34 comments

[ 2.9 ms ] story [ 42.4 ms ] thread
I guess not all the users were verified:

162156813-|--|-jfnsdibsdibfsdibfusdbfusdu@nsa.gov-|-diQ+ie23vAA=-|-|--

A few NSA.gov.cn addresses too...
A few @nsa.gov.pl addresses, I conclude that the list is probably fake.
Naczelny Sąd Administracyjny

http://www.nsa.gov.pl/

AKA Supreme Administrative Court of Poland. The irony :) https://en.wikipedia.org/wiki/Supreme_Administrative_Court_o...
hahah, yeah that's a good one :)

>> "The Supreme Administrative Court of the Republic of Poland (Polish: Naczelny Sąd Administracyjny) is the court of last resort in administrative cases e.g. those betweens private citizens (or corporations) and administrative bodies. "

aka the chinese National School of Administration
N*A is a very common acronym thanks to National and Administration/Association. There are NSAs all over the place.
What is the significance of this? It's not like they all signed up with Adobe to backdoor them. ('Coz if they did, that would be an extremely stupid way to go about it.)

Probably legitimate users.

I think the implication here is that people might have signed up with the same username and password as they use for other things (e.g., their work email).
Yup. For instance, what might "Standard" mean here?

78113633-|--|-ksfolso@nsa.gov-|-UnFEG3IXPX+rjFQssxpQEA==-|-Standard|--

One of them is "|-cat vomit $|--", password hints maybe?
Yeah - my point is that this password hint is basically telling you that the user uses the same password for other things.
Not likely - the higher up you go in government, the more stringent they are with passwords for government provided services such as email. The NSA is probably the highest up there with that.
Looks like fake entries; root@nsa.gov, really?
My favorite: ispy@nsa.gov. Totally legit.
nsa.gov.cn ? really?
It's the 'China National School of Administration'.
How are those passwords encoded?
Subscribe them all to EFF newsletter?
Some apparently already might be. Google some of the names - (syntax appears to be last initial- first name. Comments & names from some of the people re-identify them as NSA elsewhere on the internet. Some of those comments were interesting:

"Thank you Thomas Drake for your courage.

------- ex-USAF ex-NSA"

Well, somebody had to make those great slides.
Haha, this was a thought of mine... Thanks to Mr. Snowden we've seen what their excellent photoshop work can accomplish.
I have a simple thought with all of these here nsa addresses. While some look fake, some do in fact look legit. Bu the question I ultimatly have is that since the NSA is all about spying, subterfuge, code breaking, and the like, why are they giving the workers @nsa.gov addresses? Wouldn't they give something that would point other people away from thinking of the NSA?
Somebody has a sense of humor: ispy@nsa.gov
I also like the following: root@nsa.gov, admin@nsa.gov, ghost@nsa.gov
Where are people getting the dump file from? I haven't found a great way to locate the dump file anywhere.
Search Twitter for “users.tar.gz”, then go and download the file.
SHA hash of the file: 051b176c506388f9bda78bd831aceda324d304e8
(comment deleted)