While doing some Googling on the subject of Diplomatic Leaks for a forthcoming article, I found this:

Have you ever wanted to spy on a foreign government?  The DEranged Security website published the addresses and passwords of 100 email accounts from embassies and governments around the world.  Those nations involved include:

  • Indian Embassy in Sweden
  • Russian Embassy in Sweden
  • Kazakhstan Embassy in Russia
  • Iran Ministry of Foreign Affairs
  • Kazakhstan Embassy in Italy
  • Mongolian Embassy in USA
  • UK Visa Application Centre in Nepal
  • China Civil Human Right Front
  • Defence Research & Development Organisation Govt. Of India, Ministry of Defense

Here’s more on this bad diplomatic password hygiene:

The information, to no one’s surprise, reveals some pretty bad password hygiene. The password for the exposed Iranian embassy accounts, for example, is the name of the country in which the embassy resides or the name of a city. The user name of those accounts is a variation of the same city or country name used for the password.

Passwords for accounts used by the Hong Kong Liberal Party include "123456" and "12345678". Some of the workers in Indian embassies use "1234," and the password for the India Ministry of Defence account is "password+1". Workers in the Mongolian embassy in the U.S. were just as lazy; their password is "temp."

Egerstad says he has at least 900 more e-mail addresses and passwords he could expose (and no doubt even more than this if he spent the time looking for them). He says he obtained the data not by hacking any computers or servers but through a man-in-the-middle attack involving sniffing unencrypted data that’s broadcasting the password and log-in information for e-mail accounts. He’s remaining tight-lipped about most of the details…

Most if not all well publicised diplomatic ‘leaks’ come not from hackers but from people pushing material out for their own reasons.

Still, it does not seem too difficult for a skilled computerperson to disembowel a passing diplomatic Inbox and remove the juicy bits for wider appreciation?