The hacker alliance Anonymous on Monday struck defense contractor Booz Allen Hamilton by posting to the Web what it claims are 90,000 military email addresses and passwords.
Anonymous has become the most high-profile sect of a loosely-organized legion of hacktivists who deface websites and expose confidential data belonging to entities they dislike. LulzSec, a similar group that takes its name from the Internet word for "laughs," also penetrates networks to poke fun at security lapses.
A message Anonymous left on a file-sharing website states that, given Booz Allen specializes in defense and national security consulting, "you'd expect them to sail the seven proxseas with a state- of-the-art battleship, right? Well you may be as surprised as we were when we found their vessel being a puny wooden barge. We infiltrated a server on their network that basically had no security measures in place."
The organization seems to have targeted Booz Allen for its role in several government surveillance programs, warrantless wiretapping initiatives and anti-terrorist information-sharing systems.
In addition, the hackers called attention to "a sort of revolving-door conflict of interest between Booz Allen and the U.S. government," noting that "John M. McConnell, R. James Woolsey, Jr., and James R. Clapper, all of whom have gone back and forth between government and industry (Booz Allen in particular), and who may present the appearance that certain government contractors receive undue or unlawful business from the government, and that certain government contractors may exert undue or unlawful influence on government."
At 2:10 p.m. EST, "AnonymousIRC," the username the group apparently goes by on Twitter, offered the public a link to all the stolen .mil email usernames and passwords:
"Here is quick access to the 90,000 Military emails and passwords: httpXXXXX"
Later in the day, Booz Allen said in a tweet that as part of its security policy, "we generally do not comment on specific threats or actions taken against our systems."
This is not the first time Anonymous has assaulted a federal contractor's computers. This spring, the organization goaded security contractor HBGary Federal by posting online the e-mail archives of the firm, including messages from personnel at the FBI, Homeland Security Department and other agencies.
Last month, Gannett Government Media, a publisher whose subscribers largely hail from the Pentagon, disclosed that unknown attackers had accessed company files containing readership data. The stolen included included users' first and last names, userIDs, passwords, email addresses, and, if provided, ZIP codes, duty statuses, paygrades, and branches of service. The company owns Military Times, Defense News and Federal Times.