Print 59 comment(s) - last by Keeir.. on Jul 18 at 7:23 PM

AntiSec has successfully attacked security contractor Booz Allen Hamilton, who it accuses of social engineering.  (Source: Booz Allen Hamilton)

As part of the attack AntiSec exposed the usernames and passwords of U.S. soldiers.  (Source: AP Photo)

Members of parent group Anonymous are also attacking agriculture giant Monsanto.  (Source: Food Freedom)
Ex-LulzSec members and their new help from Anonymous continue to wreak havoc on the web

AntiSec, first a project launched by infamous hacker group LulzSec [1][2][3][4][5][6][7][8][9][10][11][12][13][14], and later the name of a new hacker collective formed by members of the now-defunct LulzSec, continues to strike.  Its mission is to attack international governments and corporate interests.

I. Who is Booz Hamilton and Why Were They Hacked?

Much like the February attack on HBGary by Anonymous, or the late May attack on Infragard -- a private sector affiliate of the U.S. Federal Bureau of Investigation -- the latest attack focused not on official government servers, but on a contractor with weaker security.

This time around AntiSec's victim was Booz Allen Hamilton, a prestigious contractor with hundreds of millions of dollars of contracts in its name.  Booz Hamilton employs former U.S. Central Intelligence Agency director Robert James Woolsey Jr. and former U.S. National Security Agency director John Michael "Mike" McConnell.

AntiSec says it targeted the group for a couple of reasons.  First, it points to the company's alleged complicity in monitoring private sector financial transactions during the SWIFT investigation.  Second, it writes about a secret social engineering project which HBGary and Booz Hamilton cooperated on, stating:

One of the more interesting, and sadly overlooked, stories to emerge from HBGary's email server (a fine example to its customers of how NOT to secure their own email systems) was a military project - dubbed Operation Metal Gear by Anonymous for lack of an official title - designed to manipulate social media. The main aims of the project were two fold: Firstly, to allow a lone operator to control multiple false virtual identities, or "sockpuppets". This would allow them to infiltrate discussions groups, online polls, activist forums, etc and attempt to influence discussions or paint a false representation of public opinion using the highly sophisticated sockpuppet software. The second aspect of the project was to destroy the concept of online anonymity, essentially attempting to match various personas and accounts to a single person through recognition shared of writing styles, timing of online
posts, and other factors. This, again, would be used presumably against any perceived online opponent or activist.

HBGary Federal was just one of several companies involved in proposing software solutions for this project. Another company involved was Booz Allen Hamilton. Anonymous has been investigating them for some time, and has uncovered all sorts of other shady practices by the company, including potentially illegal surveillance systems, corruption between company and government officials, warrantless wiretapping, and several other questionable surveillance projects. All of this, of course, taking place behind closed doors, free from any public knowledge or scrutiny.

II. What Was Stolen?

So what did AntiSec take from Booz Hamilton?  The contents of the heist are available here, courtesy of a torrent hosted by The Pirate Bay.

First, AntiSec made off with 90,000 logins of both private and public sector employees, which include members of the U.S. Military.  Members of US CENTCOM, SOCOM, the Marine Corps, various Air Force facilities, Homeland Security, State Department staff, and what looks like private sector contractors were all exposed.

The passwords are hashed, but they use a very weak unsalted MD5 hash (128-bit), meaning that they should be available in rainbow tables, which these days are even available online.

This breach is very serious, given how people recycle their passwords in numerous locations.  Given the number of exposed logins, it's likely that it will expose at least some soldiers to possible malicious attacks.

Additionally AntiSec claims to have run a shell and used it to delete source code on the company's SVN server.  Honestly, this isn't exactly something they should be lauding, as virtually all defense contractors use extensive tape backups and likely can restore the code without much difficulty.  Ultimately this amounts to a mere annoyance, and perhaps a few lost hours of productivity.

In the more significant department, AntiSec claims to have obtained "maps and keys" to other security contractors.  This could lead to additional attacks, so contractors who could be a target should definitely take a look at the distributed file.

III. Hacktivism?

Again it's hard to condone the kind of social engineering that Booz Hamilton is accused of conducting, but the way that AntiSec went about its intrusion seems rather unfortunate and childish.  Rather than gain access to email, which could actually prove such allegations and put them in context, it instead attacked U.S. soldiers, who already have their hands full.

