Anonymous Releases 90,000 Military E-Mail Accounts 319
jjp9999 writes "Anonymous Operations posted 90,000 military email addresses and passwords to the Pirate Bay on July 11, in what they're calling 'Military Meltdown Monday.' They obtained the emails while hacking government contracting and consulting firm Booz Allen Hamilton. They hinted at other information obtained during the breach, which they describe as 'maps and keys for various other treasure chests buried on the islands of government agencies, federal contractors and shady whitehat companies.' The breach comes just days after Anonymous hacked government contractor IRC Federal. Both breaches are linked to the new AntiSec movement, which LulzSec joined forces with shortly before disbanding."
Yeh (Score:5, Insightful)
I don't think I'll be grabbing that torrent...
Do it! (Score:3)
Re: (Score:3)
A. Information falls under copyright law, and possession of such things is not legally considered theft. That distinction is absolutely relevant here.
B. Actually, it's not so relevant, because the government can't own copyrights - anything they own belongs to the people.
In no way, shape, or form would downloading this amount to possession of stolen goods. As a matter of fact, it's not even a crime. Hacking the computers to obtain the info was a crime. After that the cats out of the bag.
Re: (Score:2, Insightful)
I'm pretty sure there is some sort of law against knowingly acquiring sensitive information. Worse still, to get it on a torrent means you have to share it too so you are also sharing sensitive information.
Re:Yeh (Score:4, Informative)
Re: (Score:2)
Re: (Score:2, Insightful)
Quite simply, the fact that this is happening indicates that the impacted are not capable of defending our freedoms or anything else according to modern realities of engagement. We may wish it were otherwise, but it is not. I'm sorry.
Re: (Score:2)
No, what it means is that the government's reliance on [expensive] contractors is not just a bad financial decision but a horrible security risk. These companies can act "on behalf" of government and not be held to account in the way government activities usually are. Why did we need Blackwater at all when we have plenty of soldiers? The answer should be obvious.
A Military Contractor Named Booz? (Score:3)
Re: (Score:2)
But you would order your subordinates to do so if you're bossing a military outfit and your former boss is now bossing Booz and you both helped this contract to come about. Which is how these contracts happen anyway.
Re:A Military Contractor Named Booz? (Score:5, Funny)
Not Ironic - descriptive (Score:2)
Not as ironic as Standard & Poor's.
That's not ironic its descriptive for a credit rating agency. Either you make their arbitrary standard you'll be poor...just ask the Greek Government.
Re: (Score:2)
Forget their name, just take a look their company uniforms [twitter.com], they look more like inmates -- not security guards.
Re: (Score:2)
Christ, who modded such an openly racist comment up? Yeah, foreign names sometimes sound funny to English speakers. Wait, what about that Baumgartner guy in the US?
Not sure when this is going to end.. (Score:2)
Re: (Score:3, Insightful)
Not sure when this is going to end.
You don't? I'll be glad to tell you.
Maybe Operating Systems needs to be redesigned with built in security.
Wait, it sounds to me like you do know. Just remember that "security" in this case doesn't mean "security from outside attackers" it means "security from users."
This is going to end with iOS. Programmers will be required to license their compiler and IDE from official government sources and only be allowed to enter code into "secure" disconnected computers. You will only be allowed to run programs that have been signed off by the Government, and you will have to provide y
Re: (Score:2)
Think I'm just paranoid?
Yes, yes I do.
Re: (Score:2)
But in this very special case: Why not?
These machines are used in an environment where the owner (the government) actually is interested in keeping the system secure from its users. This is not my home machine where I am user and owner in one person. User and owner (of system and data) are two separate entities and it would make sense to design and use a system where the user only has limited access and cannot break out of his jail.
You said we'd end up with a system where only government mandated and "signe
Re: (Score:2)
You can always prove that a program will go on forever in finite time. What you can't aways prove is that it will halt.
