Subscribe them all to EFF newsletter?

Some apparently already might be. Google some of the names - (syntax appears to be last initial- first name. Comments & names from some of the people re-identify them as NSA elsewhere on the internet. Some of those comments were interesting:

"Thank you Thomas Drake for your courage.

------- ex-USAF ex-NSA"

I guess not all the users were verified:

162156813-|--|-jfnsdibsdibfsdibfusdbfusdu@nsa.gov-|-diQ+ie23vAA=-|-|--

or ispy@nsa.gov

Nah, that's an alias for the director.

I like that one of the hints is "1 to 6"

Looks like fake entries; root@nsa.gov, really?

My favorite: ispy@nsa.gov. Totally legit.

What is the significance of this? It's not like they all signed up with Adobe to backdoor them. ('Coz if they did, that would be an extremely stupid way to go about it.)

Probably legitimate users.

I think the implication here is that people might have signed up with the same username and password as they use for other things (e.g., their work email).

Yup. For instance, what might "Standard" mean here?

78113633-|--|-ksfolso@nsa.gov-|-UnFEG3IXPX+rjFQssxpQEA==-|-Standard|--

One of them is "|-cat vomit $|--", password hints maybe?

Yeah - my point is that this password hint is basically telling you that the user uses the same password for other things.

Not likely - the higher up you go in government, the more stringent they are with passwords for government provided services such as email. The NSA is probably the highest up there with that.

I have a simple thought with all of these here nsa addresses. While some look fake, some do in fact look legit. Bu the question I ultimatly have is that since the NSA is all about spying, subterfuge, code breaking, and the like, why are they giving the workers @nsa.gov addresses? Wouldn't they give something that would point other people away from thinking of the NSA?

Well, somebody had to make those great slides.

Haha, this was a thought of mine... Thanks to Mr. Snowden we've seen what their excellent photoshop work can accomplish.

Where are people getting the dump file from? I haven't found a great way to locate the dump file anywhere.

Search Twitter for “users.tar.gz”, then go and download the file.

SHA hash of the file: 051b176c506388f9bda78bd831aceda324d304e8

A few NSA.gov.cn addresses too...

aka the chinese National School of Administration

N*A is a very common acronym thanks to National and Administration/Association. There are NSAs all over the place.

A few @nsa.gov.pl addresses, I conclude that the list is probably fake.

Naczelny Sąd Administracyjny

http://www.nsa.gov.pl/

AKA Supreme Administrative Court of Poland. The irony :) https://en.wikipedia.org/wiki/Supreme_Administrative_Court_o...

hahah, yeah that's a good one :)

>> "The Supreme Administrative Court of the Republic of Poland (Polish: Naczelny Sąd Administracyjny) is the court of last resort in administrative cases e.g. those betweens private citizens (or corporations) and administrative bodies. "

You don't know if nsa.gov.pl is a valid domain. You don't know the purpose of that domain or organization.

You need more evidence to believe accurately: http://lesswrong.com/lw/jn/how_much_evidence_does_it_take/

Somebody has a sense of humor: ispy@nsa.gov

I also like the following: root@nsa.gov, admin@nsa.gov, ghost@nsa.gov

How are those passwords encoded?

nsa.gov.cn ? really?

It's the 'China National School of Administration'.