Military Meltdown Monday: 90,000 military email profiles released by AntiSec

Summary:Perhaps the shockingly ongoing ease of their penetrations will finally wake up those who think that IT security is just one more annoying "to-do" item.

Because of the nature of this particular breach, I'm limited in what details I can provide to you. However, here's a story in Stars & Stripes that provides some added information.

The hacker group AntiSec infiltrated the systems of military contractor Booz Allen Hamiliton and retrieved a tremendous amount of data that should have been secured. According to the group:

We infiltrated a server on their network that basically had no security measures in place. We were able to run our own application, which turned out to be a shell and began plundering some booty. Most shiny is probably a list of roughly 90,000 military emails and password hashes (md5, non-salted of course!).

Snap analysis

I continue to be dismayed and shocked at the absolutely poorest practices we're seeing in data security management throughout large corporations and government organizations. As many of you know, I got started in government security through my work with Presidential email security and some worst-practices I found in the Bush White House Executive Office of the President.

MD5, for example, is a nice little encryption mechanism, but it's easy to break. Nothing secure should be based on simple MD5 strings, and the IT guys at Booz Allen Hamiliton should have known better.

While many government IT operations are run by some of the smartest people on the planet, many other are quite sloppy. Contractors are also guilty of exceptional sloppiness.

While I certainly don't condone the actions of these hacker groups, perhaps the shockingly ongoing ease of their penetrations will finally wake up those who think that IT security is just one more annoying "to-do" item and make it the priority it must be to protect our security into the future.

Topics: Collaboration, Security

About

In addition to hosting the ZDNet Government and ZDNet DIY-IT blogs, CBS Interactive's Distinguished Lecturer David Gewirtz is an author, U.S. policy advisor and computer scientist. He is featured in The History Channel special The President's Book of Secrets, is one of America's foremost cyber-security experts, and is a top expert on savi... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.