Hacktivist collective Anonymous tweeted Monday morning that they will be releasing “shiny things” uncovered from an attack against the intelligence community. They unloaded the first batch via Pirate Bay, during an operation the subgroup is calling #MilitaryMeltdownMonday and did so under the AntiSec flag. The injured party this time is Booz Allen Hamilton, a consulting firm that works with the US Department of Defense (DoD) and Nation Security Administration (NSA). Over 90,000 military emails were compromised on top of expunging four gigabytes of source code.
“We infiltrated a server on their network that basically had no security measures in place,” Anonymous wrote. “We were able to run our own application, which turned out to be a shell and began plundering some booty. Most shiny is probably a list of roughly 90,000 military emails and password hashes (md5, non-salted of course!). We also added the complete sqldump, compressed ~50mb, for a good measure.”
In other words, Booz Allen Hamilton’s infrastructure server containing sensitive information was left unprotected and such revealing its business with DoD and NSA. One of the rather disturbing revelations from the spree was Booz Allen Hamilton’s interaction with HBGary, which centers on a proposed software that would allow security teams to take over online identities in social media to coxswain certain topics in favor of the government (part of a social media astroturfing concept called “persona management”). Dubbed as Metal Gear, Anonymous chuckles by the fact that US military personnel will have to change their passwords to avoid becoming the government’s “sock puppets.”
You would think the words “Expect Us” would have been enough to prevent another
epic security fail, wouldn’t you?Well, you’d be wrong. And thanks to the gross incompetence at Booz Allen
Hamilton probably all military mersonnel of the U.S. will now have to change
their passwords.Let it flow!
Booz Allen Hamilton have released no statement confirming or denying the intrusion into their system. When asked, a representative tweeted that it is their general policy to “not comment on specific threats or actions taken against our system.”
A prior primitive AntiSec intrusion initiated by Anonymous occurred at IRC Federal, an FBI-affiliated website. Not only did they steal and leak sensitive internal documents, they also defaced the site.
But to be fair, not all hackers are crude and artless. One such example is the intrusion to the Lochkeed Martin Network, the largest defense contractor in the US. The disruption was associated with compromised RSA SecurID tokens, casuing them to shut their network. The same thing happened to Northop Grumman, which also forced them to shut off remote access to its network without warning.
Months ago, Anonymous also targeted HBGary, which led them to cancel their talks at the RSA 2011. “‘Anonymous’ illegally broke into computer systems and stole proprietary and confidential information from HBGary, Inc. This breach was in violation of federal and state laws, and stolen information was publicly released without our consent,” according to an HBGary statement. “In an effort to protect our employees, customers and the RSA Conference community, HBGary has decided to remove our booth and cancel all talks,” they added.
[...] targeting agencies that are involved in national security work for the federal government, marking Booz Allen Hamilton and IRC Federal as the latest casualties. In the letter addressed to the senate leaders, McCain [...]
[...] against FBI affiliates using primitive scriptkiddie antics such as AntiSec hacks of IRC Federal and Anonymous leaks from Booz Allen Hamilton, a grim picture is painted of the security of systems external to the Department of Defense and [...]
[...] may be applauded for its bravery to stand up against a group that has been causing so much chaos in the IT realm, but shouldn’t they be scared? The AnonPlus webpage looks like a threat, but [...]
[...] as documents from AZDPS, and break-ins at numerous FBI-affiliated websites, such as IRC Federal and Booz Hamilton Allen. In actuality, these are all separate events, following a copycat pattern and a legacy left behind [...]
[...] there’s the leaks of over 90,000 emails from Booz Allen Hamilton, a consulting firm that works with the US Department of Defense (DoD) and the National Security [...]
[...] collective and the AntiSec movement have hit affiliates with the FBI such as IRC Federal and defense contractors such as Booz Allen Hamilton using extremely primitive break-in techniques. Showing how poor their security [...]
[...] the hit on InfraGard by LulzSec, but AntiSec leaked data from IRC Federal, and the rolled onto leak 90,000 e-mails from Booz Allen Hamilton. While not related to the whimsical behavior of AntiSec, LulzSec, or Anonymous, the Pentagon even [...]
[...] the hit on InfraGard by LulzSec, but AntiSec leaked data from IRC Federal, and the rolled onto leak 90,000 e-mails from Booz Allen Hamilton. While not related to the whimsical behavior of AntiSec, LulzSec, or Anonymous, the Pentagon even [...]
[...] The United States itself has become a broad target for hackers aiming for defense information, and even the Pentagon has fallen prey to a sophisticated spear-phishing attack that involved many documents were stolen. US defense contractors have become prime targets and, mostly due to both lax security, have also been the butts of strikes by Anonymous, LulzSec, and AntiSec as in the case IRC-Federal, Vanguard, and Booz Allen Hamilton. [...]