Anonymous claims US military email theft
By Tom Brewster,
Anonymous has claimed another significant strike on an official US body, posting over 90,000 email addresses purportedly of military personnel.
The hacktivist group said it had compromised a server of US Government contractor Booz Allen Hamilton.
“We infiltrated a server on their network that basically had no security measures in place,” Anonymous said in a preamble to its release on The Pirate Bay.
“We were able to run our own application, which turned out to be a shell and began plundering some booty. Most shiny is probably a list of roughly 90,000 military emails and password hashes.”
The hacking crew said it had stolen 4GB of source code, which it subsequently deleted from the server.
“Additionally we found some related datas on different servers we got access to after finding credentials in the Booz Allen System. We added anything which could be interesting,” Anonymous added.
“And last but not least we found maps and keys for various other treasure chests buried on the islands of government agencies, federal contractors and shady whitehat companies. This material surely will keep our blackhat friends busy for a while.”
Senior security advisor at Sophos Canada, Chester Wisniewski, said one big problem for Booz Allen Hamilton was that it stored passwords for the email addresses using only an SHA hash - a cryptographic hash function used as a standard for federal information processing in the US.
“The passwords are not salted, which will likely lead to the majority of the passwords being exposed,” Wisniewski said in a blog post.
“While this should certainly be embarrassing to Booz Allen Hamilton, the real impact is on the US military. These 90,000+ individuals will need to reset their passwords, and ensure any systems that they shared these passwords with are changed.”
On its Twitter feed, Booz Allen Hamilton said: "As part of @BoozAllen security policy, we generally do not comment on specific threats or actions taken against our systems."
After a request for comment, the company did not offer any more than the above tweet.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
What is your password worth?
Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.
- Macs under attack?
- Intel: security inside
- Are you spending too much on IT security?
- Does the government want to snoop on your data?
- Eurocrats versus the cyber criminals
- The truth about spam
- Google and privacy: What’s the problem?
- Q&A: Symantec’s CISO on the source code hack
- RSA: Back from the breach?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- UK regulator shuts down Angry Birds scam
- Apple iPad 3 vs iPad 2 head-to-head review
- IBM bans use of Siri on iPhones
- Chromebooks: What's gone wrong?
- HP plans massive job cuts
- EMC World 2012: Tucci declares Documentum is here to stay
- Dell EqualLogic PS6100XS review
- Macs and Android under malware threat
- RIM loses its head of sales
- Local fibre broadband needs common standards
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
