UPDATE 7/12/11: Booz Allen Hamilton has released the following statement:
Booz Allen Hamilton has confirmed today that the posting of certain data files on the Internet yesterday was the result of an illegal attack. We are conducting a full review of the nature and extent of the attack. At this time, we do not believe that the attack extended beyond data pertaining to a learning management system for a government agency.
Our policy and security practice is generally not to comment on such matters; however, given the publicity about this event, we believe it is important to set out our preliminary understanding of the facts. We are communicating with our clients and analyzing the nature of this attack and the data files affected. We maintain our commitment to protect our clients and our firm from illegal thefts of information.
UPDATE 7/11/11: Sources indicate that the National Security Agency (NSA) may be the subject of the next leak - stay tuned for more updates...
Gizmodo is reporting that hacktivists with the Anonymous/AntiSec movement have breached Booz Allen Hamilton's networks and published 90,000 military email account login credentials.
Booz Allen Hamilton is one of the largest consulting firms in the world, and the company does extensive business with the Federal government, including the Pentagon.
The leak is being touted as "Military Meltdown Monday" and includes "logins of military personnel—including personnel from US CENTCOM, the Marine Corps, various Air Force facilities, Homeland Security, State Department staff, and what looks like private sector contractors," according to the Gizmodo article.
"Their correspondences could include exchanges with Booz Allen's highly brassy staff of retired defense folk: current execs include three former Directors of National Intelligence and one former head of the CIA. Anon was also kind enough to gut 4 GB of source code from Booz Allen's servers," the article states.
Aside from the email account credentials leaked, the hackers stated the following information was also breached:
"Additionally we found some related datas on different servers we got access to after finding credentials in the Booz Allen System. We added anything which could be interesting. And last but not least we found maps and keys for various other treasure chests buried on the islands of government agencies, federal contractors and shady whitehat companies. This material surely will keep our blackhat friends busy for a while..."
The breach of Booz Allen Hamilton's network may only be the tip of the iceberg, as several tweets from antiSec members indicate more is on the way, such as this latest message from Sabu (@AnonmouSabu):
"ATTN Intelligence Community: BAH Is just the beginning. #antisec #anonymous busy all day today. BBL"
Booz Allen Hamilton issued the following statement on their Twitter account:
"As part of @BoozAllen security policy, we generally do not comment on specific threats or actions taken against our systems."
Infosec Island has contacted senior officials from Booz Allen Hamilton seeking confirmation of the breach and comment on the event. This article will be updated if our requests for additional information are granted.
Hat tip to Niels Groeneveld (@nigroeneveld) for his tireless efforts.