Hackers broke into Booz Allen's computer systems and took some 4 gigabytes of source code and stole 90,000 email addresses, according to Reuters. The news agency also reported that the hackers were only able to get encrypted versions of the email passwords.
Information Week reported that alleged 'hacktivist' group AntiSec posted the 90,000 military email addresses and passwords from Booz Allen on the Pirate Bay calling the hack Military Meltdown Monday: Mangling Booz Allen Hamilton.
The group is a spinoff from the Anonymous and now-defunct LulzSec hacker team, Information Week reported.
In the post, the hackers started by giving a synopsis of Booz Allen's core duties, which includes work in defense and matters of homeland security.
So in this line of work you'd expect them to sail the seven proxseas with a state- of-the-art battleship, right? the hackers' posted about Monday's hack. Well you may be as surprised as we were when we found their vessel being a puny wooden barge.
The hackers said they penetrated a server on Booz Allen's network that allegedly hadn't any security in place.
We were able to run our own application, which turned out to be a shell and began plundering some booty. Most shiny is probably a list of roughly 90,000 military emails and password hashes (md5, non-salted of course!), they continued, also alleging they found maps and keys for various other treasure chests buried on the islands of government agencies, federal contractors and shady whitehat companies. This material surely will keep our blackhat friends busy for a while.
This isn't the first time such hacking occurred.
The Reuters article stated that Monday's hack is similar to network break-ins targeted at Sony Corp., the U.S. Senate, Arizona police and an FBI affiliate. Reuters further reported that the group Anonymous announced the attack via Twitter, saying it is part of a campaign to expose government and corporate failure to secure computer networks.
Booz Allen declined to speak about the hack and told Reuters that we generally do not comment on specific threats or actions taken against our systems.
Last month, Gizmodo reproted that alleged hacker group LulzSec claimed responsibility for the infiltration into Sony Pictures Entertainment's websites and posted a statement.
From a single injection, we accessed EVERYTHING, said LulzSec. Why do you put such faith in a company that allows itself to become open to these simple attacks?
What's worse is that every bit of data we took wasn't encrypted...Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it, LulzSec added.
That hack added pressure on Sony's woes in minimizing damages from Aprils cyber attack that compromised 77 million of their PlayStation Network customers. LulzSec claimed to have collected birth dates, street addresses, and unencrypted passwords, then publishing 50,000 users' information online. The hack also raised questions about Sony's full effort in keeping data secure.
Investigators have said they are looking into the validity of the hacker's statement whether the data was encrypted or not. Though some may say with enough effort, hackers would be able to compromise the information even with an encryption.
The string of cyber hacks on major companies brought attention toward the responsibilities needed for IT security of sensitive data. The U.S. Department of Defense and FBI got involved after the Google hack involving Gmail accounts being compromised.