Hacker group Anonymous on Monday released a trove of military email addresses and passwords it claimed to have plundered from the network of US defense consulting firm Booz Allen Hamilton.
Anonymous made available a file containing more than 90,000 email addresses and other information it said in online messages that it stole from an unprotected server at Booz Allen.
“Anonymous claims to have erased four gigabytes worth of source code and to have discovered information which could help them attack US government and other contractors’ systems,” computer security firm Sophos said in a blog post.
“While this should certainly be embarrassing to Booz Allen Hamilton, the real impact is on the US military,” the post continued.
In a message accompanying the data at file-sharing website The Pirate Bay, Anonymous said Booz Allen was targeted in a “Meltdown Monday” as part of an anti-security, or “antisec,” movement.
“So in this line of work you’d expect them to sail the seven proxseas with a state-of-the-art battleship, right?” Anonymous said, using pirate jargon and playing off a reference to proxy computer servers.
“Well, you may be as surprised as we were when we found their vessel being a puny wooden barge,” the message continued. “We infiltrated a server in their network that basically had no security measures in place.”
While some downplayed the value of the looted data, computer security specialists warn that the email addresses could be used to target messages that trick recipients into revealing information or downloading viruses.
Booz Allen declined to comment on the incident, citing a company policy of not discussing “specific threats or actions taken against our systems.”
Anonymous rose to infamy last year with cyber attacks in support of controversial whistle-blower website WikiLeaks.
The group was linked to attacks on Visa, Mastercard and Paypal, which blocked donations to WikiLeaks after it published thousands of US diplomatic cables.
Early this year, Anonymous took credit for breaking into the website of HBGary Federal, stealing tens of thousands of email messages and temporarily routing traffic to a page with a vitriolic message.
Anonymous claimed to have busted through HBGary Federal computer defenses in February because the firm was working with federal agents to expose the hackers’ identities.
The HBGary hack was more sophisticated than the distributed denial of service (DDoS) attacks last year on the Amazon, Visa and MasterCard websites in apparent retaliation for their decisions to stop working with WikiLeaks.
In a typical DDoS attack, a large number of computers are commanded to simultaneously visit a website, overwhelming its servers, slowing service or knocking it offline completely.
In recent months, police in Spain, Turkey and Italy have arrested suspected members of Anonymous, which is believed to have branches in several countries.