CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
July 12th, 2011

U.S. Military Contractor Booz Allen Hamilton Hacked, Emails And Sensitive Data Exposed

Hackers affiliated with the Anonymous collective and its Antisec campaign have hacked into computer systems belonging to U.S. military contractor Booz Allen Hamilton and leaked sensitive data found inside.

The hackers described the attack in the description of a torrent posted on ThePirateBay which also contains a list of 90,000 email addresses belonging to military personnel together with crackable password hashes.

“We infiltrated a server on their network that basically had no security measures in place. We were able to run our own application, which turned out to be a shell and began plundering some booty,” the hackers write.

In addition to the email addresses, the attackers also included an sql dump of the database and additional data found on other internal servers they were able to access.

Four gigabytes of source code were allegedly copied from the company’s svn server and its contents were wiped clean afterwards. The code is not included in the torrent.

Booz Allen Hamilton declined to comment. “As part of @BoozAllen security policy, we generally do not comment on specific threats or actions taken against our systems,” the company wrote on Twitter.

The hackers claim that the compromise provided them with the access keys for other government related targets which they plan to hit in the future.

The security breach and data leak raise serious concerns because of the nature of the information involved. First of all, it’s not probably average soldiers who have accounts with Booz Allen Hamilton, but ranking officers, particularly those dealing with intelligence.

The fact that hashes were generated with the SHA1 algorithm and are not salted makes them susceptible to brute force cracking attempts, especially if the original passwords were not strong to begin with.

But even if the access codes don’t get cracked or if they weren’t used anywhere else except Booz Allen Hamilton, there is still the risk of targeted email attacks.

Credit: Softpedia.com News

Share this item with others:

More on CyberInsecure:
  • Investment Firm Clients Personal Data Exposed Over P2P Networks
  • US Government Contractor ManTech Hacked, Confidential Documents Stolen And Posted Online
  • Web Security Provider Barracuda Networks Attacked, Sensitive Data Exposed
  • Patients Personal Data Compromised In Walter Reed Army Medical Center
  • “HBGary Federal” Security Firm Compromised By Anonymous, Confidential Data, 60000 Emails Exposed

    • Posted in Breaches And Incidents, Data Theft, Hacked, Targeted Attacks | Print This Post Print This Post

    This entry was posted on Tuesday, July 12th, 2011 at 3:58 am and is filed under Breaches And Incidents, Data Theft, Hacked, Targeted Attacks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: U.S. Military Contractor Booz Allen Hamilton Hacked, Emails And Sensitive Data Exposed

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »