IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Anonymous claims US military email theft

The hacktivist group says it took over 90,000 emails from US military personnel.

Hacker

Anonymous has claimed another significant strike on an official US body, posting over 90,000 email addresses purportedly of military personnel.

The hacktivist group said it had compromised a server of US Government contractor Booz Allen Hamilton.

"We infiltrated a server on their network that basically had no security measures in place," Anonymous said in a preamble to its release on The Pirate Bay.

"We were able to run our own application, which turned out to be a shell and began plundering some booty. Most shiny is probably a list of roughly 90,000 military emails and password hashes."

The hacking crew said it had stolen 4GB of source code, which it subsequently deleted from the server.

"Additionally we found some related datas on different servers we got access to after finding credentials in the Booz Allen System. We added anything which could be interesting," Anonymous added.

"And last but not least we found maps and keys for various other treasure chests buried on the islands of government agencies, federal contractors and shady whitehat companies. This material surely will keep our blackhat friends busy for a while."

Senior security advisor at Sophos Canada, Chester Wisniewski, said one big problem for Booz Allen Hamilton was that it stored passwords for the email addresses using only an SHA hash - a cryptographic hash function used as a standard for federal information processing in the US.

"The passwords are not salted, which will likely lead to the majority of the passwords being exposed," Wisniewski said in a blog post.

"While this should certainly be embarrassing to Booz Allen Hamilton, the real impact is on the US military. These 90,000+ individuals will need to reset their passwords, and ensure any systems that they shared these passwords with are changed."

On its Twitter feed, Booz Allen Hamilton said: "As part of @BoozAllen security policy, we generally do not comment on specific threats or actions taken against our systems."

After a request for comment, the company did not offer any more than the above tweet.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Carnival hit with $5 million fine over cyber security violations
cyber security

Carnival hit with $5 million fine over cyber security violations

27 Jun 2022
Costa Rica declares state of emergency following Conti ransomware attack
ransomware

Costa Rica declares state of emergency following Conti ransomware attack

10 May 2022
LinkedIn to pay $1.8 million to employees after settling gender discrimination charges
Careers & training

LinkedIn to pay $1.8 million to employees after settling gender discrimination charges

4 May 2022
AWS’ Amplify Studio is now generally available 
Development

AWS’ Amplify Studio is now generally available 

22 Apr 2022

Most Popular

Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022