Update July 14: Database Re-leaked
A couple of hours ago Anonymous re-leaked the info of 2,500 Monsanto employees enriched with further data. The reasons are explained in the following statement:
We previously leaked 2551 emails and names of MonsantoCo employees and associates for the whole internets to see.
Immediately following this, attacks were made attempting to access/change the password on the OpMonsanto Twitter account as well many failed login attempts on 2 corresponding email accounts.
The paypal account used to finance the operation was reported and all assets frozen. Somebody, most certainly, is mad at us :(
We didn’t appreciate that very much, so we updated the leaked database to include
the previously redacted city/state/country and phone numbers.
Operations remain unaffected, this is just the beginning.
In response to some attempts to hack the #OpMonsanto Twitter account, Anonymous decided to disclose further information about the leaked records (Cities and Phone Numbers). The last phrase of the statement sounds particularly threatening: This is just the beginning… And it is further confirmed by a gloomy tweet. A warning for Exxon (#OpExxon) as well, the next alleged target?
Few hours after the attack to consulting firm (and military contractor) Booz Allen Hamilton, Anonymous has performed another resounding operation. As part of their #OpMonsanto, the Anonymous have leaked info of 2500 employees belonging to Monsanto, including their home address.
The reasons behind the attacks have been explained with a subsequent tweet:
are an aftermath of the WikiLeaks affair and concern the alleged strategy used by Monsanto to push GMO. Few days ago Anonymous warned Monsanto to expect something “more serious than a DDOS” after the company filed lawsuits against organic farmers for labeling their product as not containing growth hormones. At the end something more serious than a DDOS happened…
- Another One Bytes The Dump (paulsparrows.wordpress.com)
It looks like that security issues for US Military contractors never end. The consulting firm Booz Allen Hamilton is only the last which has fallen under the blows of anonymous. In the name of the #AntiSec operation hackers claimed today that they compromised a server released internal data, including about 90,000 military e-mail addresses. Due to the huge amount of data leaked, the operation was called #MilitaryMeltdownMonday.
We infiltrated a server on their network that basically had no security measures in place. We were able to run our own application, which turned out to be a shell and began plundering some booty. Most shiny is probably a list of roughly 90,000 military emails and password hashes (md5, non-salted of course!). We also added the complete sqldump, compressed ~50mb, for a good measure.
The entire statement is available on pastebin, while the leaked data have been inserted into a torrent at The Pirate Bay, and are also already available on pastebin, although password are hashed (but not salted).
We also were able to access their svn, grabbing 4gb of source code. But this was deemed insignificant and a waste of valuable space, so we merely grabbed it, and wiped it from their system.
It was clear that something was in the air since a couple of days, as some tweets announced “the biggest day in #anonymous‘ history according to sabu”:
This might be an indication that the ghost of the infamous group LulzSec played a crucial role in the attack to Booz Allen Hamilton. As a matter of fact Sabu, is the alleged leader of the infamous group LulzSec, and also the alleged author of the hack to HBGary Federal, another military contractor hacked earlier this year becouse of its CEO Aaron Barr claimed to have unmasked some Anonymous members. In response to his actions, the hackers dumped 71,000 emails which revealed, among the others things, that HBGary had worked with Booz Allen Hamilton to develop a response plan for Bank of America based on what the bank feared might be an upcoming leak of its internal documents by WikiLeaks.
The Anonymous statement also paints the contractor as another player involved (together with HBGary) on a military project, dubbed Operation Metal Gear by Anonymous (for lack of an official title) designed to manipulate social media, and as a revolving door of military-related conflicts of interest, and argues that the firm has been involved in mass surveillance projects.
The company wrote on its Twitter feed that “as part of @BoozeAllen security policy, we generally do not comment on specific threats or actions taken against our systems.”
This is only the last attack to a U.S. Contractor. On July, the 9th, Anonymous attacked IRC Federal, an FBI contractor, and dumped the content of the attack on a torrent available once again at The Pirate Bay. The dumped content apparently included databases, private emails, contracts, development schematics, and internal documents for various government institutions. The attack was performed as a sequel to the first one against Infragard, another FBI affiliate, on June, the 3rd performed (what a coincidence) from LulzSec.
After HBGary Federal, between April and May 2011 three U.S. Defense contractors: L-3, Lockheed Martin and Northrop Grumman were attacked by using compromised RSA seeds, although in this case no one has been identified as the author of the attacks, and also no connection with anonymous has been found.
- Hackers claim they exposed Booz Allen Hamilton data (news.cnet.com)
- 50 Days of Hunt (paulsparrows.wordpress.com)