Anonymous hacked into Booz Allen Hamilton, a US public consulting firm who primarily does work as a federal contractor for the US government on defense and homeland security matters. They infiltrated the company’s server, ran their own application and began to “plunder some booty.”
Ninety thousand military emails were and password hashes were allegedly hacked in a move that led Anonymous to declare in a press release, “Thanks to the gross incompetence at Booz Allen probably all military personnel of the US will now have to change their passwords.”
The “mangling” of Booz Allen was a part of “Military Meltdown Monday.” And they planned more releases in the coming days.
Unlike WikiLeaks, the success and impact of an Anonymous release of data or information does not depend upon the content of the data. One can download the data, but, for many of the releases, there may be little to be gained from it if you are looking for details on the inner operations of Booz Allen (or if you know next to nothing about hacking and unpacking encrypted data).
The content of this release is primarily military emails and passwords.
What makes the hack important is the hack itself—the mere fact that a hack took place. Anonymous has demonstrated to those who do business with Booz Allen Hamilton, like the US government, that it does not take proper precautions to protect its operations from cyber attacks. Anonymous has shown this contractor is vulnerable, which could essentially cost Booz Allen business.
Booz Allen was allegedly targeted because of its involvement in numerous electronic surveillance activities. Anonymous recalls how they uncovered a program after they hacked HBGary’s email server in February. The program uncovered showed several companies were involved in a military project “designed to manipulate social media.”
The main aims of the project were two fold: Firstly, to allow a lone operator to control multiple false virtual identities, or “sockpuppets”. This would allow them to infiltrate discussions groups, online polls, activist
forums, etc and attempt to influence discussions or paint a false representation of public opinion using the highly sophisticated sockpuppet software. The second aspect of the project was to destroy the concept of online anonymity, essentially attempting to match various personas and accounts to a single person through recognition shared of writing styles, timing of online posts, and other factors. This, again, would be used presumably against any perceived online opponent or activist.
[For more on the planned Sockpuppet Army, go here.]
One of the companies that they discovered were involved in this project, which they called Operation Metal Gear, was Booz Allen. They say they had been planning this hack for quite some time but somehow “Expect Us” didn’t preven them from an “epic security fail:”
…Anonymous has been investigating them for some time, and has uncovered all sorts of other shady practices by the company, including potentially illegal surveillance systems, corruption between company and government officials, warrantless wiretapping, and several other questionable surveillance projects.
All of this, of course, taking place behind closed doors, free from any public
knowledge or scrutiny.
“For the lazy,” Anonymous put together a release that contained information on the company they just embarrassed.
They noted the following individuals, who have held positions in federal government or now currently hold positions in the federal government and have worked for Booz Allen:
*John Michael “Mike” McConnell, Executive Vice President of Booz Allen and former Director of the National Security Agency (NSA) and former Director of National Intelligence.
* James R. Clapper, Jr., current Director of National Intelligence, former
Director of Defense Intelligence.
* Robert James Woolsey Jr, former Director of National Intelligence and head
of the Central Intelligence Agency (CIA).
* Melissa Hathaway, Current Acting Senior Director for Cyberspace for the
National Security and Homeland Security Councils
They highlighted a 2007 Democracy Now! interview with investigative journalist Tim Shorrock, who reproted on Booz Allen’s involvement as a sub-contractor in the Trailblazer and Pioneer Groundbreaker programs at the US National Security Agency (NSA).
Trailblazer is a data mining program that ended up costing about $4 billion and didn’t work well. It’s the program that the NSA wound up using, which NSA whistleblower Thomas Drake spoke out against because he knew there was a program called ThinThread that would likely be more efficient. Drake was afraid Trailblazer would be a waste of taxpayer money and that it called for illegal and unconstitutional surveillance. (Drake is one of the whistleblowers the Obama Administration has pursued in its war on whistleblowing.)
Shorrock described Groundbreaker:
Booz Allen was a chief advisor to another program, which was the NSA’s internal communications. This was a program called Groundbreaker. And all of these programs are analyzing, you know, the phone calls that they intercept, the government communications from abroad they intercept. And when they’re intercepting phone calls between US citizens and people abroad, the corporations are involved. They have people there working not only as just technical advisors, but also doing analysis. And so, if the NSA is listening in on our phone calls, you can bet that Booz Allen is participating in that.
Part of the “AntiSec” or anti-security movement that Anonymous is intent to inspire, this hack came days after hacking IRC Federal, which is an IT contractor that does work with US federal agencies like the FBI and NASA.
It is groups like Anonymous that have claimed headlines recently and put members of Congress and people in government on alert. Cybersecurity hearings have become a regular thing on Capitol Hill, as the government works to develop and enact a national cybersecurity policy to prevent the hacks like the ones Anonymous perpetrates.
In a cybersecurity hearing organized by Republican Rep. Darrell Issa last week, Democratic Rep. Elijah Cummings said he hoped law enforcement got all the tools necessary to go after hackers. Republican Rep. Blake Farenthold wondered how the US might go after “hobby hackers” because not a day goes by now that he doesn’t have to download some update to his McAfee software.
Greg Schaffer of the Homeland Security Department declared, “There is no security issue facing our nation more pressing than cybersecurity.”
“The reality is the United States is increasingly confronted by a dangerous cyber environment where threats are more targeted, they’re more sophisticated and more serious than they’ve ever been before,” he said, “Hackers probe critical infrastructure companies on a daily basis. The status quo is simply unacceptable.”
The attacks from Anonymous, however, do not seem intent to sabotage critical infrastructure of any company. Up to this point, the attacks are all political and designed to call attention the world wide apparatus of surveillance—the burgeoning national security state that has grown in the aftermath of 9/11.
The companies targeted are the companies most likely to go after Anonymous. They are the companies that threaten the ability of members of the group to remain anonymous.
Anonymous is the closest thing the US and possibly the world has to an anti-security movement that can make headlines and draw attention to the ways that companies are becoming increasingly powerful and more capable of intruding into people’s privacy and violating their civil liberties.
It may not seem like a traditional resistance group. What Anonymous is doing is providing the space and cover for an offline movement to actually challenge the surveillance state that citizens have learned to live under without being appalled or upset with it much at all.