Anyway, the above was quite OT... For securing the governemnt's systems against their users the governemnt can issue some "Right to Read" laws applying just to their computers. It should even have already done that. No overall society control is needed.
Re: (Score:2)
Not sure when this is going to end. Maybe Operating Systems needs to be redesigned with built in security.
Yes, because that's made iOS very popular around here.
Re: (Score:2)
Not sure when this is going to end.
Why does it need to end? I mean, using driving a car exposes one to risks - I still see people driving.
Re: (Score:2)
They are. The problem isn't in the lower layers of the OSI model, it's on layer 8.
Or, in other terms, it's pretty hard to make a computer system useful and resilient against human stupidity.
I don't get it. (Score:4, Insightful)
Anonymous has an agenda. That's fine. Originally they were after Scientology. If they've shifted focus, I have no problem with that. If they're trying to become another Wikileaks and expose government wrongdoing, that also makes sense.
What I don't understand is the wholesale posting of email addresses and passwords. What are they trying to accomplish? Military or not, these are email addresses of real people. This is no longer a crusade against "bad guys" whoever they may be, or even against bad activities. This is now a crusade against privacy. You know, the concept that keeps Anonymous, well, anonymous.
If we use exactly the same standard that they use to judge what should be public information, then the names, email addresses, and passwords of everyone who calls himself/herself Anonymous should be public as well.
Re: (Score:2)
"Doing it for the Lulz."
I'd imagine it's the same reason many others publicize their work, for the notoriety and as a symbol of proof that they did it.
Re: (Score:2)
Keep in mind that if Anonymous hackers happened to be in the military, they would have to expose their own passwords in this dump in order to avoid suspicion. So it's quite possible one or more of the hackers gave out their own info.
Re:I don't get it. (Score:5, Funny)
Surely there's some free-market economic explanation for all this. That shit can explain anything (or so I'm told).
Re: (Score:2)
Sure it can. Rampart "free market" economy (I use the term loosely here, the free market economy after all also depends highly on the buyer's power to choose which isn't the case in reality) means that security is a cost position without a shareholder benefit and hence is to be cut first.
Re: (Score:3, Insightful)
Anonymous has an agenda. That's fine.
It's the same agenda a 3-year-old has: "look at me! look at me!"
Re: (Score:2)
I think their tactics are to create enough chaos and hope someone will pull something interesting from those accounts. Something like, "Hello Mr. CEO, this is Corporal Blabla, give me $100,000 and I'll tell my commanding officer that we need new battle rifles with your patented sling-a-bullet technology." or "Yeah I know we raped and killed that woman but we can just rape and kill her family if she reports it. Who can stop us? We're the military!"
Re: (Score:2)
Re: (Score:2)
Hey, Anonymous has an agenda. At least some Anonymous certainly does. Statistically, it's quite likely, at least. :)
Re: (Score:2)
What middle class?
Re: (Score:2)
No, the blame will be shifted to some poor, underfunded CSO who even could not prevent this if he wanted to (and trust me, most CSOs I know are paranoid enough that they would if they could) because his budget is lower than that of the cafeteria since security is seen as a cost position without revenue. He'll get fired for "incompetence", replaced by the next poor sod who's put on that ejector seat 'til the next security breach.
Re: (Score:2)
Comment removed (Score:3)
Re: (Score:2)
With HTTP you have one peer - the HTTP server. With torrent you have many peers. In both cases they have access to your IP address. So it depends on how much you trust the server.
The reason they use torrent and not HTTP for stuff like this is because
A) they don't want to pay for the bandwidth of serving that file to thousands of people, nor to be able to be traced to that server.
B) Free HTTP sharing sites have bandwidth limits, rat people out, and are a general PITA.
C) With bitorrent there is less centraliz
Re: (Score:2)
The hosting server can. An arbitrary client can't hop on and grab a list of everyone else downloading it at the same time, though.
Re: (Score:2, Informative)
TOR is an end-user decision. Host it on the web and the people downloading it could use TOR, but you don't really specifically distribute via TOR.
What you're talking about is more akin to Freenet.
Not sure I see the point of this. (Score:4, Insightful)
Re: (Score:2)
I am betting not many.
Re: (Score:3, Insightful)
Didn't you hear? The US is and in turn US army is full of evil. I mean just skip Iran murdering gay's, or the years of things going on in Sudan with religious persecution. Or the pakistan military being so corrupt that they've been infiltrated by terrorists. It's the US that's evil.
Re:Not sure I see the point of this. (Score:5, Insightful)
Re: (Score:3)
The obvious logical fallacy with your statement is that, just because other regimes may be evil and corrupt, it does not mean that the US is not.
Especially since two of the three cases he cited the US was complicit by providing the country military aid (Sudan was the 6th largest recipient of US military aid and everybody knows about the billions given to Pakistan).
Re:Not sure I see the point of this. (Score:4, Insightful)
Re: (Score:2)
At this point, I'm willing to say there's something really structurally broken with our system. Guess we'll see another case study for that come Aug-2.
Re: (Score:2)
But most people in germany (i know from personal experience) ARE idiots. Why should it have been otherwise when Hitler was elected?
Re: (Score:2)
That only works if you give such an overly broad definition to "evil" that basically any organization will fall under it. Evil is a very strong word, and it's absurd the way it's thrown around by obnoxious man-children looking to feel oppressed.
Re: (Score:2)
I don't think you're more damning, just more generalizing. Torture is absolutely evil. But that doesn't make the entire nation -- or even the entire military -- evil, the way some people around here seem to believe.
Re: (Score:2)
How is the US messing up Libya?
Re: (Score:2)
Huh? They found oil in NKor? When?
Re: (Score:2)
Cheap Manufacturing.
Wrong, about nearly everything in your post. There are very few North Korean factories run by South Korean companies (about 40,000 workers employed) and those factories only turn a small profit when you take into account North Korea's bellicosity, such as unilaterally shutting down the industrial park from time to time, demanding "wage increases" for its citizens, of which all goes to the North Korean state anyway.
And the reason war won't start on the peninsula is because of a kind of "mutually assured d
Re: (Score:3)
How does releasing email addresses and passwords aid the fight for good and thwart evildoers?
Maybe next time, they won't hire contractors relying on porous security, able to be penetrated by any script kiddy with a modem, increasing the security of the US Defense Force in the process. But more likely, they'll just send goons after script kiddies - goon security is easier than real security.
Re:Not sure I see the point of this. (Score:5, Insightful)
How does releasing email addresses and passwords aid the fight for good and thwart evildoers?
If LulzSec/Anonymous can do it, so can our enemies and allies.
The fact that these guys are so prolific and haven't been caught yet, strongly implies that others have done the same thing.
And probably gotten away with it because they didn't announce it to the world.
The fact is, this will go on for as long as LulzSec/Anonymous feels like doing it.
Between government agencies and contractors, there's just too much low hanging fruit.
BUT, all things being equal, I'd rather it was blackhats humiliating us in public instead of China silently doing it for economic gain or espionage.
Re: (Score:2)
So we should just start driving down the streets murdering people, just to prove how easy it is and show that gun laws should change? There are better ways to effect change. Steal the passwords, burn them to some DVDs, mail them to some congressmen, and maybe a newspaper. Don't publicly distribute them.
Re: (Score:2)
That's why you send it to newspapers too. They love a scandal.
Re: (Score:2)
Considering the weapon power of the US, most countries would be classified as "mostly harmless". So I guess you're right.
Re: (Score:3)
Because they'd want that information for themselves instead of having it released to the public? Because they'd want the US to feel safe and secure so they have it easier if they want to hack and cripple the infrastructure?
C'mon, what's their gain? Humiliation? Please, gimme a break. The US are quite capable of internationally letting their pants down without foreign aid, they're quite self sufficient in that area.
Re: (Score:2)
It goes to show that 'whitehat' security companies are mostly clueless and are not delivering on their promise of security.
Or it shows that lumbering bureaucracies have fundamental disadvantages that can not be overcome by bolting on additional layers of bureaucracy (read: compliance).
Conspiracies... (Score:2)
I just can't help but think what has changed recently which might explain the flood of all these high profile attacks.
A critical mass of stupidity? (OWASP greatest fails)
TLA false flagging for 1984 legislation?
Two hacking groups (lulz and anon) with nothing better to do?
Whatever the reason I hope people are taking this opportunity to wake up.
Re: (Score:2)
Re: (Score:2, Insightful)
This is what happens when a government oppresses its people for too long -- anarchy. Obama wants people to believe he can control the Internet, but he can't. "The more you tighten your grasp, Tarkan, the more the galaxies slip through your fingers."
Er... what oppression are you referring to? Or is this another case of someone who has little idea what real oppression is like trying to say that he US is sooooo evil and oppressive because... oh.. I don't know.. something or other.. Not saying it is perfect and hasn't gotten less free over time.. just saying that if you think living in the US is living under oppression then you don't know what oppression really is.
Re: (Score:2)
So the fact that other countries are more oppressive is an excuse for governments to take away liberties? Fine, I'm not rotting in jail or anything like that, but I find myself unable to make even the most basic living under these wartime conditions. Jail is not much worse than my current situation.
No, and I don't believe I said anything close to that. What I did say is that the current conditions in this country, even factoring in your unfortunate ones, are not even close to real oppression and that there very much is a difference. You mentioned rotting in jail. If you go out on the street and declare that Obama is a dick, will you go to jail? Are you posting freely and openly on the Internet with little to no fear of a knock in the night? If you were homosexual and told the world, are you likely to
They sure have some bawlz. (Score:3)
You got to hand it to them: These blackhat/lulz Hacker types sure do have some balls. I'd be scared shitless to pull such a stunt, even if I *did* have the information. I'd be super-ultra-extreme paranoid and cover my tracks many times over. I actually wouldn't know where to start when attemting that.
Probably something like this:
1. Multiple levels of undetected low-profile unix breakins to start off a botnet.
2. Multiple levels of botnets on top of that to finally hack the systems involved in the attack and breach, using totally different malware strategies as to go undetected among the usual hodge-podge of criminal botnets.
3. Low-profile IDS on all levels to scout for detection or suspicious tracing activity 24/7.
4. Encrypted, low-profile bit-by-bit intrusion and trickle-data-grab over weeks or months.
5. Complete rollback and teardown of the entire network with IDS remaining on the last lines of defense (see 1.) ready to send out signals if someone comes for you.
6. Wait. A long time.
7. Release data and press release over simularly complex channels.
Imagine what happens to you if the CIA or some other 3-letter blackops finds out where you're at. Your life is pretty much over then.
Re: (Score:3)
This type of knowledge has been deemed dangerous. Please report to your local intelligence agency for evaluation and risk assessment.
Re: (Score:2)
Re: (Score:2)
Tell that to the majority of Qaeda members who've been making a mockery of the CIA for decades.
More likely is that if any of these crackers are even caught, the CIA will make a deal to coopt them instead of destroy them. The CIA likes nothing better than skilled makers of mayhem - except perhaps mayhem itself.
Re: (Score:2)
Your plan would fail at this point:
"1. Multiple levels of undetected low-profile unix breakins to start off a botnet."
Two years ago it took some bad guys 6 months to hack into only 700 Linux boxes [blogspot.com] because they had to do it manually. Just sending an email with an infected packet won't work on Linux the way it worked to create the most recently discovered Windows botfarm, which contained over 4,500,000 Windows zombies.
