Learning Center
Plans & pricing Sign in
Sign Out
Get this document free

news and sports


									Defense Contactor Booz Allen Is
Latest Target for Hacker Group
The latest target for the hackers formerly known as LulzSec is U.S. defense
contractor Booz Allen Hamilton.
Yesterday, Booz Allen confirmedthat its network had been attacked. On
Monday, the hacker group Anonymous announced that it had penetrated Booz
Allen’s network and posted to the file-sharing siteThe Pirate Bay a file
containing some 90,000 email addresses of military personnel plus “password
hashes.” A hash is generally an encrypted version of a password, one that can’t
be easily reversed to obtain the actual password.
AnonymousIRC, is the new name for the gang that used to call itself LulzSec.
By working under the flag of Anonymous, the former LulzSec hackers, who
gained notoriety forrepeated attacks against Sony, are associating themselves
with the amorphous group that has variously harassed such targets as the The
Church of Scientology, PayPal, and thecredit card companies. The group is
promising at least two more data dumps this week.
Booz Allen downplayed the incident saying in a statement that “at this time,
we do not believe that the attack extended beyond data pertaining to a
learning management system for a government agency.” A Learning
Management System, or LMS, is used to track the training of workers on the
job, and its a something Booz Allen helps the federal government with
regularly. For instance it works with federal Office of Personnel Management
to help federal agencies with on-the-job training.
As computer security breaches go, this one probably rates fairly low on the
severity scale. It’s not clear from Booz Allen’s statement what the system was
used for or whether it was connected to any sensitive government work.
The larger concern is that military personnel whose addresses have been
published in the file will next be targeted for attack via spearphishing, a
method where a legitimate-looking email messages are sent to the target
containing attachments that look routine, but are really malware that can
capture a password. If they know what’s good for them, the folks whose
addresses were leaked have changed their passwords and will carefully
scrutinize email messages that contain attachments.
There is however a pretty good chance that many of the addresses publicized
are out of date. Mililtary personnel move around a lot, and their email
addresses often change when they move from one facility to another. By
chance I saw this message on Twitter from Phillip Stewart, who’s serving in
the US Air Force:
ranked No. 19 on Fortune's 2010 rankings of America's largest corporations. Wells Fargo's vision is
to satisfy all our customers' financial needs and help them succeed financially.

SOURCE: Wells Fargo & Company

To top