Military Meltdown Monday: 90,000 military email profiles released by AntiSec
Today we want to turn our attention to Booz Allen Hamilton, whose core business
is contractual work completed on behalf of the US federal government, foremost
on defense and homeland security matters, and limited engagements of foreign
governments specific to U.S. military assistance programs.
So in this line of work you'd expect them to sail the seven proxseas with a
state- of-the-art battleship, right? Well you may be as surprised as we were
when we found their vessel being a puny wooden barge.
We infiltrated a server on their network that basically had no security
measures in place. We were able to run our own application, which turned out to
be a shell and began plundering some booty. Most shiny is probably a list of
roughly 90,000 military emails and password hashes (md5, non-salted of course!).
We also added the complete sqldump, compressed ~50mb, for a good measure.
We also were able to access their svn, grabbing 4gb of source code. But this
was deemed insignificant and a waste of valuable space, so we merely grabbed
it, and wiped it from their system.
Additionally we found some related datas on different servers we got access to
after finding credentials in the Booz Allen System. We added anything which
could be interesting.
And last but not least we found maps and keys for various other treasure chests
buried on the islands of government agencies, federal contractors and shady
whitehat companies. This material surely will keep our blackhat friends busy
for a while.
A shoutout to all friendly vessels: Always remember, let it flow!
Enclosed is the invoice for our audit of your security systems, as well as the
4 hours of man power: $40.00
Network auditing: $35.00
Web-app auditing: $35.00
Network infiltration*: $0.00
Password and SQL dumping**: $200.00
Decryption of data***: $0.00
Media and press****: $0.00
Total bill: $310.00
*Price is based on the amount of effort required.
**Price is based on the amount of badly secured data to be dumped, which in
this case was a substantial figure.
***No security in place, no effort for intrusion needed.
****Trolling is our specialty, we provide this service free of charge.
Auditor's closing remarks: Pwned. U mad, bro?
We are Anonymous.
We are Legion.
We are Antisec.
We do not forgive.
We do not forget.