X

Hackers claim they exposed Booz Allen Hamilton data

AntiSec hackers release data on the Booz Allen Hamilton consulting firm that mirrors an attack on HBGary Federal earlier this year.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
2 min read
 
The AntiSec campaign aims to attack government, financial and other high-profile targets.
The AntiSec campaign aims to attack government, financial, and other high-profile targets. AntiSec

Hackers flying the AntiSec banner claimed today that they compromised a server at consulting firm Booz Allen Hamilton and have released internal data, including about 90,000 military e-mail addresses.

"We infiltrated a server on their network that basically had no security measures in place. We were able to run our own application, which turned out to be a shell and began plundering some booty," the hackers wrote in a message on the Pastebin file storage site. "Most shiny is probably a list of roughly 90,000 military emails and password hashes (md5, non-salted of course!). We also added the complete sqldump, compressed ~50mb, for a good measure."

The hackers also claimed to have grabbed source code, but said it was "insignificant" so they wiped it from the Booz Allen Hamilton system, as well as "maps and keys for various other treasure chests buried on the islands of government agencies, federal contractors and shady whitehat companies. This material surely will keep our blackhat friends busy for a while."

Booz Allen Hamilton representatives did not immediately respond to e-mails and phone messages seeking comment. A representative for the company tweeted this message from the @BoozAllen Twitter account: "As part of @BoozAllen security policy, we generally do not comment on specific threats or actions taken against our system."

AntiSec, an offshoot of online activist group Anonymous and hackers known as "LulzSec," had earlier this year hacked into servers owned by information security firm HBGary Federal after the company said it was working with the FBI to unmask the Internet activists. The data revealed from that attack included contact information for HBGary executives, personal and corporate e-mails, and log-in credentials for Twitter and other sites. The group also claimed to expose information about undercover operations on behalf of Bank of America to counter WikiLeaks and on behalf of the U.S. Chamber of Commerce to spy on unions. In addition, the security firm allegedly had plans to develop software that would allow for the creation of multiple fake social media profiles to infiltrate discussion groups and manipulate opinion on the sites and discredit people, as well as to match personas online with offline identities.

Security firm and government contractor "HBGary Federal was just one of several companies involved in proposing software solutions for this project. Another company involved was Booz Allen Hamilton," the AntiSec statement alleges. "Anonymous has been investigating them for some time, and has uncovered all sorts of other shady practices by the company, including potentially illegal surveillance systems, corruption between company and government officials, warrantless wiretapping, and several other questionable surveillance projects."

AntiSec also includes an "invoice for our audit of your security systems," for a total of $310, for four hours of work.