Anonymous is at it once again, this time releasing 90,000 military email accounts. The hacking collective recently broke into consulting firm Booz Allen Hamilton and the email accounts obtained in that raid were released today, to the wilds of the internet. Booz Allen Hamilton’s most notable customer is the Pentagon, thus the email accounts and various correspondences were sitting on their servers just waiting for Anonymous to go after them.
The leak was named by Anonymous to be, “Military Meltdown Monday,” and it contained military logins for a variety of government agencies including SOCOM, the Marine Corps, various Air Force facilities, Homeland Security, State Department staff, US CENTCOM, and likely some other private consulting firms Booz Allen had teamed up with in the past. Along with the accounts came 4 GB of source code from Booz Allen’s servers.
So, why exactly did Anonymous target Booz Allen? The group cites Booz Allen’s alleged involvement with a financial monitoring program called SWIFT as a reason for this attack.
Along with the email accounts came a fairly lengthy letter from Anonymous, detailing a number of facts about Booz Allen Hamilton, including information about key personnel at the firm. The release also has a fake bill attached at the end, which assigns a monetary rate for the work done to hack the server. It seems this was a cheap hack because there was, “No security in place, no effort for intrusion needed.” One would think after hacks occurred on HBGary, Lockheed Martin, and L3, Booz Allen would have made sure their systems were locked down.
There was another interesting piece of this release indicating other information could be gleaned from the attack on Booz Allen. Anonymous cryptically described it by saying,
“Additionally we found some related datas on different servers we got access to after finding credentials in the Booz Allen System. We added anything which could be interesting.
And last but not least we found maps and keys for various other treasure chests buried on the islands of government agencies, federal contractors and shady whitehat companies. This material surely will keep our blackhat friends busy for a while.”
What other information Anonymous manages to get out of this attack remains to be seen. One would hope that after yet another attack on a consulting firm that does work for the government, everyone will make an attempt to put some better security in place on their servers.