Anonymous publishes 90,000 military emails in Booz Allen Hamilton attack

Anonymous has released data from a series of hacking attacks on military contractor Booz Allen Hamilton, including 90,000 military emails, in what the group calls Military Meltdown Monday.

The hackers released a 130MB file including the email addresses and 'unsalted' MD5 password hashes of 90,000 military personnel, although it is unclear how many of these are duplicated or dead accounts.

Anonymous also claims to have taken source code from the company and a complete compressed SQL dump.

"As part of Booz Allen Hamilton's security policy, we generally do not comment on specific threats or actions taken against our systems," the company told V3.co.uk in a statement.

Anonymous claimed that Booz Allen Hamilton was involved in similar research to HBGary for the surveillance of internet communications, and that some of the technology used would be considered illegal under EU law.

"We found maps and keys for various other treasure chests buried on the islands of government agencies, federal contractors and shady whitehat companies. This material surely will keep our blackhat friends busy for a while," the group said.

Anonymous claimed that it took about four hours to break into Booz Allen Hamilton's servers, and posted an invoice for $310 for the time taken.

John Bambenek, founder of Bambenek Consulting, explained on the SANS Institute blog that the attack method is unknown at this stage.

"That said, it is no longer secure to hash your passwords with MD5, much less when it is unsalted. Take a look at using a SHA-2 variant, if possible," he said.

"Also, require strong and long passwords while minimising password reuse to avoid compromised credentials being used to dig deeper into an organisation."

The attack comes as part of a wider hacking campaign under the AntiSec movement by the now disbanded LulzSec collective. A purported member of Anonymous warned of a string of attacks on military intelligence sites.

"We are working on two of the biggest releases for Anonymous in the last 4 years. Put your helmets on. It is war," the hacker known as Sabu tweeted.

Some press reports have speculated that the hacking is timed to coincide with the beginning of WikiLeaks co-founder Julian Assange's extradition hearing, but this has been denied by WikiLeaks.