Arik Hesseldahl

Recent Posts by Arik Hesseldahl

Defense Contractor Booz Allen Is Latest Target of Hacker Group Anonymous

The latest target for the hackers formerly known as LulzSec: U.S. defense contractor Booz Allen Hamilton.

Yesterday, Booz Allen confirmed that its network had been attacked. On Monday, the hacker group Anonymous announced that it had penetrated Booz Allen’s network and posted to the file-sharing site The Pirate Bay a file containing some 90,000 email addresses of military personnel, plus “password hashes.” A hash is generally an encrypted version of a password, one that can’t be easily reversed to obtain the actual password.

AnonymousIRC is the new name of the gang formerly known as LulzSec. By working under the flag of Anonymous, the LulzSec hackers, who gained notoriety for repeated attacks against Sony, are associating themselves with the amorphous group that has harassed such targets as the Church of Scientology, PayPal and credit card companies. The group is promising at least two more data dumps this week.

Booz Allen downplayed the incident, saying in a statement, “at this time, we do not believe that the attack extended beyond data pertaining to a learning management system for a government agency.” A learning management system (LMS) is used to track the training of workers on the job, and it’s something Booz Allen helps the federal government with regularly. For instance, it works with the Office of Personnel Management to help federal agencies with on-the-job training.

As computer security breaches go, this one probably rates fairly low on the severity scale. It’s not clear from Booz Allen’s statement what the system was used for, or whether it was connected to any sensitive government work.

The larger concern is that military personnel whose addresses have been published in the file will next be targeted for attack via “spear phishing,” in which legitimate-looking email messages are sent to the target, containing attachments that look routine but are really malware that can capture a password. If they know what’s good for them, the folks whose addresses were leaked have changed their passwords and will carefully scrutinize email messages that contain attachments.

There is, however, a pretty good chance that many of the addresses publicized are out of date. Mililtary personnel move around a lot, and their email addresses often change when they move from one facility to another. By chance, I saw this message on Twitter from Phillip Stewart, who’s serving in the U.S. Air Force:


Ha! I just noticed my old Schriever.af.mil email is in the list, but I left Schriever a year ago. @ @ #AntiSec
@pmsyyz
Phillip Stewart

Booz Allen shares dipped a bit on the news, falling to $18.95 Monday from its Friday closing price of $19.39, but the shares recovered Tuesday to $19.54. Booz Allen listed its shares on the NYSE last year but is majority-owned by the Carlyle Group.

This isn’t the first time — nor will it be the last — that Booz Allen has been targeted for a cyber attack. A 2008 Businessweek cover story detailed how a legitimate-seeming email, appearing to have come from someone at the Pentagon and addressed to a Booz Allen executive, contained in an attachment malware called “Poison Ivy” that was designed to give the attacker remote control over the target’s PC. The email was traced to a sender in China. It’s incidents like this — which we rarely hear about — that are far more worrying than the ones we do hear about, day in and day out, from the likes of Anonymous.


Latest Video

View all videos »

Search »

When AllThingsD began, we told readers we were aiming to present a fusion of new-media timeliness and energy with old-media standards for quality and ethics. And we hope you agree that we’ve done that.

— Kara Swisher and Walt Mossberg, in their farewell D post