An anonymous reader writes: from TFA: Today we want to turn our attention to Booz Allen Hamilton, whose core business
is contractual work completed on behalf of the US federal government, foremost
on defense and homeland security matters, and limited engagements of foreign
governments specific to U.S. military assistance programs.
So in this line of work you'd expect them to sail the seven proxseas with a
state- of-the-art battleship, right? Well you may be as surprised as we were
when we found their vessel being a puny wooden barge.
We infiltrated a server on their network that basically had no security
measures in place. We were able to run our own application, which turned out to
be a shell and began plundering some booty. Most shiny is probably a list of
roughly 90,000 military emails and password hashes (md5, non-salted of course!).
We also added the complete sqldump, compressed ~50mb, for a good measure.
We also were able to access their svn, grabbing 4gb of source code. But this
was deemed insignificant and a waste of valuable space, so we merely grabbed
it, and wiped it from their system.
Additionally we found some related datas on different servers we got access to
after finding credentials in the Booz Allen System. We added anything which
could be interesting.
And last but not least we found maps and keys for various other treasure chests
buried on the islands of government agencies, federal contractors and shady
whitehat companies. This material surely will keep our blackhat friends busy
for a while.