General Discussion

DisgustipatedinCA

(12,530 posts) Tue Jun 11, 2013, 01:20 AM Jun 2013

@BoozAllen you have a security policy? We're nonplussed, really, cause we never noticed.

That's what Anonymous tweeted after hacking Booz Allen Hamilton in 2011. Twice.

On the bright side, I'm sure they'll safeguard your surveillance data more carefully than that.

--
/*******************************************************************************
*** MILITARY MELTDOWN MONDAY: MANGLING BOOZ ALLEN HAMILTON ***
*******************************************************************************/

Hello Thar!

Today we want to turn our attention to Booz Allen Hamilton, whose core business
is contractual work completed on behalf of the US federal government, foremost
on defense and homeland security matters, and limited engagements of foreign
governments specific to U.S. military assistance programs.

So in this line of work you'd expect them to sail the seven proxseas with a
state- of-the-art battleship, right? Well you may be as surprised as we were
when we found their vessel being a puny wooden barge.

We infiltrated a server on their network that basically had no security
measures in place. We were able to run our own application, which turned out to
be a shell and began plundering some booty. Most shiny is probably a list of
roughly 90,000 military emails and password hashes (md5, non-salted of course!).
We also added the complete sqldump, compressed ~50mb, for a good measure.

We also were able to access their svn, grabbing 4gb of source code. But this
was deemed insignificant and a waste of valuable space, so we merely grabbed
it, and wiped it from their system.

Additionally we found some related datas on different servers we got access to
after finding credentials in the Booz Allen System. We added anything which
could be interesting.

And last but not least we found maps and keys for various other treasure chests
buried on the islands of government agencies, federal contractors and shady
whitehat companies. This material surely will keep our blackhat friends busy
for a while.

A shoutout to all friendly vessels: Always remember, let it flow!
#AntiSec
http://www.securityweek.com/anonymous-hacks-booz-allen-hamilton-leaks-90000-military-email-accounts

4 replies

= new reply since forum marked as read

Highlight:

@BoozAllen you have a security policy? We're nonplussed, really, cause we never noticed. (Original Post) DisgustipatedinCA Jun 2013 OP

Snowden said he was deciding to leak before the Nov 2008 election - he wasn't at BAH back then Tx4obama Jun 2013 #1

I know. This post isn't about Snowden DisgustipatedinCA Jun 2013 #2

Private contractors! RainDog Jun 2013 #3

I wonder if people had any idea how commonly (and easily) these so-called security contractors Egalitarian Thug Jun 2013 #4

Tx4obama

(36,974 posts)

1. Snowden said he was deciding to leak before the Nov 2008 election - he wasn't at BAH back then

Reply to DisgustipatedinCA (Original post)

Tue Jun 11, 2013, 01:27 AM

Jun 2013

He was only at Booz for three months 'this year'.

Snowden said he was thinking about leaking the info 'before' the Nov 2008 election, and then decided to wait to see what Obama would do after/if he was elected.

http://www.cbsnews.com/8301-201_162-57588462/snowden-leak-of-nsa-spy-programs-marks-my-end/?pageNum=2

-snip-

He later went to work for the CIA as an information technology employee and by 2007 was stationed in Geneva, Switzerland, where he had access to classified documents.

During that time, he considered going public about the nation's secretive programs but told the newspaper he decided against it, because he did not want to put anyone in danger and he hoped Obama's election would curtail some of the clandestine programs.

-snip-

DisgustipatedinCA

(12,530 posts)

2. I know. This post isn't about Snowden

Reply to Tx4obama (Reply #1)

Tue Jun 11, 2013, 01:34 AM

Jun 2013

It's about a private company who has surveillance data on millions of citizens and foreigners. And their security is abysmal. This is who our totalitarian government has decided should have access to all the spying records.

RainDog

(28,784 posts)

3. Private contractors!

Reply to DisgustipatedinCA (Original post)

Tue Jun 11, 2013, 01:45 AM

Jun 2013

double-plus good!

http://www.cbsnews.com/8301-201_162-57588462/snowden-leak-of-nsa-spy-programs-marks-my-end/?pageNum=2

Chief White House correspondent Major Garrett said that, since the Guardian and Washington Post revealed the existence of the NSA surveillance programs, the response by President Obama and his administration has been to justify the legal grounds for secret phone snooping and data mining. "Many of these explanations have been defensive, asserting what the snooping and surveillance is not," said Garrett. "That's designed to hold the political line in Congress."

But through it all, Garrett said, "the White House has had to admit a politically and tactically startling truth: It conducts more surveillance than the Bush White House.

"Senior correspondent John Miller said that the U.S. intelligence community is largely run not by government staffers but by contractors: "When I was working as a director of national intelligence, I had a staff of six or seven government employees and 38 contractors. That's not terribly unusual out there.""

Rep. Eric Cantor, the House Republican leadersaid that the NSA programs, as set up, were legal. "There's no question that there's some extraordinary programs with extraordinary breadth, but when Congress after 9/11 went about enacting some of these programs, what it did was empower our law enforcement officials, and did so in a constitutional manner. Now we don't know what happened in this instance, and we've got to find out."

Cantor, the House Republican leader is an asshole of major proportions, who is using this as a way to pretend Republicans didn't start this bullshit - but, in reality, what has been going on has gone on with the approval of the legislature.

Republicans are not averse to using the programs that they put in place to attack the president, when they did and would do the very same. This is as about as much kabuki as it can get.

fucking asshole.

Egalitarian Thug

(12,448 posts)

4. I wonder if people had any idea how commonly (and easily) these so-called security contractors

Reply to DisgustipatedinCA (Original post)

Tue Jun 11, 2013, 03:17 AM

Jun 2013

are hacked, if they might overcome their irrational fears of bogey-men long enough to object? These parasites not only fail far more often than they succeed, but we pay them hundreds of times more than they would be worth if they did work. Private government contractors are nothing but welfare queens on an inhuman scale.
& R

Reply to this discussion