July 12, 2011, 2:52 PM — Just in case you read IT security stories about unstoppable Chinese hackers, script kids who walk at will through the servers of the Senate and CIA and DDOSers who crash on a whim anything that ticks them off in the slightest, and console yourself with reassurances from the Pentagon that at least it's not at real risk:
Anonymous posted the names, emails and password hashes of 90,000 members of the U.S. military, which it said it got by cracking giant defense and government-systems consultancy Booz Allen Hamilton.
In addition to the emails and passwords (still hashed and encoded, so at least they're not completely exposed), which Anonymous posted on The Pirate Bay yesterday, a press release claimed the group nabbed 4GB of source code (!) and “maps and keys for various other treasure chests buried on the islands of government agencies, federal contractors and shady whitehat companies.”
That last bit could mean anything from a detailed map of network access points and authentication data or (way more likely) a list of semi-public URLs similar to those the former members of LulzSec used to hit with pre-scripted SQL injection attacks before swiping data on private citizens and posting it online.
The press release announcing the attack claimed Booz Allen's server was virtually unprotected, allowing Anonymi who are former LulzSec'ers free access to swipe the emails, download the source code and then wipe it, and take off with "related datas on different servers we got access to after finding credentials in the Booz Allen system."
The former LulzSec'ers said Booz Allen's participation in the SWIFT covert surveillance program – which the ACLU criticizes as being on thin legal ice in both Europe and the U.S. Even if it's perfectly legal, the ACLU concludes, it's invasive of privacy, provides too much unsupervised power to government agencies and is not clear about its goals and methods.