Anonymous hackers have broken into a server belonging to consultancy firm Booz Allen Hamilton and published a database containing some 90,000 military e-mail addresses and hashed passwords in what they have named Military Meltdown Monday. The database appears to have come from a system used for tracking training and qualifications of military personnel. The full release also includes some information from another military training system, the Defense Acquisition University.
Unlike the passwords taken from government contractor IRC Federal, the passwords from the Booz Allen system have been hashed using SHA-1. This will make breaking into further systems using the released account information harder—but it's likely that at least some of the passwords will be crackable, and so further damage could follow.
The Anonymous press release that accompanied the databases pokes fun at the company. Unlike HBGary Federal and IRC Federal—both small organizations struggling for revenue—Booz Allen Hamilton is a major defense contractor. It's the 16th largest recipient of federal contractor spending, generating more than $3.7 billion of revenue from the government in 2010. Given this stature, the hackers say that they expected it to be well-defended, but discovered that at least some systems were poorly-secured.
The press release even contained a mock invoice for an "audit" of Booz Allen's security systems. The total bill—$310—includes charges for such things as network auditing and password dumping. Other aspects of the hack, had a zero charge; Anonymous billed nothing for "media and press," on the grounds that "Trolling is our specialty, we provide this service free of charge."
The company's position as a significant defense contractor made it a prime target for action under the AntiSec banner. Booz Allen was also more specifically targeted as a result of the HBGary Federal break-in. After HBGary's Aaron Barr started researching Anonymous, he was contacted by people at law firm Hunton & Williams and subsequently Booz Allen; the Hunton representatives said that they, along with Booz Allen, had been instructed to investigate WikiLeaks by an unnamed client. This client is assumed to be Bank of America. Anonymous issued a warning to companies associated with HBGary Federal to "Expect us." It appears that Booz Allen did not.
Booz Allen has tweeted that it doesn't comment on security issues.
reader comments
115