Even if Booz Hamilton indeed engaged in social engineering, it's unclear who exactly it directed those efforts against.  Obviously, if it was trolling jihadist forums in an attempt to subvert them, that would be significantly different than, say, trolling U.S. political forums.

So was the attack on Booz Hamilton justified?  That depends on your perspective.

That said, Booz Hamilton committed some very poor practices here, which should bring its contracts into question.  First, it clearly did not properly protect its gateway machine.  Second, much like Bitcoin-mega exchange Mt. Gox, it used an unacceptably weak level of encryption, exposing its users to harm.  Third, it failed to code its databases to avoid SQL injection attacks, which should be mandatory for any contractor working with classified materials.

IV. Monsanto Attacked

In related news, Anonymous vowed Monday to step up attacks on contractor Monsanto Comp. (MON).  

Monsanto is a firm with a long and controversial history.  It is accused of abusing intellectual property rights to sue small farms (allowing its patented crops to blow seeds onto their properties, then suing them); trying to bribe officials in Canada and Indonesia [1][2]; and suing dairy farmers who advertise that their milk doesn't contain growth hormones.  And they also were the company responsible for spraying Agent Orange all over soldiers in Vietnam, which is thought to have led to cancer and other ailments.

Anonymous broke the news of new possible attacks, writing:

@MonsatoCo is now suing small dairy farmers for advertising that they use no growth hormones.  For NOT using their product.

The operation's Twitter account "OpMonsanto", posted on June 26:

We're going to hit @MonsantoCo with something a little bit more serious than a DDoS this time around. Fuck 'em. #ExpectUs

It posted a brief press release, writing:

Over the last 2 months we have pushed the exposure of hundreds of pages of articles detailing Monsanto's corrupt, unethical, and downright evil business practices. We've created a nice go-to reference guide on piratepad/anonpad(, backed up elsewhere), where anyone can read up on and add their own info about MonsantoCo.

We blasted their web infrastructure to shit for 2 days straight, crippling all 3 of their mail servers as well as taking down their main websites world-wide. We dropped dox on 2500+ employees and associates, including full names, addresses, phone numbers, and exactly where they work. We are also in the process of setting up a wiki, to try and get all collected information in a more centralized and stable environment. Not bad for 2 months, I'd say.

What's next? Not sure... it might have something to do with that open 6666 IRC port on their nexus server though ;)

Expect Us

It indeed "doxed" Monsanto's employees -- in fact it appears to have exposed the names and addresses of 2,500+ of them.  How this information might be used/abused is unknown, but it could lead to at least some minor harassment.

V. Who is Anonymous/AntiSec/Etc. Again?

Anonymous is a group without a leader.  The group has tens of thousands of members worldwide.  However, not all members are skilled hackers.

Hackers with Anonymous have a tendency to break off into smaller subgroups.  For example LulzSec, who conducted much griefing of gamers in recent months, was one such group.  AntiSec, who targets governments and corporations, is another such group.

Nobody "leads" Anonymous or its subgroups.  Someone simply suggests a target and willing members participate in the attack.

The mass media has had much difficulty wrapping its head around the concept of Anonymous, though it appears most are finally starting to get it.

Anonymous arose via people who met via the image-board site 4Chan, but today the group has grown well outside the confines of that site.  The tricky thing when dealing with Anonymous or its subgroups is that the opinions or actions of one member are not necessarily those shared by another member.

This year Anonymous has been extremely active.  Among other efforts, it helped to influence the revolutions in the Middle East and drive them along.

Ultimately much of what Anonymous and its subgroups do can be viewed as hacktivism of sorts.  However, whether the ends justify the means is a topic of much debate.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Is Monsanto really evil?
By KaTaR on 7/12/2011 5:56:55 PM , Rating: 2
Think about this for a sec.
They do provide most of the world with the advanced crop seeds needed to feed our ever growing and hungry population. They spend $1.3bn per year in R&D to develop newer seeds and chemicals in order for crops to grow faster, produce more, use less water, and resist ever-evolving diseases and insects. A big part of the reason we have access to plenty of cheap food despite emerging market consumption exploding, is because average crop yields per acre have been going up by around 3% to 5% every year for the last two decades thanks in part to evil Monsanto.

I'm not a fan of the company or anything, but lets be honest and keep things in perspective. If we used the same seeds we were using 50 years ago, food production of all types would be a fraction of what it is today. Oil going up 6x because of emerging market demand is bad enough. Better seeds and traits are a big part of why food prices have not gone up the same way. It's not the little farmer who made those improvements, it's Monsanto with their massive R&D budget. So yea, make your money and develop better seeds so we can continue to eat for cheap.

