Spy Passwords of the FSB, CIA, and Mossad
And of course Bond…James Bond!
When we ran spy passwords in PitchFork, a database of 5 billion compromised records, naturally we started with the world’s most famous secret agent… 007. It was no surprise that the iconic cold war Commander Bond returned the largest number of passwords.
To be fair to the current generation, we also ran Jason Bourne.
Jason obviously hasn’t quite reached that iconic coolness level.
Then for fun, we tried the infamous 007 line, used often when addressing an attractive lady (hey, it was the sixties).
The people with this password most likely like to look in the mirror and repeat it over and over again. Whatever works! Bourne…Jason Bourne, on the other hand, didn’t register one single password. Jason is clearly interested in de-arming 4 guys in less than a minute instead of courting a lady at the baccarat table.
But on a more serious note- let’s look at an array of spy passwords. Clearly our analysis shows there are a lot of wannabes here. But could real spies be lurking?
Spy passwords-what’s in the data?
Some of you intelligence and security professionals may recognize a Chinese building, a Russian headquarters, or a noted Russian intelligence guru in our set of password totals. But for now, let’s drill a bit on Mossad (we’re not singling them out, we just need an example set to show how to spot spies).
At first glance you can see that this security professional at Dell is not only using plain text passwords, but a simple variation as well. This is clearly an insecure pattern. It’s not hard to run his other accounts and crack them with his password progression analysis. It’s also not hard to see in his social media accounts that he may have gone to school in the Middle East, had gaps in his resume, and speaks Hebrew. These are the little digital crumbs that added up could place him in same industry as Bond and Bourne. As each cyber print is collected, it increases the probability that this person may have had some serious counter intelligence (CI) training.
************@Banca*****.it password Mossad
************@Axisbank.com password Mossad
**@D*****Security.com password Mossad
Above are just three examples that show a possible engagement into the banking and security world. Many current and former CI trained professionals have assimilated into the commercial workspace. They may still be on the job or have just infiltrated for future work.
So why would a real spy use a knucklehead password?
Here are just some of the reasons:
- Old timers at intelligence agencies use repeated plain text passwords because they have grown up in a non-technical environment where some still use yellow legal pads and struggle with email.
- Some current agents who are lazy re-use passwords at all accounts.
- Some smart ones, due to the sheer volume of work, may co-mingle covert and overt account passwords. Or use keyboard walks for speed and efficiently.
- The really smart ones, who have a lost a bit of morality like Robert Hanssen, may like to tease and leave behind little in-you-face mole passwords as clues.
- Funny agents who rebel against the work cubicle may and use names from movies like Spies Like Us and GoldMember, sort of a covert sense of humor.
- Some are proud of their agency and like to tout it as a way to prove their relevance and play with adversaries.
Still some further digging into the haystacks of PitchFork shows for sure there are real spies lurking. Whether by accident, ignorance, or ego, many real spies have left little clues, so called digital crumbs, as to who they really are.
Spies make mistakes too. They probably thought, like most of us, that no one would have access to 5 billion passwords where you can see a history of a specific persons password progression and maybe even be able predict the next one.
Analytics all about probabilities
Our analysis is based on cross-referencing the cyber prints across billions of compromised accounts. One password leads to another, one account leads to another, and linkage is established to show probabilities that a set of accounts belong to one person.
Mossad was one of the easier spy agencies to track cyber prints. As we see in some LinkedIn profiles, speaking Hebrew, having a certain educational background, and having gaps or outlying work history are factored into the data analysis.
As we accumulate these clues, it increases the probability that a particular person may be a spy. It’s similar to matching ridge points on two sets of fingerprints. When you have enough, which is what the experts may agree is conclusive enough for a courtroom conviction, you can say with a qualified high degree of probability that John Doe is in fact a spy. But it is never with a 100% certainly as these cyber prints are circumstantial. That’s why cyber prosecutions in courtrooms are few and far between because a defense lawyer that understands the complexity of the dark web can establish reasonable doubt fairly easily.
A stealthy spy killer?
One of the more interesting profiles seen in PitchFork was that of a woman who worked as a corporate team leader for Dell and HP. A so-called corporate “Zen Master”.
Her LinkedIn talks about teaching peace and harmony, all the while her password at HP was “Mossad77”.
“Zen” and “Mossad” are two words that should never be in the same sentence. So it’s probably best to not mess with this lady.
The cold war has evolved into the cyber wars. With that, sources and methods for codes and passwords have evolved. The old days of using a book page with certain word locations has transcended to gamers using Greek god names spelled backwards with multiple character formations.
That said, today’s spy agencies like to hire hackers and they like to track each other.
They want to know who in their agency is tipping off the enemy with insecure passwords, or toying with their adversaries. They also want to know which of their covert identities may be floating in compromised internet databases for fear someone could drill on them and piece together their underground personas.
There’s no doubt many spies are lurking online between the Bond era of the sixties and modern day Mossad. And it’s all in the data.
Join Us. We are waiting for you!Sign Up Today!
We welcome you to our community where you can gather and share information on debts and issues which may have your life unsettled. Together we thrive!