On Monday morning “hacktivist” group Anonymous promised that it would be releasing results of an attack it made on the intelligence community compromised of government agencies around the world like the CIA or Mi6 in the United Kingdom and the companies that support them.
The first wave of results have just been released, (Pirate Bay link) which Anonymous is calling #MilitaryMeltdownMonday. Anonymous targeted consulting firm Booz Allen Hamilton that often works the with U.S. Department of Defense and National Security Administration and gained access to 90,000 military emails, four gigabytes of source code (which was erased from the Booz Allen Hamilton servers) along with login credentials and other sources of information that Anonymous can hack along the intelligence community’s digital infrastructure. What did Anonymous find in Boox Allen Hamilton’s servers and how damaging could be it be to American homeland security?
Keeping with the previous themes of ships (Lulz Security called itself the Lulz Boat), Anonymous calls Booz Allen Hamilton a wooden barge with no security at all. Here is how Anonymous described the attack on Booz Allen Hamiliton:
“We infiltrated a server on their network that basically had no security measures in place,” Anonymous wrote. “We were able to run our own application, which turned out to be a shell and began plundering some booty. Most shiny is probably a list of roughly 90,000 military emails and password hashes (md5, non-salted of course!). We also added the complete sqldump, compressed ~50mb, for a good measure.”
So, according to Anonymous, Booz Allen Hamilton had a least one server in its infrastructure that was insecure and contained sensitive information about the company’s dealing with the DoD and NSA. Anonymous is posting the results of its attack on sites like The Pirate bay and MirrorCreator.
In terms of what Anonymous found in the Booz Allen Hamilton servers, there are certainly items that will get people fired. One of the bigger items is Boox Allen Hamilton’s association with security company HBGary. Booz Allen Hamilton and HBGary Federal proposed software for a sophisticated program (dubbed Metal Gear by Anonymous) that would allow security teams to control “sock puppet” online identities in social media spheres that would attempt to steer conversation about certain topics. One way or another because of this program, Anonymous claims that all U.S. military personnel will now have to change their passwords.
“And thanks to the gross incompetence at Booz Allen
Hamilton probably all military [p]ersonnel of the U.S. will now have to change their passwords,” Anonymous wrote.