Military Passwords Aid the Enemy
Haystack series #4-101st Airborne and the US Military Elite
In combat, some officers remove the rank insignia from their helmets to avoid being singled out by enemy snipers. One could argue that’s a prudent military tactic. In today's world of nation state actors and terrorists taking the fight online, cyber snipers have our proud men and woman in uniform in their sights.
When we ran military unit names like the 101st Airborne, Navy Seals, and Green Berets in PitchFork, a database of billions of compromised passwords, we found thousands of officer-related passwords. This exposure poses a clear threat that can lead to other accounts potentially outing an officer's physical coordinates or provide the enemy intimate details of an officers unit or mission, or possibly even worse, details about their family. That’s a threat we must mitigate.
As you can see, military folks love to put a personal detail into their passwords. Many of us do that because we inherently think we’re secure when creating a password we can remember. But we understand why in these cases they like to designate something attached to their service. It’s simply pride.
It wouldn’t be a surprise for a General or Colonel to get attacked by cyber warfare snipers employing weapons like DDoS, Swatting, or Phishing. Whether it’s a personal attack or one to infiltrate an intelligence unit, our adversarial cyber warriors have many weapons at their disposal and many targets to choose from. Giving them a set of passwords of a particular officer just gives them a leg up in the fight.
As an officer email account is compromised, phishing attacks can be launched from his or her contact list within their email account to trusted colleagues. The goal is to get a simple click from a colleague on a link where malware is downloaded into the new victim. This infiltration tactic gives the cyber warrior a beachhead to monitor or launch new attacks.
Ironically, we found more prideful passwords from the past for the 101st Airborne:
Operation Overlord was the code name for the Battle of Normandy during World War II. So creating a beachhead to further your attack was obviously relevant on June 6th, 1944, and is also relevant in today’s cyber wars. Whether you’re taking sand or taking over accounts or servers, it’s all warfare.
Here are a few more prideful 101st Airborne passwords:
With all due respect for those fighting for our freedoms, in which we are very thankful for, being proud here is a liability. As we’ve seen with the PitchFork product, tracking a specific 101st Airborne password can lead directly to other social media or military accounts (see screenshot below). A simple check of “101stairborne182” could lead to other accounts with the same password. Being prideful and repetitive with passwords is deadly. That’s giving away too much information to our enemies in today’s cyber war, who also have similar tools to the PitchFork database.
As we’ve seen with the billions of passwords in PitchFork, less than 5% of them have symbols with characters and numbers. That’s a pathetically small percentage and shows how the majority of the Internet stills uses lousy plain text passwords. That’s our fault for being lazy and trying to simplify our life. But that’s a gift for adversarial nation states and terrorists. It would be advisable for all military personnel to use a password of at least 8 characters, with no dictionary found words (so sorry mates, lose the pride), including symbols, and unique to each and every online account.
Join Us. We are waiting for you!Sign Up Today!
We welcome you to our community where you can gather and share information on debts and issues which may have your life unsettled. Together we thrive!