They're back. If you think the combined forces of a former NSA Director, a former National Intelligence Director, and the head of the CIA would have excellent security in place, then you'd be wrong. Anonymous AntiSec hackers have struck again. This time they targeted a massive defense contractor with that impressive roster of key personnel in what AntiSec hackers dubbed, "Military Meltdown Monday!" The newest leak both mangled Booz Allen Hamilton and "pwned" the defense contractor for about 90,000 military email addresses and passwords.
Gizmodo took a quick look and reported that the logins and passwords included "personnel from US CENTCOM, SOCOM, the Marine Corps, various Air Force facilities, Homeland Security, State Department staff, and what looks like private sector contractors."
The AntiSec release on The Pirate Bay, and mirrored countless other places, states:
So in this line of work you'd expect them to sail the seven proxseas with a state- of-the-art battleship, right? Well you may be as surprised as we were when we found their vessel being a puny wooden barge.
We infiltrated a server on their network that basically had no security measures in place. We were able to run our own application, which turned out to be a shell and began plundering some booty. Most shiny is probably a list of roughly 90,000 military emails and password hashes (md5, non-salted of course!). We also added the complete sqldump, compressed ~50mb, for a good measure.
We also were able to access their svn, grabbing 4gb of source code. But this was deemed insignificant and a waste of valuable space, so we merely grabbed it, and wiped it from their system.
The Anonymous attackers hinted at "maps" and "keys" to other government agencies' "treasure chests." There are also links which show some of the ties Booz Allen Hamilton has with government agencies like Homeland Security. Additional insult to injury included AntiSec invoicing the infiltrated defense contractor for $310 worth of security audit services rendered.
In a tweet, @AnonymousIRC told Booz Allen that they would accept bitcoin payments. Yet another tweet by @AnonymousIRC warned that their prices might be misleading. "Hourly rates dramatically increase if we are not provided with Lulz."
Via Twitter, @BoozAllen declined to comment on "specific threats or actions taken against our systems."
Anonymous tangled with Booz Allen once before when the hacking group dumped about 71,000 emails from HBGary Federal. That's back when Aaron Barr must have decided he hated his job and no longer wanted to work for the cybersecurity firm. Barr had claimed that he was going public to reveal the IRL identities of "leaders" among the Anonymous hacking collective. Those leaked emails showed that Booz Allen Hamilton had worked with HBGary to help a trembling Bank of America which feared a dump of their internal documents by WikiLeaks.
AntiSec hackers said in a statement, "You would think the words Expect Us' would have been enough to prevent another epic security fail, wouldn't you? Well, you'd be wrong. And thanks to the gross incompetence at Booz Allen Hamilton probably all military mersonnel of the U.S. will now have to change their passwords."
Another huge ouch courtesy of AntiSec hackers. Wham! Bam! Thank 'ya, ma'am.