BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • 25% of US Interior Ministry passwords are cracked in 90 minutes


    In just 90 minutes, the accounts of 14,000 employees were hacked, and Password-1234 turned out to be the most popular password.

    The Inspector General of the US Department of the Interior has audited the security of the password management systems and policies used by the agency. As the report showed, in just 90 minutes the accounts of 14 thousand employees were hacked, and Password-1234 turned out to be the most popular password.

    To test the security system, the auditors were given password hashes from 85,944 employee accounts in Active Directory. The experts then attempted to crack these passwords using a 1.5 billion-word database that included: dictionaries from several languages, US government terminology, pop culture references, public passwords from past leaks, and keyboard shortcuts like QWERTY.

    In the first 90 minutes of testing, auditors cracked the hashes of 16% (14,000) of the department's user accounts. The experts continued to audit the password database for 8 weeks and revealed another 4,200 passwords during this time.

    In total, 18,174 (about 21%) of the 85,944 verified cryptographic hashes were cracked. Moreover, 288 of the affected accounts had elevated privileges, and 362 belonged to high-ranking government officials.

    Among the most popular passwords that were recovered were: Password-1234 (478 accounts); Br0nc0$2012 (389 accounts); Password123$ (318 accounts); Password1234 (274 accounts); Summ3rSun2020! (191 accounts); 0rlando_0000 (160 accounts); Password1234! (150 accounts); ChangeIt123 (140 accounts); 1234password$ (138 accounts); ChangeItN0w! (130 accounts).

    Experts reportedly spent $15,000 to set up a password-cracking rig.

    An interesting fact was that 99.9% of the cracked passwords formally met the security requirements: they had a length of at least 12 characters and contained 3 of the 4 required types of characters - lowercase and uppercase letters, numbers and special characters.

    As a result, the state regulator made recommendations to the IT service of the US Department of the Interior to strengthen the requirements for the rules for compiling passwords, promptly check their expiration date and implement multi-factor authentication. It turned out that only 11% of users used it.

    Author DeepWeb
    Poland warns of Ghostwriter attacks
    Royal ransomware claims attack on Queensland University of Technology

    Comments 0

    Add comment