AntiSec hackers claim theft of military e-mails from Booz Allen

The amorphous Anti Security hacking campaign announced July 11 that it has broken into an unsecured server at government contractor Booz Allen Hamilton, copied about 90,000 military e-mails and password hashes, and made them available for downloading.

The announcement gave no details of the exploit used to enter the system, but said, “we infiltrated a server on their network that basically had no security measures in place. We were able to run our own application, which turned out to be a shell and began plundering some booty.”

Continuing in its pirate-themed language, it described other “booty” as “maps and keys for various other treasure chests buried on the islands of government agencies, federal contractors and shady whitehat companies. This material surely will keep our blackhat friends busy for a while.”

Related coverage:

LulzSec, Anonymous declare war on government websites

LulzSec: Not Robin Hood, more like Bonnie and Clyde

Booz Allen has not commented on the incident, saying only through a spokesman that “we generally do not comment on specific threats or actions taken against our systems.”

The incident is the latest in a list of embarrassing and possibly connected breaches of government and contractor IT systems and Web sites, including the Senate, CIA, the Atlanta chapter of InfraGard and others.

The recent campaign appeared to begin with a group called LulzSec, which eventually announced a collaboration in June with the group Anonymous to launch Operation Anti-Security, saying “we encourage any vessel, large or small, to open fire on any government or agency that crosses their path. We fully endorse the flaunting of the word ‘AntiSec’ on any government website defacement or physical graffiti art. We encourage you to spread the word of AntiSec far and wide, for it will be remembered. To increase efforts, we are now teaming up with the Anonymous collective and all affiliated battleships.”

Shortly afterward, however, LulzSec announced it was disbanding, after one of its alleged members was arrested in England and some other hackers said they were targeting the group.

In its most recent announcement, AntiSec said it also gained access to 4G of source code on a Booz Allen server, “but this was deemed insignificant and a waste of valuable space, so we merely grabbed it, and wiped it from their system.”

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Wed, Jul 13, 2011

This whole cyber thing is a decoy and child's play. Focus on traditional kinetic force and modernization.

Tue, Jul 12, 2011 dazzlepod

For military personnel to check if your account was leaked,

Tue, Jul 12, 2011 Angry

These people are merely terrorists without guns. the mere thought that a server someplace can be deliberately hacked to reveal individuals private data makes them no better than the armed thugs waging their unholy war on civilization. the parrallels are there, disrespect and animosity for anyne not agreeing with their particular views, attacking at will...none of this absolves the targeted systems from their responsibility to protect the data stolen. but to deliberately expose data STOLEN is a crime that must be dealt with. It has gone beyond juvenile pranks, it is a serious issue and they should be subject to justice.

Tue, Jul 12, 2011 The Observer

This is where the U.N. should earn their money and derail the cyber-terrorists.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group