The contractor becomes the latest victim of the AntiSec hacking campaign, which claims it downloaded thousands of military e-mails and password hashes.
The amorphous Anti Security hacking campaign announced July 11 that it has broken into an unsecured server at government contractor Booz Allen Hamilton, copied about 90,000 military e-mails and password hashes, and made them available for downloading.
The announcement gave no details of the exploit used to enter the system, but said, “we infiltrated a server on their network that basically had no security measures in place. We were able to run our own application, which turned out to be a shell and began plundering some booty.”
Continuing in its pirate-themed language, it described other “booty” as “maps and keys for various other treasure chests buried on the islands of government agencies, federal contractors and shady whitehat companies. This material surely will keep our blackhat friends busy for a while.”
LulzSec, Anonymous declare war on government websites
Booz Allen has not commented on the incident, saying only through a spokesman that “we generally do not comment on specific threats or actions taken against our systems.”
The incident is the latest in a list of embarrassing and possibly connected breaches of government and contractor IT systems and Web sites, including the Senate, CIA, the Atlanta chapter of InfraGard and others.
The recent campaign appeared to begin with a group called LulzSec, which eventually announced a collaboration in June with the group Anonymous to launch Operation Anti-Security, saying “we encourage any vessel, large or small, to open fire on any government or agency that crosses their path. We fully endorse the flaunting of the word ‘AntiSec’ on any government website defacement or physical graffiti art. We encourage you to spread the word of AntiSec far and wide, for it will be remembered. To increase efforts, we are now teaming up with the Anonymous collective and all affiliated battleships.”
Shortly afterward, however, LulzSec announced it was disbanding, after one of its alleged members was arrested in England and some other hackers said they were targeting the group.
In its most recent announcement, AntiSec said it also gained access to 4G of source code on a Booz Allen server, “but this was deemed insignificant and a waste of valuable space, so we merely grabbed it, and wiped it from their system.”