Anonymous claims US military email theft

The hacktivist group says it took over 90,000 emails from US military personnel.


Anonymous has claimed another significant strike on an official US body, posting over 90,000 email addresses purportedly of military personnel.

The hacktivist group said it had compromised a server of US Government contractor Booz Allen Hamilton.

"We infiltrated a server on their network that basically had no security measures in place," Anonymous said in a preamble to its release on The Pirate Bay.

Advertisement - Article continues below

"We were able to run our own application, which turned out to be a shell and began plundering some booty. Most shiny is probably a list of roughly 90,000 military emails and password hashes."

The hacking crew said it had stolen 4GB of source code, which it subsequently deleted from the server.

"Additionally we found some related datas on different servers we got access to after finding credentials in the Booz Allen System. We added anything which could be interesting," Anonymous added.

"And last but not least we found maps and keys for various other treasure chests buried on the islands of government agencies, federal contractors and shady whitehat companies. This material surely will keep our blackhat friends busy for a while."

Senior security advisor at Sophos Canada, Chester Wisniewski, said one big problem for Booz Allen Hamilton was that it stored passwords for the email addresses using only an SHA hash - a cryptographic hash function used as a standard for federal information processing in the US.

Advertisement - Article continues below
Advertisement - Article continues below

"The passwords are not salted, which will likely lead to the majority of the passwords being exposed," Wisniewski said in a blog post.

"While this should certainly be embarrassing to Booz Allen Hamilton, the real impact is on the US military. These 90,000+ individuals will need to reset their passwords, and ensure any systems that they shared these passwords with are changed."

On its Twitter feed, Booz Allen Hamilton said: "As part of @BoozAllen security policy, we generally do not comment on specific threats or actions taken against our systems."

After a request for comment, the company did not offer any more than the above tweet.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now


ethical hacking

Developer scores $100,000 bounty from Apple for exposing a critical vulnerability

1 Jun 2020

Hackers are wreaking havoc on Google’s Cloud infrastructure

1 Jun 2020

K2View innovates in data management with new encryption patent

28 May 2020

ZLoader malware returns as a coronavirus phishing scam

27 May 2020

Most Popular

network attached storage (NAS)

Western Digital accused of sneaking inferior SMR tech into NAS drives

1 Jun 2020
data breaches

EasyJet faces class-action lawsuit over data breach

26 May 2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020