Forgot your password?
typodupeerror
Security The Military Technology

Anonymous Releases 90,000 Military E-Mail Accounts 319

Posted by Soulskill
from the and-another-one-gone-and-another-one-gone dept.
jjp9999 writes "Anonymous Operations posted 90,000 military email addresses and passwords to the Pirate Bay on July 11, in what they're calling 'Military Meltdown Monday.' They obtained the emails while hacking government contracting and consulting firm Booz Allen Hamilton. They hinted at other information obtained during the breach, which they describe as 'maps and keys for various other treasure chests buried on the islands of government agencies, federal contractors and shady whitehat companies.' The breach comes just days after Anonymous hacked government contractor IRC Federal. Both breaches are linked to the new AntiSec movement, which LulzSec joined forces with shortly before disbanding."
This discussion has been archived. No new comments can be posted.

Anonymous Releases 90,000 Military E-Mail Accounts

Comments Filter:
  • Yeh (Score:5, Insightful)

    by sortius_nod (1080919) on Monday July 11, 2011 @06:17PM (#36727278) Homepage

    I don't think I'll be grabbing that torrent...

    • And *you* could win a special meeting with the boys from Seal Team Six in the comfort of your very own home.
  • That name itself just screams trustworthiness, doesn't it? I know I would happily hand over my secrets to someone named Booz to keep confidential and secured.
  • Not sure when this is going to end. Maybe Operating Systems needs to be redesigned with built in security.
    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Not sure when this is going to end.

      You don't? I'll be glad to tell you.

      Maybe Operating Systems needs to be redesigned with built in security.

      Wait, it sounds to me like you do know. Just remember that "security" in this case doesn't mean "security from outside attackers" it means "security from users."

      This is going to end with iOS. Programmers will be required to license their compiler and IDE from official government sources and only be allowed to enter code into "secure" disconnected computers. You will only be allowed to run programs that have been signed off by the Government, and you will have to provide y

      • by MBGMorden (803437)

        Think I'm just paranoid?

        Yes, yes I do.

      • But in this very special case: Why not?

        These machines are used in an environment where the owner (the government) actually is interested in keeping the system secure from its users. This is not my home machine where I am user and owner in one person. User and owner (of system and data) are two separate entities and it would make sense to design and use a system where the user only has limited access and cannot break out of his jail.

        You said we'd end up with a system where only government mandated and "signe

    • by samkass (174571)

      Not sure when this is going to end. Maybe Operating Systems needs to be redesigned with built in security.

      Yes, because that's made iOS very popular around here.

    • by c0lo (1497653)

      Not sure when this is going to end.

      Why does it need to end? I mean, using driving a car exposes one to risks - I still see people driving.

    • They are. The problem isn't in the lower layers of the OSI model, it's on layer 8.

      Or, in other terms, it's pretty hard to make a computer system useful and resilient against human stupidity.

  • I don't get it. (Score:4, Insightful)

    by Anonymous Coward on Monday July 11, 2011 @06:24PM (#36727330)

    Anonymous has an agenda. That's fine. Originally they were after Scientology. If they've shifted focus, I have no problem with that. If they're trying to become another Wikileaks and expose government wrongdoing, that also makes sense.

    What I don't understand is the wholesale posting of email addresses and passwords. What are they trying to accomplish? Military or not, these are email addresses of real people. This is no longer a crusade against "bad guys" whoever they may be, or even against bad activities. This is now a crusade against privacy. You know, the concept that keeps Anonymous, well, anonymous.

    If we use exactly the same standard that they use to judge what should be public information, then the names, email addresses, and passwords of everyone who calls himself/herself Anonymous should be public as well.

    • by Necroman (61604)

      "Doing it for the Lulz."

      I'd imagine it's the same reason many others publicize their work, for the notoriety and as a symbol of proof that they did it.

    • by MrEricSir (398214)

      If we use exactly the same standard that they use to judge what should be public information, then the names, email addresses, and passwords of everyone who calls himself/herself Anonymous should be public as well.

      Keep in mind that if Anonymous hackers happened to be in the military, they would have to expose their own passwords in this dump in order to avoid suspicion. So it's quite possible one or more of the hackers gave out their own info.

    • by dcollins (135727) on Monday July 11, 2011 @10:08PM (#36729146) Homepage

      Surely there's some free-market economic explanation for all this. That shit can explain anything (or so I'm told).

      • Sure it can. Rampart "free market" economy (I use the term loosely here, the free market economy after all also depends highly on the buyer's power to choose which isn't the case in reality) means that security is a cost position without a shareholder benefit and hence is to be cut first.

    • Re: (Score:3, Insightful)

      by afabbro (33948)

      Anonymous has an agenda. That's fine.

      It's the same agenda a 3-year-old has: "look at me! look at me!"

    • by Renraku (518261)

      I think their tactics are to create enough chaos and hope someone will pull something interesting from those accounts. Something like, "Hello Mr. CEO, this is Corporal Blabla, give me $100,000 and I'll tell my commanding officer that we need new battle rifles with your patented sling-a-bullet technology." or "Yeah I know we raped and killed that woman but we can just rape and kill her family if she reports it. Who can stop us? We're the military!"

    • Panther Moderns, Cat Mother.

      "Chaos, Mr. Who," Lupus Yonderboy said. "That is our mode and modus. That is our central kick. Your woman knows."

  • by cozzbp (1845636) on Monday July 11, 2011 @06:26PM (#36727334)
    Wouldn't it be safer just to download it with HTTP instead of torrent? That way, you don't have peers who are collecting IP addresses. Correct me if I'm wrong, because I really am not sure.
    • by pavon (30274)

      With HTTP you have one peer - the HTTP server. With torrent you have many peers. In both cases they have access to your IP address. So it depends on how much you trust the server.

      The reason they use torrent and not HTTP for stuff like this is because
      A) they don't want to pay for the bandwidth of serving that file to thousands of people, nor to be able to be traced to that server.
      B) Free HTTP sharing sites have bandwidth limits, rat people out, and are a general PITA.
      C) With bitorrent there is less centraliz

  • by cvtan (752695) on Monday July 11, 2011 @06:29PM (#36727362)
    How does releasing email addresses and passwords aid the fight for good and thwart evildoers? They should go back to the Scientology thing.
    • I wonder how many are using good passwords.
      I am betting not many.
    • Re: (Score:3, Insightful)

      by Mashiki (184564)

      Didn't you hear? The US is and in turn US army is full of evil. I mean just skip Iran murdering gay's, or the years of things going on in Sudan with religious persecution. Or the pakistan military being so corrupt that they've been infiltrated by terrorists. It's the US that's evil.

      • by andb52 (854780) on Monday July 11, 2011 @06:43PM (#36727542)
        The obvious logical fallacy with your statement is that, just because other regimes may be evil and corrupt, it does not mean that the US is not.
        • The obvious logical fallacy with your statement is that, just because other regimes may be evil and corrupt, it does not mean that the US is not.

          Especially since two of the three cases he cited the US was complicit by providing the country military aid (Sudan was the 6th largest recipient of US military aid and everybody knows about the billions given to Pakistan).

        • by artor3 (1344997)

          That only works if you give such an overly broad definition to "evil" that basically any organization will fall under it. Evil is a very strong word, and it's absurd the way it's thrown around by obnoxious man-children looking to feel oppressed.

    • How does releasing email addresses and passwords aid the fight for good and thwart evildoers?

      Maybe next time, they won't hire contractors relying on porous security, able to be penetrated by any script kiddy with a modem, increasing the security of the US Defense Force in the process. But more likely, they'll just send goons after script kiddies - goon security is easier than real security.

    • by TubeSteak (669689) on Monday July 11, 2011 @07:55PM (#36728234) Journal

      How does releasing email addresses and passwords aid the fight for good and thwart evildoers?

      If LulzSec/Anonymous can do it, so can our enemies and allies.