Re: (Score:2)
Re: (Score:2, Informative)
you're more or less right-- the OP is just gonna get busted tinkering with IDS on his botnet or whatever crazy crap and never get to his actual target.
Just go to a coffee shop you've never been to on the other side of town and pop a wifi AP in the area. Just be mindful to not do stupid shit like log into your facebook account and treat it sorta like an OTP-- dough-nut re-use.
This last part is crucial, go check max butler's 2nd case, they figured out what APs were available, and then cross-referenced them wi
Re: (Score:2)
I'd suggest adding that you use a machine that you use only for this and never for anything that could remotely be tied to you.
Re: (Score:2)
Haven't they made some arrests in a few European countries, and the targets are, like, 17-year-old kids? Outright naivete and foolhardiness will short-circuit a lot of your track-covering-requirements right quick.
Like for all the same reasons you can only really fight wars with a bunch of mostly un-laid young men. Or as "the war nerd" wrote this spring: in a real combat, it's your bravest friend who would be at the front and the first to die.
Re: (Score:2)
IIRC that was over the LOIC thing. I somehow doubt the LulzSec guys were stupid enough to even touch that with a mile long pole.
Re: (Score:2)
You got to hand it to them: These blackhat/lulz Hacker types sure do have some balls.
They're 14-year-olds. They barely have pubic hair and I'm not sure that all of them have a full set yet.
Re: (Score:2)
If they're 14year olds, I want their resume as soon as they get a chance. If they can achieve this level of skill at just 14 years of age, I certainly want them on my team.
I'm hiring. And paying well. Just get out 'fore you have a police record, that would be a showstopper.
Re: (Score:2)
That hasn't worked for ages by now. The CIA soon learned that hiring the people who'd hack you for fun isn't really a good idea. They tend to be less ... loyal.
Let's be sensible here. You have someone who hacked you, a rather intimidating looking three letter agency, for kicks. Why did they do that? Certainly not because they like you so much.
Don't be dense. (Score:2)
Age of Assholes (Score:3)
On the one hand, the military and its contractors are assholes for exposing tens of thousands (and surely more) of military people's accounts to cracking and outing.
On the other hand, Anonymous is assholes cracking and outing tens of thousands (and surely more) of military people's accounts.
That's both hands assholes. Have you noticed that everyone in public life these days is an asshole?
Re: (Score:2)
Some think it's worth to fight what they perceive as evil by blowing themselves up. So I guess risking going to a PITA prison is rather tame in comparison.
So now (Score:2)
"Pearl Harbor" (Score:2, Interesting)
Re: (Score:2)
Yeah, because a break in at some third rate defence contractor is equivalent to the destruction of a large part of the US pacific fleet and the deaths of thousands of US military personnel.
A "digital Pearl Harbor" would be a break in to something like the NSA/CIA/Pentagon that allowed an enemy to gain and exploit a military advantage.
Re: (Score:2)
BAH is not a third rate defense contractor. They provide software to three letter USA government agencies. If a contractor to three letter agencies is compromised, then this might affect the agencies especially if some future exploitable weakness has been discovered (and not later fixe). Or information about how the agencies is implementing security or other operational things.
Digital Pearl Harbor means many things, IMHO, but one is being surprised by an attack that you have not fully anticipated.
Re: (Score:2)
Sure, the U.S. Military could be Anonymous. It could be anyone.
Pro American comments here? (Score:2)
Strong pro military comments here. It would be better if A. only hacked the emails of high military leaders, up from a General, but it's just against the law to hack the email accounts, think about it this way:
If I bunch of teenagers could do it, so can other states do it. Who knows how long the email accounts are actually already hacked by China or N. Korea. Now A. exposed the security hole and at least the military needs to change their passwords.
Also the US military are not good Samaritans. Who known how
Do it to other countries too. (Score:2)
It's not fair that the US is the only one who gets hacked like that, they should hack all countries equally. I'm sure my own country has plenty of dirty laundry as do many others. Especially China.
Re: (Score:2)
still quite strong. yet more proof that MAFIAA can't win!
Re: (Score:2)
good luck
Re: (Score:2)
Re:holy crap!! (Score:5, Insightful)
Hmm... odd, I live in a country not too different from what you describe. We have "free" health care (read: I pay for it with my taxes), we have one of the lowest crime rates in the western world, unemployment is manageable (and you can actually survive on your unemployment aid), I am looking at 4 weeks of paid vacation (mandatory, not 'cause I am so incredibly qualified that I can afford asking for it), 2 extra salaries per year (mandatory again), my retirement is taken care for (again, taxes)... yet I do not pay 120% taxes or can't get any goods in our stores because nobody wants to produce or sell anything here. Odd, ain't it?
And know what? While the economy crisis did hit my country too, it didn't hit it by any kind of margin as hard as it did hit the US or other countries that subscribed to the ideal of "letting the market sort crap out". Why? Because people here actually do have money to buy crap. More to the point, to buy services. And since my country, like most of the "civilized" world, depend heavily on services for its GDP, our economy is still fairly stable. Services is the first thing people cut back when money is tight. A haircut? Put that off another few weeks. Fix the plumbing? Hell, let that faucet drip. Go out for dinner or the pub? Rather cook at home or watch the game with friends in your living room. That's what crippled the economy in most other countries, because people lack the MONEY to buy those services. You cannot cut back on food. You have to eat. You cannot cut back on your rent, you have to squat somewhere. But you can cut back on "vanity" like haircuts, repairs or a night on the town. We didn't have to. We still got money in the pockets of our working class people.
So please, keep your perfect system. I like the US, the dollar's weaker than a chocolate coin in the hot summer sun and that means I get to buy cheap electronics with my, despite all odds, fairly stable currency.
Re: (Score:2)
Tell that to to her. [dailymail.co.uk]
Re: (Score:2)
I'd say it depends on the implementation. And a few people like this aren't enough to convince me that it's worse than the current system.
Re: (Score:3)
Congratulations on unearthing the case where "our" system failed.
One thing this system does is to increase the workload on you, the patient. That's the unfortunate truth and that means that you actually have to be more self-dependent than in a system where you pay for the operations and hence call the shots. Not less. You have to take care that you went to the right doctors at the right time to get the right diagnosis so they know that you actually need that operation. It's true that you cannot simply go up
Re: (Score:2)
Well yes, you get the surgery, then when the bill comes you file bankruptcy; of course with her student loans, inability to work she'd get Medicaid to pay for her health needs and probably SSI too.
Re: (Score:2)
None of the countries that have free healthcare have a military(specific portions of the militaries notwithstanding.) that is at all worth a damn. Moreover, in order to build up a military that could do anything, they would have to gut their social programs, including their free healthcare. The idea that if the US military became completely ineffective except at defending the US that everything would be hunky-dory is fucking delusional. Nature abhors a vacuum, and the conflits that would flare up would make
Re: (Score:2)
That's right - the certainty of vast damage, perhaps triggering armageddon, is worth the annoyances, risks, and comparatively tiny damages of fixing security bugs.
You're an idiot.
Re: (Score:2)
http://en.wikipedia.org/wiki/Cutting_off_the_nose_to_spite_the_face [wikipedia.org]
Re: (Score:2)
Get with the times, man, the guys we don't like are labeled terrorists today.
Re: (Score:3)
Don't think so. I could China see say "Dammit, why did they have to? Now they might tighten their security and when we need to get in it's gonna be harder".
Re: (Score:2)
You're still assuming some kind of organization in the whole mess. Anonymous is no "group" in the common sense, and I somehow doubt that LulzSec is. It's a bunch of people who sail under the same flag, but that doesn't make them a nation.
Re: (Score:2)
Do America a favor and do NOT do it!
When it's time for war with China, the last thing you need is that they got a heads-up that their systems were insecure.