UK Politician's Campaign Staff Tweets Out Picture Of Login And Password To Phones During Campaign Phone Jam

from the p@ssw0rd! dept

Mon, Sep 12th 2016 3:26am — Timothy Geigner

When we talk password security here at Techdirt, those conversations tend to revolve around stories a bit above and beyond the old "people don't use strong enough passwords" trope. While that certainly is the case, we tend to talk more about how major corporations aren't able to learn their lessons about storing customer passwords in plain text, or about how major media outlets are occasionally dumb enough to ask readers to submit their own passwords in an unsecure fashion.

But for the truly silly, we obviously need to travel away from the world of private corporations and directly into the world of politicians, who often times are tasked with legislating on matters of data security and privacy, but who cannot help but show their own ineptness on the matter themselves. Take Owen Smith, for example. Smith is currently attempting to become the head of the UK's Labour Party, with his campaign working the phones as one would expect. And, because this is the age of social media engagement, one of his campaign staffers tweeted out the following photo of the crew hard at work.

The image is such that the problem may not jump out at you. Hopefully one of the many internet-ers that tweeted a response to the campaign will help.

Owen Smith's team have the absolute cheek to accuse @jeremycorbyn of "incompetence" the day after this! pic.twitter.com/ZUydXlLdxr
— Another Angry Voice (@Angry_Voice) September 5, 2016

Yes, a staffer for the campaign managed to tweet out the full login and password to the phone banks for the campaign's phone jam. That password was also declared weak by the same internet that had managed to suss it out from the photo as well, leading some to complain that politicians that cannot bother to run organizations that adhere to basic security practices shouldn't be trusted to legislate on those matters in government.

The tweet has since been deleted and the credentials altered, but password security practices probably start with a first step of: don't send out your l/p to the entire known internet-connected world.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cybersecurity, owen smith, passwords, security, uk

16 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Michael, 12 Sep 2016 @ 4:25am

Let's not forget to mention that it's also a good security policy to not write passwords on a whiteboard and share them with a bunch of people.

Even without the tweet, this guy is a twit.
[ link to this | view in chronology ]
Capt ICE Enforcer, 12 Sep 2016 @ 5:08am

Obviously this was a Russian ISIS informant trying to overthrow the government. They should be arrested. And the military should liberate or invade the country...
[ link to this | view in chronology ]
Anonymous Coward, 12 Sep 2016 @ 5:10am

CFAA Violations for anyone who saw that tweet. You are all criminals! Go to jail!
[ link to this | view in chronology ]
Capt ICE Enforcer, 12 Sep 2016 @ 5:19am

Add this
Let's not forget that the intentional deletion of the tweet is tampering of evidence which proves they knew they were breaking the law.
[ link to this | view in chronology ]
Hankster (profile), 12 Sep 2016 @ 5:27am

All whiteboards should be automatically encrypted as you write. Then only those those that are wearing the super secret decrypting glasses could read it.
[ link to this | view in chronology ]
- Oblate (profile), 12 Sep 2016 @ 5:52am
  
  Re:
  Any writing I put on a whiteboard is encrypted. That is if you listen to the complaints from those trying to read it...
  [ link to this | view in chronology ]
Capt ICE Enforcer, 12 Sep 2016 @ 6:01am

Key
Ahh, that explains why I can read it using my government computer. But not my personal computer.. I have the golden key which means only I being a good person can see it.
[ link to this | view in chronology ]
Anonymous Coward, 12 Sep 2016 @ 6:43am

> The tweet has since been deleted and the credentials altered

Yes, but who altered them? Smith's campaign group would like to talk to them.
[ link to this | view in chronology ]
I.T. Guy, 12 Sep 2016 @ 7:42am

No worries... they changed the login to Password\Pa$$w0rd.

Its safe now.
[ link to this | view in chronology ]
Skeeter, 12 Sep 2016 @ 10:35am

Just - wow
Seriously, I see the picture here. I can't make it out clearly, so I save a copy to my desktop (wanting to see this 'disclosing' image). On a 32-inch monitor, I try to make out what is said at: password: x&*^%%m and just can't get there.

To this, it SUPREMELY BEGS THE QUESTION, why are people using image enhancers, blowing up images 32x, and so-forth just to see 'what gory, juicy details are REALLY in the picture?'

I mean, if you have Bill, Hillary, Donald and Barack all laughing together at a black-tie event, I get 'tearing a picture down' to find 'hints' about what's 'really going on', but being as this mp isn't exactly the Prime Minister, I'm not really getting the significance of this 'password crack' to begin with.

Obviously, the citizens of the UK need more entertainment, more hobbies, or may just more employment - so they aren't tearing insignificant politicians' press photos apart? Just an idea.
[ link to this | view in chronology ]
- Hankster (profile), 12 Sep 2016 @ 1:03pm
  
  Re: Just - wow
  Ummmmm, yes, why did YOU do that?
  [ link to this | view in chronology ]
- JoeCool (profile), 12 Sep 2016 @ 1:08pm
  
  Re: Just - wow
  Anytime the opposition posts pictures of plans on a whiteboard, you're naturally going to want to read them. They're GIVING you the info instead of needing to go to "extremes" to get the info.
  [ link to this | view in chronology ]
- Anonymous Coward, 12 Sep 2016 @ 1:29pm
  
  Re: Just - wow
  Whenever someone posts a screenshot of their browser, I and many others will gravitate to seeing what their pinned bookmarks and tabs are titled. These types of things are almost beacons for "WE TOOK A PICTURE AND DIDN'T TAKE INTO ACCOUNT THAT MORE THAN JUST THE SUBJECT IS VISIBLE" and related face-eggs.
  [ link to this | view in chronology ]
Digitari, 12 Sep 2016 @ 1:24pm

SMART
the second guy to tame fire didn't scream as loud as the first.

this is NOT the first time something like this has happened
[ link to this | view in chronology ]
Alexander, 12 Sep 2016 @ 5:55pm

Zero'th Law
I think we just learned that the the Zero'th Law of Passwords is Do not publish your password on the Internet.

Until now, we didn't think that had to be stated.
[ link to this | view in chronology ]
- Eldakka (profile), 12 Sep 2016 @ 11:56pm
  
  Re: Zero'th Law
  Laws of Stupidity
  
  Law 0: Stupidity cannot be destroyed, only deflected.
  Law 1: Stupidity expands to fill the space available.
  Law 2: Stupidity flows from the more stupid to the less stupid.*
  Law 3: Too many laws for the stupid to count.
  
  *Because there is more of it, and it's armed with more clubs.
  [ link to this | view in chronology ]