RE: Is Monsanto really evil?
By tng on 7/12/2011 6:16:30 PM , Rating: 3
A companies actions tell you what you need to know.

I have seen the patented seed litigation where a farmer who didn't even want the stuff on his land is sued by Monsanto just because the stuff was carried by the wind and happened to land on his property. Also though I am less familiar with it suing dairy farmers because they advertise the truth (they don't feed growth hormone to cows for increase production)?

What kind of a company sues for such things? Also Monsanto has a very active lobby in state houses that push for rules that, at the very least, produce a competitive advantage for them over other companies.

As for increased food production, there are allot of things that have contributed to that over the past 50 years. I grew up working on farms and have seen many innovative ideas that had nothing to do with the seed itself. Just in the past 5 to 10 years, the advent of GPS has allowed farmers to plant 5 to 10% more on the same land. That is progress.

RE: Is Monsanto really evil?
By KaTaR on 7/12/2011 7:46:22 PM , Rating: 3
A couple of snippets from the court ruling in Canada:

"none of the suggested sources [proposed by the farmer] could reasonably explain the concentration or extent of Roundup Ready canola of a commercial quality."

"Our task, however, is to interpret and apply the Patent Act as it stands, in accordance with settled principles. Under the present Act, an invention in the domain of agriculture is as deserving of protection as an invention in the domain of mechanical science. Where Parliament has not seen fit to distinguish between inventions concerning plants and other inventions, neither should the courts."

Because the stuff grew in a concentrated amount in a concentrated area, his explanation about the wind carrying over didnt fly with the court. With that premise established, that they concluded that it was most likely intentional. If you still think the stuff was carried by the wind, then your argument should be with the Canadian Supreme Court, not the company.

In addition to all this: The guy wasn't just a 'small farmer'. He was in the business of breeding seeds and wanted to sell them for profit. The court said he didn't have to pay any damages to Monsanto for the first year of use but he continued to sue for 6 years after that in order to try and prove that he 'owned' the trats. The reason for that is because he wanted to sell the Roundup resistant canola seeds as a business and compete directly with Monsanto. That kind of tell you everything about why this is far more complicated.

Whether he developed them or stole them (we wont know the truth), the point is that Monsanto was 'evil' because this was potentiall a big IP theft. If the farmer just wanted the stuff off his land this issue would have probably never gone to court.

RE: Is Monsanto really evil?
By JayWiz on 7/12/2011 9:32:36 PM , Rating: 2
Well done, nothing like a little fact research to dispel the internet intelligence (I read it on the 'net). Thanks for the info!

RE: Is Monsanto really evil?
By tng on 7/13/2011 8:59:21 AM , Rating: 2
A couple of snippets from the court ruling in Canada: there are a couple of cases where they were correct in bringing litigation. Here are a some "snippets" from the other side.

The Center for Food Safety[109] listed 112 lawsuits by Monsanto against farmers for claims of seed patent violations. The Center for Food Safety's analyst stated that many innocent farmers settle with Monsanto because they cannot afford a time consuming lawsuit. Monsanto is frequently described by farmers as "Gestapo" and "Mafia" both because of these lawsuits and because of the questionable means they use to collect evidence of patent infringement.

We can dig up all 112 lawsuits if you want and that is just in the US.

Another one for you...
Gary Rinehart of Eagleville, Missouri was sued by Monsanto in 2002, which claimed he had violated their Roundup Ready Soybean patent. Rinehart was not a farmer or seed dealer, but he still had to spend money for his legal defense. Monsanto eventually dropped the lawsuit, but never issued an apology, admitted to making a mistake, or was compelled to pay for Rinehart's legal expenses, The company has also been accused of showing up at farmers' houses, making accusations, and demanding records
There is more if you want, this is just from Wikipedia, there is tons and tons more out there....

“And I don't know why [Apple is] acting like it’s superior. I don't even get it. What are they trying to say?” -- Bill Gates on the Mac ads

Most Popular ArticlesAre you ready for this ? HyperDrive Aircraft
September 24, 2016, 9:29 AM
Leaked – Samsung S8 is a Dream and a Dream 2
September 25, 2016, 8:00 AM
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
Snapchat’s New Sunglasses are a Spectacle – No Pun Intended
September 24, 2016, 9:02 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki