Researcher Purposefully Posts 100 Government E-Mail Addresses And Passwords - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications

Researcher Purposefully Posts 100 Government E-Mail Addresses And Passwords

Those exposed include accounts to the Kazakhstan Embassy in Russia, the Hong Kong Human Rights Monitor, and the Office of the Dalai Lama.

A security researcher in Sweden published the addresses and passwords for about 100 government and embassy e-mail accounts, to "put light" on serious security problems.

Dan Egerstad, the researcher behind the DErangedSecurity blog, posted the e-mail account information late last week. The listing supposedly includes e-mail addresses and related information for the Kazakhstan Embassy in Russia, the Uzbekistan Embassy in Dubai, the Hong Kong Human Rights Monitor, and the Office of the Dalai Lama.

"Yes, it's the real deal and still working when we are posting this," Egerstad wrote in the blog entry. "So why in the world would anyone publish this kind of information? Because seriously, I'm not going to call the president of Iran and tell him that I got access to all their embassies. I'm DEranged, not suicidal!"

Egerstad went on to say in his blog that he hopes publishing the information will shed some light on security issues that generally don't get discussed and that it will push the various governments to fix the problems faster than normal.

"Here is everything you need to read classified e-mail and (expletive) up some serious international business," he added. "It's only a matter of time until someone else gets the same information. Or wait, does someone else have this already? For how long have they had it? What are they doing with it?... I would like to remind everyone that using ANY of this is a serious crime and I trust that nothing here will be used, ever!"

The blogger's move to release the information got mixed reviews from readers leaving comments. As of early Tuesday afternoon, there were 315 responses.

One reader, calling herself Anna, simply wrote, "great job dude."

Another reader, calling himself Saviour, took an alternative view, writing, "u stupid, u r putting our security at risk... this is not fair for any sensible mind to do such kind of henious act... u r encouraging crime in the society and playing with the lives of 100 of millions of people... by putting their countries' key installations' passwords on the net... this can have grave consequences for our national security."

And a reader identifying himself as Wakeupcall, wrote, "I hope this is a kind of wakeupcall to everyone out there. I think this is just a glimpse of how careless Companies, Organisations etc. are and the fact, that most of the passwords still have not been changed is a good example of stupidity."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
News
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
Slideshows
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Slideshows
Flash Poll