July 11, 2011 at 4:24 PM ET
Hacking group Anonymous said Monday it infiltrated a server belonging to military consulting firm Booz Allen Hamilton and made available approximately 90,000 military email addresses online.
The hack was the second in the past week to target major companies doing business with the federal government. Late last week, Anonymous shared databases and emails it said it obtained by hacking the website of IRC Federal, a company that contracts with federal government agencies, including the FBI and the U.S. Department of Defense, for information management services.
"In this line of work, you'd expect them (to have a) state-of-the-art battleship, right? Well you may be as surprised as we were when we found their vessel being a puny wooden barge," Anonymous said on The Pirate Bay file-sharing website. "We infiltrated a server on their network that basically had no security measures in place."
A Booz Allen spokesman contacted by msnbc.com declined to comment, steering a reporter to the company's Twitter account, where the company posted this: "As part of @BoozAllen security policy, we generally do not comment on specific threats or actions taken against our systems."
Anonymous said that in addition to the email accounts and encrypted passwords it obtained:
...We found some related (data) on different servers we got access to after finding credentials in the Booz Allen System. We added anything which could be interesting. And last but not least we found maps and keys for various other treasure chests buried on the islands of government agencies, federal contractors and shady whitehat companies. This material surely will keep our blackhat friends busy for a while.
The loose collective of hackers also posted an "invoice" to Booz Allen for its work, a "bill" of $310. The total, the group said, is based on four hours of "man power, $40; network auditing, $35; Web-app auditing, $35; network infiltration, $0; password and SQL dumping, $200; decryption of data, $0; and media and press, $0."
These asterisks to the "amounts" added double salt: "Price is based on the amount of effort required ... price is based on the amount of badly secured data to be dumped, which in this case was a substantial figure ... no security in place, no effort for intrusion needed."
Anonymous gained notoriety for its denial-of-service attacks on Visa and MasterCard late last year. Those attacks were retribution, Anonymous said, because the companies halted online donations during the WikiLeaks controversy, blocking contributions to Bradley Manning, the accused document leaker now in custody.