Feeds

back to article 'Meltdown Monday' Anonymous hackers leak military mails

Anonymous uploaded 90,000 military email address and associated password hashes onto a file-sharing network on Monday as part of an operation it christening Military Meltdown Monday. The sensitive data came from a hack against military contractor Booz Allen Hamilton, which Anonymous hinted had yielded further sensitive …

COMMENTS

This topic is closed for new posts.
Silver badge
Stop

Woops

Monikers like AntiSec and Anonymous are quickly becoming nonsensical, as they seem to be taken up by groups with widely different agendas.

...At least, when every Muslims terrorist group in the planet are claiming to be affiliated with Al-Qaeda, you know that they are all fighting the US.

3
1
FAIL

Godwin's law needs an update...

Perhaps something along the lines of "As an online discussion grows longer, the probability of a comparison involving al-Qaeda approaches 1."

7
4

This post has been deleted by its author

Facepalm

umm....

"As an online discussion grows longer..."

but ratfox's was the first comment.

5
1
Silver badge

oh look

its the net jihadists invoking godwins law

2
1
Silver badge

Not a Godwin issue here

The US is attempting to label 'trouble-makers' as 'terrorists', the original comparison was quite in context.

3
2
FAIL

@ Not a Godwin issue

Only if you believe that you believe that juvenile mischief by script kiddies is in any way comparable to suicide bombers blowing up children. Personally, I find it to be an inappropriate hyperbolic comparison, an offensive disregard for the people actually being killed by real terrorists, and a dangerous boost to the ego of "hacktivists".

3
3
Silver badge

Alien Invasions .....

"Monikers like AntiSec and Anonymous are quickly becoming nonsensical, as they seem to be taken up by groups with widely different agendas.

...At least, when every Muslims terrorist group in the planet are claiming to be affiliated with Al-Qaeda, you know that they are all fighting the US." ..... ratfox Posted Tuesday 12th July 2011 13:14 GMT

Actually, is it not the US and media which claims Al-Qaeda affiliation to Muslim terrorist groups on the planet, ratfox? As a crazy meme, there is no doubting it is a prime, sub-prime mover/driver for combative empire building behind an out of control rogue renegade element, and that is not nonsensical, is it, whenever so plausible even in the face of vehement denial. The proof is there for all to see with lingering occupations/verifiable jack boots on the ground in foreign lands.

0
0
Silver badge
Thumb Down

Lost the plot?

The quote "Obscure personal data before you publish; otherwise you are considerably worse than those you are attempting to shame." just about sums it up. What are they playing at?

4
2

RE:

Not that I disagree with you or the author, but if they "Obscure personal data" wont that remove the evidence they have of carrying out the attack in the first place, and result in them being accused of making it up?

2
3
Boffin

Not at all.

If they obscured all but the first three characters of every password hash and email address, they would make the data 'useless', but it would still be a perfect match against the database. It's like posting a list of names and ID numbers:

Bob XXXXXX ___-_843

Fred XXXXXX ___-_139

Jill XXXXXX ___-_687

Sue XXXXXX ___-_440

That list tells you nothing if you don't know what the original information looks like, but if you knew what the data looked like, you'd know someone had taken it.

3
1
Silver badge
Joke

Fred XXXXXX ___-_139

How did you get my dads credit card number, You cad.

0
0
Pint

"Find the flaws...

...publish your successes if you must, but have the decency to spare the innocent victims of your activities. Obscure personal data before you publish; otherwise you are considerably worse than those you are attempting to shame."

That would be from real hackers.

What they do is vandalism, and put shame on hackers.

They seems technically good. They should be even better by showing higher standards than the ones they attack.

5
1
Silver badge

Needless?

If the actions taken are 'needless' then why the hell hadn't 'security' firms sorted out security.

At least the latest bunch actually published what they'd found - who knows how many others have been browsing around and for how long.

I would suggest that if the security was a bit iffy then personnell were compromised a long time ago.

4
2
Black Helicopters

"Full discosure"

Who is implying this is anything of the order of "full disclosure"?

0
0
Anonymous Coward

Initial thoughts

What a load of stunts.

1
0

Not sure if they're brave or foolhardy.

But going after military information is surely signing your own death warrant if caught? If you're in the US you can expect Bradley Manning style treatment and either life in a hole or death afterwards. If you're not in the US and are caught well... does anyhone know aht, other than waterboarding and sleep deprivbation, goes on in non-US-Military installations in friendly countries?

OK, so with any luck they'll not be caught -- but declaring yourself a terrorist, with the very real threat of torture and death that presents, is either very brave or very foolhardy, no matter how clever you are at hiding.

2
0
Silver badge

yes

"does anyhone know aht, other than waterboarding and sleep deprivbation, goes on in non-US-Military installations in friendly countries?"

I think they force you to read judgemental register comments 24/7 until you break

6
5

Not sure who that's aimed at...

But I'd like to state that I'd judge the US "Justice system" lower than the Anonymous reprobates.

I just fear for the latter when the former can spend as much of their population's money as they like going after, and torturing to death, anyone they think is linked to the latter.

"Family in Pakistan" is easily converted to "Family who posted on chan". A good knowledge of "hacking" could be the new Casio timepiece.

3
1
Silver badge

That and

an endlessly play Barry Manilow music.

0
0
FAIL

Ad Nauseam

As before, the people to be worried about are the hackers who used the same holes and stole the same data, but DIDNT shout it from the rooftops or publish their exploit.

LulzSec are the canary in the coalmine and not the explosive gas.

And you want to shoot the canary?

4
2
Silver badge

"And you want to shoot the canary?"

Of course! It is a noisy little bastard that tells others that I am not protecting my workers properly. It *has* to die ...

1
0
Anonymous Coward

And how do you know

it's not a terrorist plot to widely reveal the data without exposing their own networks?

0
0
FAIL

meltdown monday

And this was the leak that was supposed to blow our minds? I'm fairly sure it's Tuesday now and.... Oh well, nvm. Next Monday maybe.

0
0
Black Helicopters

WOW!

I really like that Black Helo. Might order the T-Shirt some day.

0
0
Mushroom

"This point, such as it is, has been made long ago"

In a word, no.

Otherwise it wouldn't be appallingly easy to breach a lot and flaunt the pickings. In fact, if it'd truly had been made we'd no longer need the IT security industry with its pentesting and other "due dilligence" swiss-cheese-hole-plugging expertise. We'd have figured out how to write secure software and how not to shoot ourselves in the foot using faulty configurations. And yes this point had been made before the IT security industry flourished, before widespread internet adoption, even before the peecee revolution. But, again, not thorougly picked up on.

Further I don't think this "antisec" thing has anything to do with that "Anti Security" thing. The earlier was about exploits; the recent spate of disclosures was exclusively about more or less "sensitive" material, but not a single exploit. Nevermind that I think the 2001 manifesto itself is a "you kids git off me lawn" type uttering from what smells like big corp suits. That's what you get for repeatedly suing the messengers, eh.

I say this while disliking the fall-out, where open-source projects that are generally very good on picking up on reports are getting blind sided by someone's in-your-face disclosure with a stinky note that they gave up on giving private notice exactly because the big corporate software houses' general behaviour. Though not entirely surprising as actual professionalism is nigh-on absent with absolutely all parties in the IT security industry.

Given the state of the security industry ("wholesale snake oil delivery, guaranteed") and even IT hacks reporting on such ("nary a clue but lots of scary words") it's not surprising that this attempt at analysis misses the point by a mile. Do recall that on a number of occasions everyone got invited to join in. In that light it really doesn't matter that the name might be a refurb, regardless of which old idea it used to be a label for.

4
1
Megaphone

Your Article is Biased and Dishonest.

Your article states that Anonymous simply seeks to fulfill Antisecs " aims to expose the poor security of government agencies and big corporates." This isn't even close to the truth. The reasons for this particular member (Sabu) having hacked the info are detailed the Pirate Bay ( http://thepiratebay.org/torrent/6533009 ). Anyone who reads up on anonymous outside the MSM is going to know your biased and have an axe to grind or a gate to keep.

Why not just quote the guy who posted the stuff? His twitter feed and explanation are readily available. Your ad hominem smear totally sweeps under the rug the fact that this company is straight evil.

5
2
WTF?

Lingo and BS check

Just out of interest how does publishing e-mail addresses and password hashes from military personnel count as "hacitvism"?

Also does anybody really believe their own cute bromides and rationalizations that try to excuse this behavior?

"LulzSec are the canary in the coalmine and not the explosive gas."

The man on the street who allowed himself to be mugged needs to be charged with gross negligence. Doesn't he know that he needs to carry a concealed weapon in that rough neighborhood? I salute these heroic muggers for showing the security holes that must be patched.

Honestly, can you really make yourself swallow such bullshit?

4
5
Anonymous Coward

Agreed

What an absolute crock of shit! If LulzSec were the Canary they'd do what _responsible adults_ would do and notify those who need to know.

This might even be the customers, what you don't do is publish everything you find.

Whatever their technical skill level, it's clear they are a bunch of thick amateurs when it comes to responsibility.

1
4
Stop

Responsibility

The mean-time-to-patch for critical security holes in Microsoft products is over 2 months.

Most companies won't admit to having security problems (if they outright sue you) if you go to them with exploits. You need to show the world at large that there's a problem for them to move their sorry asses and get to work fixing them.

Shouting didn't work for a long time. They are setting the bombs now and surprise, surprise, now the people are listening

2
1

Not the man on the street being targeted

"The man on the street who allowed himself to be mugged needs to be charged with gross negligence. Doesn't he know that he needs to carry a concealed weapon in that rough neighborhood? I salute these heroic muggers for showing the security holes that must be patched."

False analogy. This is more like saying that the bank has a responsibility to keep a well secured vault, and in bad neighborhoods, maybe some armed guards. This doesn't necessarily excuse bank robbers, but I do feel fully justified in my outrage at "the bank" when I discover that instead of a vault they've been using shoe boxes stacked in an unlocked closet for security.

-d

0
0
Silver badge
WTF?

Rik F. and John L. don't get it.

"'Obscure personal data before you publish; otherwise you are considerably worse than those you are attempting to shame.' Which seems to sum it up. ®"

No, not at all. And unlike what you write there was no drift from the original manifesto. The point was -and still is- that unless you actually annoy the "customers", govs and big corpos won't do a thing about security. Obscure the data and all Sony or .mil will do is issue a press release saying "we take security seriously and are investigating the matter" and do absolutely nothing else. That's proven, it's how it's been for decades and that's precisely why people like AntiSec etc don't redact the data anymore: the only way to make the like of Sony (or, indeed, the mil: it took them the McKinnon "affair" to change the default password for remote access -and they claim the cost of doing so as damage against Gary, too) do anything about security is to make their customers angry. A list of redacted usernames published on 3 or 4 niche techie websites ain't gonna cut it. Never did, never will.

Note: I have nothing to do with AntiSec or affiliates nor do I endorse them, I'm just explaining what they are doing and why they are doing it.

6
3
Black Helicopters

Ok so why

don't they pick on truly secretive societies...like the Chinese or are the Chinese to tough for them to crack.

0
0
WTF?

help the Chinese

Yeah, they should be helping the Chinese to fix the security holes, not their our country. Good idea!

0
0
Silver badge

Probably because contrary to some posts here at El Reg,

unlike the US, the Chinese WILL engage in extreme rendition or targeted assassination if you hack their military.

0
1
Silver badge

The Gospel and World according to IntelAIgents and Media Manipulation of Information ...

..... for Present Dysfunctional Viewing and Future Virtual Reality Product Placement*.

"unlike the US, the Chinese WILL engage in extreme rendition or targeted assassination if you hack their military." ..... Tom 13 Posted Wednesday 13th July 2011 12:57 GMT

You might like to completely rethink that ethical white knight view of Uncle Sam should you be persuaded that the following tale is more true to life and reality than pure fantasy, Tom 13 ...... http://www.americanfreepress.net/html/black_ops_insiders_234.html

* Future Virtual Reality Product Placement is the New Base Discipline to be Remotely Anonymously Mastered for the petty but real enough illusion of Absolute Control in Live Operational Virtual Environments .....[..."also referred to in milspeak as spectrum dominance." ? ...... http://cryptome.org/eyeball/dod-cyberwar/dod-cyberwar.htm ]

IT is a Virtual Head Space Place in which the threatening wielding of deadly and destructive weapons identifies the sad and bad and mad losers to rad and fab winners. ITs fools and tools never ever ascend its Power Control Ranks of Commendable Command.

0
0
Silver badge

Fortified Meade Hack for AI Cracking Attackers

"Rik Ferguson, a security consultant at Trend Micro, said that the AntiSec banner is being used as a flag of convenience for all sorts of mischief by people who are seemingly unfamiliar with the origin of the term. He writes:

In the ultimate irony, the original AntiSec manifesto from back in 2001 was all about the irresponsibility of full disclosure. That same manifesto was re-posted when Imageshack was compromised eight years later. The manifesto criticised the 'security industry' for using full-disclosure to develop 'scare tactics' to convince people into by security. Are you listening, Operation AntiSec?

Find the flaws, publish your successes if you must, but have the decency to spare the innocent victims of your activities. Obscure personal data before you publish; otherwise you are considerably worse than those you are attempting to shame.

Which seems to sum it up."

And what is to say that this action against Booz Allen Hamilton and the one which is proposed here ..... http://www.tgdaily.com/opinion-features/57151-anonymous-to-launch-operation-bohemian-grove ..... are not really the Establishment laying a false trail in fields in which they are lost and exposed to catastrophic attack and enlightening ridicule because of their selfish executive actions ...... and which now allow for smarter virtual remote being [Anonymous Legion] exploitation of their exclusive and elitist and inherently corrupt and perverse, self-destructive systemic vulnerabilities.

The spread of disinformation in the likes of the above, which can easily be viewed as poison pen bait and a crude honey trap of an an ugly dumb phish and desperate entrapment operation, is equally as valid and likely the base source/dodgy code for the actioned tall tales.

Hi, John Leyden,

One should not misunderestimate the foul depths to which powerful control of the intellectually challenged sinks in its quest to remain top dog in the ravenous pack. It is though a Classic Enigmatic Catch 22 Fools Gold Trip on the High Way to Hell, and in more fields than those which are led by AI.

And what do you imagine has been dreamed up to globally convert/divert/subvert hearts and minds to a particular point of view in support of a particularly compromised and peculiarly destructive established administration with this registered upcoming flight of fancy ...... http://www.defense.gov/advisories/advisory.aspx?advisoryid=3367 ...... and is it just designed to maintain the present dysfunction or will it be so crafted to deliver future systems of beta origin for ...... well, in the chaos and CHAOS* which are currently flowing, let us just float onto the markets, Sublimely Applied Programming for Virtual Machine Governance.

A Titanic Holywood Colossus of a Civil CyberSpace Project for Disciplined Hollywood/Bollywood/Media Junkie and/or Moguled Monkey Distribution.

* Clouds Hosting Advanced Operating Systems.

[Quantum Communications BetaTest #XSSXXXX1107130636 .... for Palace Barracks Seed Deed Feed Need?!.]

0
0
Silver badge

@Anonymous; LulzSec; et al

1) Don't use the LOIC. Ever. It's flawed.

2) *NEVER* expose details of innocents. It makes you look like cunts.

ACS:Law was a thing of beauty. The right people got nailed; people were protected. And lulz were plentiful. However:

3) Consider the fallout. It's not just your target who is affected by whatever you're about to do.

1
1
Thumb Down

Point made?!

> This point, such as it is, has been made long ago

> with attacks on Sony, HBGary and others, so at this

> point in the game the attacks needlessly expose

> military personnel, Arizona police officers or gamers

> to greater risk of internet attack.

The point won't be made as long as there isn't legislation penalizing such huge negligence.

You can make secure systems. But you do it by creating systems to be secure from scratch, not add security later on. You don't make a operating system secure by installing antivirus and antimalware. You do it be removing the user's ability to write anywhere but their home directory and allow running only selected software from system directories. But creating a default deny system actually takes effort, unlike rolling out Windows Antivirus 2012 using GPO.

Firewall makers did learn their lesson in 90's that by just disabling access to port 20-22 and 135 you don't create a real firewall. You need a statefull one with only access to port 80, 443 of web server and 22 of remote SSH login server (or $vpn_port of $vpn_vendor).

And don't tell me you can't create secure systems. People wouldn't be flying if a fully loaded 787 was falling every month.

The general public still hasn't heard about the problem and know where the blame is. Keep on the good work guys!

2
1
Meh

Sums it up....

"Which seems to sum it up."

Are you sure? If the idea is not to just expose, but to create real change; 90,000 narked individuals, or pissed off customers, is the way to go.

The suspicion that I've been a victim may concern me, but finding my name on a list on the internet would really piss me off.

I don't condone their actions, but the summary statement of this piece is off target.

Long may your CC details never end up on the net. Peace.

0
0
This topic is closed for new posts.