Hackers from Anonymous Claim Booz Allen Hamilton Raided, 90,000 Military Emails Released
BY Becky Kazansky | Monday, July 11 2011
On a day flooded with news of hacks and hacking, #Antisec, a faction of the larger Anonymous collective that exposes and exploits weak cybersecurity measures, announced that it had released account names and password information for 90,000 military email addresses, among other data swiped from an electronic attack against the government contractor Booz Allen Hamilton.
The vessel the large consulting firm uses to "sail the seven proxseas," #Antisec wrote, was "a puny wooden barge." The password information was what are called unsalted md5 hashes of the passwords — which means that the passwords are encrypted, but not, for lack of any other simple way to put it, encrypted again, which makes them less secure. Md5 is an encryption algorithm that is known to be insecure, given an attack with enough computing power behind it. All this put together implies that anyone who wants one bad enough could realistically decrypt one of those passwords. Sometimes, that's not even necessary to put it to nefarious purposes.
The group claims they've also managed to access and delete four gigabytes of source code stored on Booz Allen Hamilton's internal subversion server. Subversion is used to manage incremental updates to software, like the code that powers a website or a program being developed by a team at a software company.
Andy Greenberg over at Forbes writes there's no word yet from Booz Allen Hamilton on the breach, although the company said through its official Twitter handle that its policy is to not comment on security issues. More here.
It's worth noting that another connotation of "Anti-security" is the practice of exposing the security flaws of people who make their living as Internet security consultants, specifically — a hobby of some hackers that goes back quite a while. This current campaign, according to its participants, is broader in scope, including governments.
Nick Judd edited and contributed to this item.