LulzSec won't go away; posts emails of 90K troops under the name Anonymous

Just in case you read IT security stories about unstoppable Chinese hackers, script kids who walk at will through the servers of the Senate and CIA and DDOSers who crash on a whim anything that ticks them off in the slightest, and console yourself with reassurances from the Pentagon that at least it's not at real risk:

Anonymous posted the names, emails and password hashes of 90,000 members of the U.S. military, which it said it got by cracking giant defense and government-systems consultancy Booz Allen Hamilton.

In addition to the emails and passwords (still hashed and encoded, so at least they're not completely exposed), which Anonymous posted on The Pirate Bay yesterday, a press release claimed the group nabbed 4GB of source code (!) and “maps and keys for various other treasure chests buried on the islands of government agencies, federal contractors and shady whitehat companies.”

[LulzSec offers to take down any site you choose and Forget cops; other hackers are taking down LulzSec and Anonymous]

That last bit could mean anything from a detailed map of network access points and authentication data or (way more likely) a list of semi-public URLs similar to those the former members of LulzSec used to hit with pre-scripted SQL injection attacks before swiping data on private citizens and posting it online.

The press release announcing the attack claimed Booz Allen's server was virtually unprotected, allowing Anonymi who are former LulzSec'ers free access to swipe the emails, download the source code and then wipe it, and take off with "related datas on different servers we got access to after finding credentials in the Booz Allen system."

The former LulzSec'ers said Booz Allen's participation in the SWIFT covert surveillance program – which the ACLU criticizes as being on thin legal ice in both Europe and the U.S. Even if it's perfectly legal, the ACLU concludes, it's invasive of privacy, provides too much unsupervised power to government agencies and is not clear about its goals and methods.

What Anonymous accomplished with the hack, other than exposing the names and emails of 90,000 service members who are more at risk for fraud and violence than before their names were public, was a little embarrassment for Booz Allen. The only hope for this particular attack being any more than an error in judgment for Anonymous, for endangering service members, is that Booz Allen's embarrassment will turn into something more than just recrimination from the Defense Dept., which can't be happy with this level of evident security, or lack of it.

In a related but far less annoying announcement, the AnonNews site posted a message to NATO warning it ...well, it's not clear what Anonymous was warning NATO against except not defending secrecy and having power.

Oh, and disrespecting Anonymous. There is a lot of talk about "not break[ing] the rules" and how unnamed governments need to respect the law. And there is a lot of it is about not disrespecting the hactivists.

"Do not make the mistake of challenging Anonymous. Do not make the mistake of believing you can behead a headless snake....If you cut down one Anon, ten more will join us purely out of anger at your trampling of dissent."


The "far less annoying" part wore out pretty quickly.

LulzSec may have simply rejoined Anonymous, but it seems as if the tone, attitude and annoying self-puffery of the Lulz has taken over the briefly more respectable(ish) tone of Anonymous, at least when it was creating and enforcing its own foreign policy, if not when it was busy in flame wars with script kids or other hackers.

The problem with Anarchy, apparently, is its short attention span and the people who organize it.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon