US Defense Contractor Besieged by Hackers

A high-profile hacking group has published what it claims are 90,000 email addresses and password combinations belonging to a government contractor. The group also says it deleted back-up data from the organization's servers.

The leak comes from the Anonymous group, previously known for its battles with the Scientology movement and the Westboro Baptist Church. Recently, it began a campaign known as "Antisec" (anti-security) alongside members of the previously-disbanded LulzSec group.

Anonymous retrieved thee email details from the network of Booz Allen Hamilton, an engineering and technology consulting firm that works with government agencies. One of its former employees, Melissa Hathaway, headed a government review of national cybersecurity in 2009.

Encryption May Prove Inadequate

According to Anonymous, the server concerned "basically had no security measures in place."

The passwords it collected are encrypted, but in a manner which should make decryption relatively straightforward. The group also deleted around 4GB of data from the servers, which appears to have been copies of previous revisions of pages on the site, stored as a back-up system allowing changes to be easily undone. (Source: thepiratebay.org)

Cheekily, the group even published a spoof invoice for its work in carrying out an "audit of [the] security systems", requesting a $310 fee but noting there was no charge for infiltrating the network, as that task was so simple.

Booz Allen downplayed the incident, stating that "[they] ... do not believe that the attack extended beyond data pertaining to a learning management system for a government agency."

For the record, a Learning Management System ("LMS") is used to track the training of workers on the job -- which is something Booz Allen helps the federal government with regularly. (Source: allthingsd.com)

IRC Federal Attacked Days Earlier

The attack follows Anonymous hacking a government IT contractor, IRC Federal, just days earlier.

Previously, the LulzSec group had published email data stolen while hacking a security firm that works with the FBI. (Source: pcmag.com)