As a part of its ongoing AntiSec campaign, the hacking collective Anonymous has claimed responsibility for a new attack on defense company Booz Allen Hamilton, releasing the details of several of its contracts with the U.S. Military.
In keeping with its previous tactics, the attack on Booz Allen Hamilton saw Anonymous hackers break into the company's servers and steal information for later release online.
"We infiltrated a server on their network that basically had no security measures in place. We were able to run our own application, which turned out to be a shell and began plundering some booty. Most shiny is probably a list of roughly 90,000 military emails and password hashes (md5, non-salted of course!). We also added the complete sqldump, compressed ~50mb, for a good measure," boasted the statement attached to the release.
The data taken in the attack was subsequently published as a text file available for download via the pirate bay Web site.
The company was reportedly targeted for its connections with American Military and Government organizations -- many of the company's directors and executives are ex-government or military.
"Today we want to turn our attention to Booz Allen Hamilton, whose core business is contractual work completed on behalf of the US federal government, foremost on defense and homeland security matters, and limited engagements of foreign governments specific to U.S. military assistance programs" read the opening of Anonymous' statement.
As well as the passwords, Anonymous' post also revealed several of the company's contracts.
Disturbingly one of the projects highlighted related to a previous media manipulation operation of HBGary revealed by the hackers this February.
The February release unveiled an alleged project Anonymous named Operation Metal Gear -- perhaps referring to the popular Konami Game. Anonymous described the project as having two goals:
"The main aims of the project were two fold: Firstly, to allow a lone operator to control multiple false virtual identities, or "sockpuppets". This would allow them to infiltrate discussions groups, online polls, activist forums, etc and attempt to influence discussions or paint a false representation of public opinion using the highly sophisticated sockpuppet software.
"The second aspect of the project was to destroy the concept of online anonymity, essentially attempting to match various personas and accounts to a single person through recognition shared of writing styles, timing of online posts, and other factors. This, again, would be used presumably against any perceived online opponent or activist."
During its raid, the post by Anonymous alleged that it had discovered documentation linking Booz Allen Hamilton to Operation Metal Gear:
"HBGary Federal was just one of several companies involved in proposing software solutions for this project. Another company involved was Booz Allen Hamilton. Anonymous has been investigating them for some time, and has uncovered all sorts of other shady practices by the company, including potentially illegal surveillance systems, corruption between company and government officials, warrantless wiretapping, and several other questionable surveillance projects."
Since the attack, Anonymous added insult to injury, signing off its statement with an invoice. The collective later posted a tweet mocking the company for the dip in share value it suffered after news of the attack broke: ""On Monday, Booz Allen Hamilton shares fell 2.3 percent, to $18.95." Thanks for the good news Fox! #Antisec".
The attack was credited as being part of Anonymous AntiSec campaign. The operation was announced earlier this year and is reportedly intended as a form of protest against internet censorship and moderation.
Already it has seen the group hit the servers and websites of numerous companies and government organisations.
Anonymous has since issued a statement claiming that this is only the first of its three-stage plan to "change the world". The second phase is set to begin this November.