Hacker group claims defense contractor is developing software for manipulating social networks

Tim Wilson, Editor in Chief, Dark Reading, Contributor

July 13, 2011

2 Min Read

The hacker group Anonymous says it has stolen some 90,000 military email addresses and password hashes from the management firm Booz Allen Hamilton, a major U.S. defense contractor.

"We infiltrated a server on their network that basically had no security measures in place," according to a message posted on thepiratebay.org. "We were able to run our own application, which turned out to be a shell and began plundering some booty."

In addition to the 90,000 email addresses, "we also added the complete sqldump, compressed ~50mb, for a good measure," the group says. Anonymous also claims to have pulled 4 GB of source code from Booz Allen's Apache SVN software revisioning and version control system and "wiped it from their system."

In addition, Anonymous said it "found maps and keys for various other treasure chests buried on the islands of government agencies, federal contractors, and shady whitehat companies. This material surely will keep our blackhat friends busy for a while."

Booz Allen did not make a statement about the alleged breach, but its Twitter account says, "Part of @BoozAllen security policy, we generally do not comment on specific threats or actions taken against our systems."

Anonymous claims Booz Allen is developing "a military project" to manipulate social networks to influence public opinion. The hacker group said it spent four man-hours hacking into the Booz Allen network.

Industry observers say the attack is a good example of the way that third-party suppliers and contractors could be targeted in an effort to reach a more prominent target, such as the U.S. federal government.

"The federal government in taking all the right steps in protecting its information, but they are under attack from all sides," says Joe Gottlieb, president and CEO of SIEM tool vendor SenSage. "The most challenging is that they have to maintain a trust model that spans across their supplier network. This breach is an example of how that can go sideways."

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Tim Wilson, Editor in Chief, Dark Reading

Tim Wilson, Editor in Chief, Dark Reading

Contributor

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers, conducted by the SANS Institute. In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media.

See more from Tim Wilson, Editor in Chief, Dark Reading
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Kuala Lumpur, Malaysia, skyline against the harbor at sunrise
Cyber Risk
Licensed to Bill? Nations Mandate Certification & Licensure of Cybersecurity ProsLicensed to Bill? Nations Mandate Certification of Cybersecurity Pros
byRobert Lemos, Contributing Writer
Apr 23, 2024
4 Min Read
MITRE Corp's logo in blue
Endpoint Security
MITRE ATT&CKED: InfoSec's Most Trusted Name Falls to Ivanti BugsMITRE ATT&CKED: InfoSec's Most Trusted Name Falls to Ivanti Bugs
byNate Nelson, Contributing Writer
Apr 22, 2024
3 Min Read
A toddy cat (Asian palm civet) on a wooden fence, Indonesia
Cyber Risk
ToddyCat APT Is Stealing Data on 'Industrial Scale'ToddyCat APT Is Stealing Data on 'Industrial Scale'
byJai Vijayan, Contributing Writer
Apr 22, 2024
3 Min Read
Reports
More Reports
White Papers
More Whitepapers
Events
More Events