      The fact that these guys are so prolific and haven't been caught yet, strongly implies that others have done the same thing.
      And probably gotten away with it because they didn't announce it to the world.

      The fact is, this will go on for as long as LulzSec/Anonymous feels like doing it.
      Between government agencies and contractors, there's just too much low hanging fruit.

      BUT, all things being equal, I'd rather it was blackhats humiliating us in public instead of China silently doing it for economic gain or espionage.

      • by artor3 (1344997)

        So we should just start driving down the streets murdering people, just to prove how easy it is and show that gun laws should change? There are better ways to effect change. Steal the passwords, burn them to some DVDs, mail them to some congressmen, and maybe a newspaper. Don't publicly distribute them.

  • I just can't help but think what has changed recently which might explain the flood of all these high profile attacks.

    A critical mass of stupidity? (OWASP greatest fails)

    TLA false flagging for 1984 legislation?

    Two hacking groups (lulz and anon) with nothing better to do?

    Whatever the reason I hope people are taking this opportunity to wake up.

    • This is what happens when a government oppresses its people for too long -- anarchy. Obama wants people to believe he can control the Internet, but he can't. "The more you tighten your grasp, Tarkan, the more the galaxies slip through your fingers."
      • Re: (Score:2, Insightful)

        This is what happens when a government oppresses its people for too long -- anarchy. Obama wants people to believe he can control the Internet, but he can't. "The more you tighten your grasp, Tarkan, the more the galaxies slip through your fingers."

        Er... what oppression are you referring to? Or is this another case of someone who has little idea what real oppression is like trying to say that he US is sooooo evil and oppressive because... oh.. I don't know.. something or other.. Not saying it is perfect and hasn't gotten less free over time.. just saying that if you think living in the US is living under oppression then you don't know what oppression really is.

  • by Qbertino (265505) on Monday July 11, 2011 @06:39PM (#36727488)

    You got to hand it to them: These blackhat/lulz Hacker types sure do have some balls. I'd be scared shitless to pull such a stunt, even if I *did* have the information. I'd be super-ultra-extreme paranoid and cover my tracks many times over. I actually wouldn't know where to start when attemting that.

    Probably something like this:
    1. Multiple levels of undetected low-profile unix breakins to start off a botnet.
    2. Multiple levels of botnets on top of that to finally hack the systems involved in the attack and breach, using totally different malware strategies as to go undetected among the usual hodge-podge of criminal botnets.
    3. Low-profile IDS on all levels to scout for detection or suspicious tracing activity 24/7.
    4. Encrypted, low-profile bit-by-bit intrusion and trickle-data-grab over weeks or months.
    5. Complete rollback and teardown of the entire network with IDS remaining on the last lines of defense (see 1.) ready to send out signals if someone comes for you.
    6. Wait. A long time.
    7. Release data and press release over simularly complex channels.

    Imagine what happens to you if the CIA or some other 3-letter blackops finds out where you're at. Your life is pretty much over then.

    • by Shark (78448)

      This type of knowledge has been deemed dangerous. Please report to your local intelligence agency for evaluation and risk assessment.

    • Nah, you don't need anything this complex. You can hack in from your home network with nothing special and even leave your email address and contact information. As long as you don't brag about what you did, they have no way of tracking you. Trust me on this. There's nothing to be worried about... nothing to worry about.... worry about... worry...
    • by Doc Ruby (173196)

      Tell that to the majority of Qaeda members who've been making a mockery of the CIA for decades.

      More likely is that if any of these crackers are even caught, the CIA will make a deal to coopt them instead of destroy them. The CIA likes nothing better than skilled makers of mayhem - except perhaps mayhem itself.

    • by Jerry (6400)

      Your plan would fail at this point:
      "1. Multiple levels of undetected low-profile unix breakins to start off a botnet."

      Two years ago it took some bad guys 6 months to hack into only 700 Linux boxes [blogspot.com] because they had to do it manually. Just sending an email with an infected packet won't work on Linux the way it worked to create the most recently discovered Windows botfarm, which contained over 4,500,000 Windows zombies.

