So I’ve been surfing around this morning and it seems even Brian S. Brown’s twitter account has been compromised.

I’ll tell you something I know about account authentication.

Human nature abhors trying to remember a bunch of different passwords. So what people do is either:

a) Use the same password everywhere
b) Use a munged version of the password by substitution.
c) Or use something so obscure, so impossible to remember normally. But points a & b are used.
d) Password retention policies are weak in most organizations.
e) Even in organizations that enforce password policies, they have to really enforce complete randomization else people will simply change one element of the password and use that as their new password.

What this tells me is that not only were NOM’s social media sites hacked, but that the person or group is running wild inside NOM’s infrastructure.

At this point in the game I’m doubtful that there will be any stunning revelations from NOM’s documentation. We’ve already seen their donors, seen their stunning strategy documents. But expect a dump of private emails, and other sundry of that nature.

And NOM can change all the passwords they want to change, but if the hackers who did this are worth their salt, there are backdoors installed on NOM’s systems.

I knew this would eventually happen. There are a hell of a lot of I.T. type folks who also happen to be LGBT and NOM’s actions get them plenty pissed off about things, pissed off enough to do something about it. And clearly someone or a group has had enough of NOM.