/// Defense Contactor Booz Allen is Latest Target for Hacker Group Anonymous

July 13, 2011  |  All Things Digital


The latest target for the hackers formerly known as LulzSec , is the US Defense contractor Booz Allen Hamilton. Yesterday, Booz Allen confirmed that its network had been attacked. On Monday, the hacker group Anonymous, announced that it had penetrated Booz Allen’s network and posted to the file sharing site The Pirate Bay , a file containing some 90,000 email addresses of military personnel plus “password hashes.” A hash is generally an encrypted version of a password, one that can’t be easily reversed to obtain the actual password. AnonymousIRC, is the new name for the gang that used to call itself LulzSec. By working under the flag of Anonymous, the former LulzSec hackers, who gained notoriety for repeated attacks against Sony , are associating themselves with the amorphous group that has variously harassed such targets as the The Church of Scientology, PayPal, and the credit card companies . The group is promising at least two more data dumps this week. Booz Allen downplayed the incident saying in a statement that “at this time, we do not believe that the attack extended beyond data pertaining to a learning management system for a government agency.” A Learning Management System, or LMS, is used to track the training of workers on the job, and its a something Booz Allen helps the federal government with regularly. For instance it works with federal Office of Personnel Management to help federal agencies with on-the-job training . As computer security breaches go, this one probably rates fairly low on the severity scale. It’s not clear from Booz Allen’s statement what the system was used for or whether it was connected to any sensitive government work. The larger concern is that military personnel whose addresses have been published in the file will next be targeted for attack via spearphishing, a method where a legitimate-looking email messages are sent to the target containing attachments that look routine, but are really malware that can capture a password. If they know what’s good for them, the folks whose addresses were leaked have changed their passwords and will carefully scrutinize email messages that contain attachments. There is however a pretty good chance that many of the addresses publicized are out of date. Mililtary personnel move around a lot, and their email addresses often change when they move from one facility to another. By chance I saw this message on Twitter from Phillip Stewart, who’s serving in the US Air Force: Ha! I just noticed my old Schriever.af.mil email is in the list, but I left Schriever a year ago. @ egulley316 @ AnonymousIRC #AntiSec about 19 hours ago via web Reply Retweet Favorite @pmsyyz Phillip Stewart Booz Allen shares dipped a bit on the news, falling to $18.95 on Monday from its Friday closing price of $19.39, but the shares recovered Tuesday to $19.54

Excerpt from:
Defense Contactor Booz Allen is Latest Target for Hacker Group Anonymous



Leave a Reply