    • Or you could just sit in a free wifi area or use your neighbors wifi (down the block), boot backtrack and fire up nmap/metasploit.
      • Re: (Score:2, Informative)

        by Anonymous Coward

        you're more or less right-- the OP is just gonna get busted tinkering with IDS on his botnet or whatever crazy crap and never get to his actual target.

        Just go to a coffee shop you've never been to on the other side of town and pop a wifi AP in the area. Just be mindful to not do stupid shit like log into your facebook account and treat it sorta like an OTP-- dough-nut re-use.

        This last part is crucial, go check max butler's 2nd case, they figured out what APs were available, and then cross-referenced them wi

        • I'd suggest adding that you use a machine that you use only for this and never for anything that could remotely be tied to you.

    • by dcollins (135727)

      Haven't they made some arrests in a few European countries, and the targets are, like, 17-year-old kids? Outright naivete and foolhardiness will short-circuit a lot of your track-covering-requirements right quick.

      Like for all the same reasons you can only really fight wars with a bunch of mostly un-laid young men. Or as "the war nerd" wrote this spring: in a real combat, it's your bravest friend who would be at the front and the first to die.

      • IIRC that was over the LOIC thing. I somehow doubt the LulzSec guys were stupid enough to even touch that with a mile long pole.

    • by afabbro (33948)

      You got to hand it to them: These blackhat/lulz Hacker types sure do have some balls.

      They're 14-year-olds. They barely have pubic hair and I'm not sure that all of them have a full set yet.

      • If they're 14year olds, I want their resume as soon as they get a chance. If they can achieve this level of skill at just 14 years of age, I certainly want them on my team.

        I'm hiring. And paying well. Just get out 'fore you have a police record, that would be a showstopper.

  • Don't be dense. This is Lulzsec. They're just calling themselves Anonymous to get some form of protection.
  • by Doc Ruby (173196) on Monday July 11, 2011 @06:47PM (#36727590) Homepage Journal

    On the one hand, the military and its contractors are assholes for exposing tens of thousands (and surely more) of military people's accounts to cracking and outing.

    On the other hand, Anonymous is assholes cracking and outing tens of thousands (and surely more) of military people's accounts.

    That's both hands assholes. Have you noticed that everyone in public life these days is an asshole?

  • by Prune (557140)
    I guess Allen Hamilton will really be hitting the Booz!
  • "Pearl Harbor" (Score:2, Interesting)

    by sarku (2047704)
    Didn't some top ranking official recently say something about an internet "Pearl Harbor?" You see, this isn't Anonymous, or any other basement hackers looking for lulz in all the wrong places. This is the fucking government working to tighten control over the internet.
    • Yeah, because a break in at some third rate defence contractor is equivalent to the destruction of a large part of the US pacific fleet and the deaths of thousands of US military personnel.

      A "digital Pearl Harbor" would be a break in to something like the NSA/CIA/Pentagon that allowed an enemy to gain and exploit a military advantage.

      • by craw (6958)

        BAH is not a third rate defense contractor. They provide software to three letter USA government agencies. If a contractor to three letter agencies is compromised, then this might affect the agencies especially if some future exploitable weakness has been discovered (and not later fixe). Or information about how the agencies is implementing security or other operational things.

        Digital Pearl Harbor means many things, IMHO, but one is being surprised by an attack that you have not fully anticipated.

    • by inKubus (199753)

      Sure, the U.S. Military could be Anonymous. It could be anyone.

  • Strong pro military comments here. It would be better if A. only hacked the emails of high military leaders, up from a General, but it's just against the law to hack the email accounts, think about it this way:

    If I bunch of teenagers could do it, so can other states do it. Who knows how long the email accounts are actually already hacked by China or N. Korea. Now A. exposed the security hole and at least the military needs to change their passwords.

    Also the US military are not good Samaritans. Who known how

  • It's not fair that the US is the only one who gets hacked like that, they should hack all countries equally. I'm sure my own country has plenty of dirty laundry as do many others. Especially China.

Facts are stubborn, but statistics are more pliable.

Working...