Anonymous Hacks Booz Allen Hamilton, Nabs Info on 90,000 U.S. Military

The loose hacking collective known as Anonymous resumed its campaign against the U.S. government and companies that do business with it on Monday, releasing a trove of documents from government contractor Booz Allen Hamilton. 

Booz Allen HamiltonThe loose hacking collective known as Anonymous resumed its campaign against the U.S. government and companies that do business with it on Monday, releasing a trove of documents from government contractor Booz Allen Hamilton. 

The release of data, believed to be stolen from systems belonging to the giant consulting firm agency was telegraphed Monday using a post on one of the group’s Twitter accounts, @ANONYMOUSIRC. The release, in the form of 190 megabytes of data, distributed as a Bittorrent file occured some two hours later. Among the data distributed were files containing the personal and official e-mail addresses and passwords of an estimated 90,000 of U.S. military personnel. The hack was the latest in a campaign dubbed “Antisec” against private sector firms and the U.S. government, which Anonymous alleges is corrupt.

The e-mail data that was released on the Wikisend file sharing Web site and contains the addresses and hashed passwords of U.S. military personnel from across the different branches of the military. The exact source of the hack and the data dump is unknown. However, a Twitter account associated with the group Anonymous warned of the coming release Monday morning, posting, just before 13:00 Eastern Time: “We’ve got some shiny things to start of your week with some Lulz. Stay tuned for a nice release in the next 2 hours. #AntiSec.” Around the same time, the account of a LulzSec and Anonymous leader who goes by the handle “Sabu” was updated to read “IT’S COMING! GET READY. INTELLIGENCE COMMUNITY BRACE YOURSELVES.” Approximately two hours later, the account posted a links to the leaked e-mail data and separate Torrents containing other files and claiming Booz Allen Hamilton as the source of the information.

The latest hacks come in the wake of the apparent “dissolution” of the Anonymous splinter group LulzSec, which was behind a string of high profile attacks beginning in April. That group claimed to have disbanded after 50 days of activity. However, it appears that the core leadership of LulzSec have merely folded back into the larger Anonymous organization and carried on attacks in that group’s name.

The hacks, including the most recent attack on IRC Federal and an earlier attack on HB Gary, reveal the extent to which government contractors can be targets of attack, and an avenue to obtaining sensitive government plans and documents. Anonymous reportedly breached IRC’s Webs site using a SQL injection attack, and other means to compromise e-mail and file servers at the organization.

Other attacks, also attributed to the nebulous #Antisec campaign, include hacks of the German Federal Police, the Greek Parliament and Turkish government Web sites.

Suggested articles

Discussion

  • Anonymous on

    Sounds like an act of war to me, Queue up some bunker busters.

  • Anonymous on

    All these stories would read very differently if the press would do a little more than apply qualifiers like "loose" and "nebulous" to express the very apparent fact that Anonymous is not an organization. "We are everyone. We are no one." speaks volumes of poetry, and that's all Anonymous is:

    A poem. A movie. A parable. That people can have power without an organization or a military or a flag, the use of images from scenes in "V For Vendetta," that anonymity cannot exist if you can be singled out or identified or rounded up, are all ideas that express one thing quite clearly: that the masses of the public do have their own power with which to counter the powers of the well connected and corrupt.

    That the media is taking the notion of Anonymous as an organization seriously is only evidence that reporters only repeat what the US government tells them is the truth.

    Also, @OP: I don't think SQLinjecting another weak USG contractor is evidence that LulzSec is still around. Though it's an assumption I believe to be true, I don't believe it's deductive reasoning or journalism.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.