Sam Biddle reports:
Booz Allen Hamilton is a massive American consulting firm that does a substantial amount of work for the Pentagon. This means they’ve got a lot of military business on their servers—which Anonymous hacked. Today they’ve leaked it.
The leak, dubbed ‘Military Meltdown Monday,’ includes 90,000 logins of military personnel—including personnel from US CENTCOM, SOCOM, the Marine Corps, various Air Force facilities, Homeland Security, State Department staff, and what looks like private sector contractors. Their correspondences could include exchanges with Booz Allen’s highly brassy staff of retired defense folk: current execs include three former Directors of National Intelligence and one former head of the CIA. Anon was also kind enough to gut 4 GB of source code from Booz Allen’s servers. Anon cites the firm’s alleged complicity in the SWIFT financial monitoring program as at least partial motive for the attack.
Read more on Gizmodo.
Over on ReadWriteWeb, Dan Rowinski writes:
In terms of what Anonymous found in the Booz Allen Hamilton servers, there are certainly items that will get people fired. One of the bigger items is Boox Allen Hamilton’s association with security company HBGary. Booz Allen Hamilton and HBGary Federal proposed software for a sophisticated program (dubbed Metal Gear by Anonymous) that would allow security teams to control “sock puppet” online identities in social media spheres that would attempt to steer conversation about certain topics. One way or another because of this program, Anonymous claims that all U.S. military personnel will now have to change their passwords.
“And thanks to the gross incompetence at Booz Allen Hamilton probably all military [p]ersonnel of the U.S. will now have to change their passwords,” Anonymous wrote.
Update July 12: BAH has issued the following statement:
McLean, VA—Booz Allen Hamilton has confirmed today that the posting of certain data files on the Internet yesterday was the result of an illegal attack. We are conducting a full review of the nature and extent of the attack. At this time, we do not believe that the attack extended beyond data pertaining to a learning management system for a government agency.
Our policy and security practice is generally not to comment on such matters; however, given the publicity about this event, we believe it is important to set out our preliminary understanding of the facts. We are communicating with our clients and analyzing the nature of this attack and the data files affected. We maintain our commitment to protect our clients and our firm from illegal thefts of information.