Now, AntiSec exposes 90000 US military passwords

AntiSec, which comprises elements of the Anonymous and the now defunct hacking group Lulz Security collectives, claims it broke into the servers of military contractor Booz Allen Hamilton and gained access to the login details of 90,000 military employees.

Hackers expose massive US military details
In what they dubbed "military meltdown Monday," the hacking group released documents July 11 on the file-sharing website The Pirate Bay as part of its anti-government AntiSec campaign.

The documents the group claims were stolen from government contractor Booz Allen Hamilton via an unprotected server contained personal and official details of an estimated 90,000 United States military employees.

Lack of security enabled hackers to steal data
Confirming the massive data dump in an online statement, the hacker group said, "We infiltrated a server on their network that basically had no security measures in place."

Due to the lack of security on one of the company's servers, the hacker group managed to run its own application on the box and dump the SQL database, enabling them to lift data and delete four gigabytes of source code and find information on other systems to attack.

The group added, "We were able to run our own application...and began plundering some booty."

Reportedly, the stolen 190MB of data included log-in information of personnel from US CENTCOM, SOCOM, the Marine Corps, Air Force facilities, Department of Homeland Security, Department of State and other private-sector contractors.

Hackers mock Booz Allen’s security system
In a message accompanying the data at The Pirate Bay Web site, the Hacker group said Booz Allen was targeted in a "Meltdown Monday" as part of an anti-security, or "antisec," movement.

"So in this line of work you'd expect them to sail the seven proxseas with a state-of-the-art battleship, right?" Anonymous said.

"Well, you may be as surprised as we were when we found their vessel being a puny wooden barge," the message continued.

The group also claimed to have uncovered “maps and keys for various other treasure chests buried on the islands of government agencies, federal contractors and shady whitehat companies.”

Booz Allen tweets about the attack
Shortly after the hack was announced, Booz Allen, which is led by several former National Security Agency and CIA staffers, posted a message to the micro-blogging site Twitter, saying, that "as part of @BoozAllen security policy, we generally do not comment on specific threats or actions taken against our systems,"

In response to the company’s comment, the hackers taunted, "You have a security policy? We never noticed."

Massive data dump embarrassing for Booz Allen
Meanwhile, computer security firm Sophos said the attack would be embarrassing for Booz Allen but the real impact would be on the military.

"Anonymous claims to have erased four gigabytes worth of source code and to have discovered information which could help them attack US government and other contractors' systems," the security firm said in a blog post.

"While this should certainly be embarrassing to Booz Allen Hamilton, the real impact is on the US military," the post continued.

Sophos security expert Chester Wisniewski said, "These 90,000+ individuals will need to reset their passwords, and ensure any systems that they shared these passwords with are changed," he said.