Hackers flying the AntiSec banner claimed today that they compromised a server at consulting firm Booz Allen Hamilton and have released internal data, including about 90,000 military e-mail addresses.
“We infiltrated a server on their network that basically had no security measures in place. We were able to run our own application, which turned out to be a shell and began plundering some booty,” the hackers wrote in a message on the Pastebin file storage site. “Most shiny is probably a list of roughly 90,000 military emails and password hashes (md5, non-salted of course!). We also added the complete sqldump, compressed ~50mb, for a good measure.”
The hackers also claimed to have grabbed source code, but said it was “insignificant” so they wiped it from the Booz Allen Hamilton system, as well as “maps and keys for various other treasure chests buried on the islands of government agencies, federal contractors and shady whitehat companies. This material surely will keep our blackhat friends busy for a while.”
Booz Allen Hamilton spokespeople did not immediately respond to e-mails and phone messages seeking comment. A representative for the company tweeted this message from the @BoozAllen Twitter account: “As part of @BoozAllen security policy, we generally do not comment on specific threats or actions taken against our system.”
AntiSec, an offshoot of online activist group Anonymous and hackers known as “LulzSec,” had earlier this year hacked into servers owned by information security firm HBGary Federal after the company said it was working with the FBI to unmask the Internet activists. The data revealed from that attack included contact information for HBGary executives, personal and corporate e-mails and log-in credentials for Twitter and other sites. The group also claimed to expose information about undercover operations on behalf of Bank of America to counter WikiLeaks, on behalf of the U.S. Chamber of Commerce to spy on unions, and plans to develop software that would allow for the creation of multiple fake social media profiles to infiltrate discussion groups and manipulate opinion on the sites and discredit people, as well as to match personas online with offline identities.