UPDATE: Booz Allen Hamilton Issues Statement on Hack

Tuesday, July 12, 2011



UPDATE 7/12/11: Booz Allen Hamilton has released the following statement:

Booz Allen Hamilton has confirmed today that the posting of certain data files on the Internet yesterday was the result of an illegal attack. We are conducting a full review of the nature and extent of the attack. At this time, we do not believe that the attack extended beyond data pertaining to a learning management system for a government agency.

Our policy and security practice is generally not to comment on such matters; however, given the publicity about this event, we believe it is important to set out our preliminary understanding of the facts. We are communicating with our clients and analyzing the nature of this attack and the data files affected. We maintain our commitment to protect our clients and our firm from illegal thefts of information.

UPDATE 7/11/11:  Sources indicate that the National Security Agency (NSA) may be the subject of the next leak - stay tuned for more updates...

Gizmodo is reporting that hacktivists with the Anonymous/AntiSec movement have breached Booz Allen Hamilton's networks and published 90,000 military email account login credentials.

Booz Allen Hamilton is one of the largest consulting firms in the world, and the company does extensive business with the Federal government, including the Pentagon.

The leak is being touted as "Military Meltdown Monday" and includes "logins of military personnel—including personnel from US CENTCOM, the Marine Corps, various Air Force facilities, Homeland Security, State Department staff, and what looks like private sector contractors," according to the Gizmodo article.

"Their correspondences could include exchanges with Booz Allen's highly brassy staff of retired defense folk: current execs include three former Directors of National Intelligence and one former head of the CIA. Anon was also kind enough to gut 4 GB of source code from Booz Allen's servers," the article states.

Aside from the email account credentials leaked, the hackers stated the following information was also breached:

"Additionally we found some related datas on different servers we got access to after finding credentials in the Booz Allen System. We added anything which could be interesting. And last but not least we found maps and keys for various other treasure chests buried on the islands of government agencies, federal contractors and shady whitehat companies. This material surely will keep our blackhat friends busy for a while..."

The breach of Booz Allen Hamilton's network may only be the tip of the iceberg, as several tweets from antiSec members indicate more is on the way, such as this latest message from Sabu (@AnonmouSabu):

"ATTN Intelligence Community: BAH Is just the beginning. busy all day today. BBL"

Booz Allen Hamilton issued the following statement on their Twitter account:

"As part of security policy, we generally do not comment on specific threats or actions taken against our systems."

Infosec Island has contacted senior officials from Booz Allen Hamilton seeking confirmation of the breach and comment on the event. This article will be updated if our requests for additional information are granted.

Hat tip to Niels Groeneveld (@nigroeneveld) for his tireless efforts.

Possibly Related Articles:
Email Military Headlines Anonymous Hacktivist Pentagon hackers Booz Allen Hamilton breach Login AntiSec
Post Rating I Like this!
Michael Thibodeaux So the question is not how much the execs will have to pay for not having adequate security in place for a data breach?
cliff sull What a Goldmine for foreign hackers...
Sam Bowne Booz's statement is incorrect. When I first examined the files, I reached the same conclusion. But I asked friends for help, and they helped me find the password hashes in the middle of the huge transaction log. I found approx. 150,000 hashes. I was unable to crack them using simple web tools, but I have heard a rumor that half of them have now been cracked.
Michael Fisher Hopefully BA has changed the entire security scheme and all the stolen PW's would then be useless. CENTCOM most likely would not be directly affected as they use multilevel security for access like many agencies.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.