo_tommasi
I'd vote for whoever employs the guy whose password is 'Elimgarak06!'

------
jlgaddis
I'm laughing now but I probably won't be later.

I'm afraid that the government will use this incident as "proof" that what
they're doing thus far isn't "enough" and they need even more power and
control... and, given the victims of this attack, I'm certain they'll get it.

------
antimora
I am very surprised the policy of password strength is very weak. Allowing
"smith" as a password? It's too weak that makes me suspicious about the
origins of these passwords.

~~~
jaynos
Most (probably all) of the Federal government requires password changes every
month or so (not completely sure of the timeline) and you can't use previous
passwords. This leads to shitty passwords just so people can remember
something that always changes.

~~~
Aldo_MX
Offtopic: One bank I use enforces 8 characters max and changes every 3 months,
I ended up with /.+[0-9]{2}/ as the password since I would never trust my bank
credentials to any means to save the password, and I would never write it in
anything that it's not a password input (that includes a piece of paper).

If my bank get's hacked, don't be too harsh with my password, I swear I can't
remember a new, unique, secure and constrained password every 3 months :(

------
Afforess
Favorite password: cody.stewart@mail.house.gov: iConstituent

Obviously this leak is bad, but I think it's also humanizing. Staffers are
people.

~~~
542458
Curiously, more three people have the password Iconst!tu3nt, and one more that
looks like a garbled version thereof. I wonder why five different people are
using near-identical passwords - a default of some sort?

Iconst!tu3nt x3

iConstit*09

iConstituent

I feel bad for the people whose passwords were leaked, but I'm happy to see
that there's (as far as I've seen so far) terribly embarrassing among the
passwords. (Edit: okay, I was wrong on this one. notalentassclown3,
Fuckface^1, poopypants1, DallasSucks10! and 1044shit, I'm looking at you)

Also funny: Senatebound2012!

~~~
superchink
Looks like iConstituent is a CRM that they probably all use.

~~~
atlbeer
Yep

[http://www.iconstituent.com/constituent-gateway-
crm/](http://www.iconstituent.com/constituent-gateway-crm/)

------
thezilch
They've got nothing to hide, right? Is this FEMA? If our government can't be
arsed to secure their authentication servers and passcodes (eg.
salt+hash+fuckitandusebcrypt), how the hell can they be trusted with other's
private data?

~~~
res0nat0r
Congressmen on the hill are not the same people that the NSA is employing to
do technical surveillance work and data collection analysis.

~~~
thezilch
Sure they are, the NSA precisely characterized Snowden as a high-school
dropout. As well, I'm not convinced Congress staffers shouldn't be just a
schooled as those data analysts. These are the folks first in line to help
educate our Congress! They help or wholesale write bills! You're probably
right though; no freaking wonder this circus has allowed the NSA and the like
fly under their nose.

------
djKianoosh
Some people use personally identifiable info in their passwords. Even though
they shuffled passwords around so they don't match the username, if the user's
name or address is in the password... yikes

------
bound008
Oh the classic and secure "Password1". Mixed case and even alphanumeric.

------
XEKEP
So what do we have? A bunch of weak passwords. Not bad they are revealed,
actually, should educate some a bit. Still, revealing the passwords without
the email addresses would've been a bit more responsible.

On the other hand, do they really store house.gov passwords unencrypted? I'm
not even talking about salted vs unsalted hash here, just plaintext?
Seriously?

~~~
showerst
These look like they came from some sort of third party CRM, possibly
[http://www.iconstituent.com/](http://www.iconstituent.com/) given the number
of variations of iconstituent in the password list.

------
tjbiddle
Searched for "password" \- 36 results. The majority some iteration of
'password1', 'Password1', 'password2', etc.

Really wish government employees would be forced to use more secure passwords,
or at the least heavily trained on the importance of them.

~~~
fnordfnordfnord
Assuming this is real. Most of these look like default passwords chosen by a
clueless office administrator. They're all so similar.

------
p37307
Grief, the passwords are so lame. Do these people not realize how important
strong passwords are. Corker06. lol. Senate09.

------
TheCowboy
I wonder how old this data is. I looked up one person I know who hasn't worked
on the hill since 2010.

------
codereflection
Some of these are really easy to match up. Using part of your name as your
password is epically stupid.

------
cloverich
What is the point of doing this?

------
lukejduncan
Can we get a warning in the title that this doesn't just link to an article?

------
kunai
The first thing that came to my mind was: god, these are horrible passwords.

~~~
h0w412d
Well, have you ever not thought that after a password leak?

~~~
lukifer
Makes me wonder if the responsible thing to do when running a web service is
to constantly dictionary-attack and brute-force your own server, and whenever
it gets a hit, email the user and force a password change. In theory, the
userbase would evolve towards better passwords over time.

------
peterwwillis
Whatever happened to plain old defacing a website, like back in the day? This
"dox" obsession isn't nearly as cool as proposing marriage to Madonna from a
corporate website (though these days I guess it would be miley cyrus?)

