Anonymous reveals 90k military email and password combos in the name of #Antisec
Black hat security group Anonymous has exposed 90,000 military email addresses stored on servers from consulting firm and U.S. government contractor Booz Allen Hamilton. The hacker group said the breach was done to expose the corruption of government and related corporate entities.
Booz Allen Hamilton deals with all branches of the armed services as well as the defense and intelligence communities of the U.S. Government. It claims to provide, among other things, "strategy and technology solutions that help deter 21st century threats and meet complex mission requirements."
Anonymous claims the company's security on the exposed server was laughable.
"In this line of work you'd expect them to sail the seven proxseas with a state- of-the-art battleship, right? Well you may be as surprised as we were when we found their vessel being a puny wooden barge," the hacker group posted on its Pirate Bay torrent.
After getting through a server that "basically had no security measures in place," Anonymous obtained some 90,000 military emails and their password hashes. The group initially said these hashes were md5, but then corrected themselves and said they are actually BASE64(sha1(password)); and that "some other hashes may be mixed in."
It also obtained a complete dump of Booz Allen Hamilton's SQL database, and then accessed the server's version control, swiped the source code, and deleted it from the company's servers.
Among all of this, the group says it has uncovered materials that can serve as gateways to other government agencies, contractors, and "shady whitehat companies."
Along with the publicly available torrent of email addresses and password hashes, Anonymous included a list of "Booz Allen Hamilton key facts," which are something of a rationalization of the hack.
One of the main reasons the hacker group targeted Booz Allen Hamilton is its interest in something Anonymous termed "Operation Metal Gear," an unnamed military project the group first discovered in its hack of security company HBGary.
The group says HBGary Federal and Booz Allen Hamilton both proposed software solutions to the military for artificially manipulating social media, polls, forums, and discussion groups to change the way "public opinion" appeared online.
"Anonymous has been investigating them for some time, and has uncovered all sorts of other shady practices by the company, including potentially illegal surveillance systems, corruption between company and government officials, warrantless wiretapping, and several other questionable surveillance projects," the group wrote. "All of this, of course, taking place behind closed doors, free from any public knowledge or scrutiny."
The way that the email information of tens of thousands of military personnel could be important to this goal, however, was not mentioned.