Last week we wrote that Anonymous grabbed data from five oil companies, posting more than 1,000 email and passwords combinations online, but now it has emerged that a large portion of the data may have been faked.
NovaInfoSec, which initially reported the results of the operation against Shell, Exxon, BP, Gazprom and Rosneft, has provided a compelling argument that suggests that the second batch of email usernames and passwords snatched by Anonymous hacker le4ky have been forged.
Commenting on a HackersMedia post, Jeremi Gosney raised concern that the passwords were all based around a similar number-letter pattern, rather than being unique, indicating that they may have been set up in bulk:
I cracked all of the passwords in that dump, and every single password for each user at each company was *exactly* six characters long, all contained only a-zA-Z0-9, and all appeared to be random.
Extremely suspicious — like someone generated 727 random six character strings and hashed them as raw md5. The probability of this dump being real is extremely low.
It remains unclear whether the credentials that are part of the first dump are also fake. A number of hackers are still working to crack the data but initial observations — that most of the passwords are 8 characters in length — have raised suspicions over its legitimacy.
One possible explanation that has been overlooked, thus far, is that the passwords were set in this identikit way by the oil companies themselves. This could be possible if the email addresses were for new users, or perhaps employees that had left the firms, and the accounts were therefore in storage.
However, given that the dumps include data from five different companies, the likelihood that the passwords would be so similar seems unlikely. But, that said, it is still unclear whether the hackers rigged the passwords themselves.
Le4y has promised to explain all, but no response has been forthcoming yet:
I dont have access to my computer, everything will be explained n given out once I m online!
— CyberZeist (@le4ky) July 18, 2012
The posting of the passwords was celebrated as a milestone in the Anonymous #OpSaveTheArctic campaign, which targets multinational oil firms that the hacking collective says are melting Arctic ice caps.
We’re keeping an eye on things and have reached out to those involved to ascertain further information.
Image via Flickr / Zigazou76