Booz Allen Hamilton Faces Data Breach

By Author: eccuni
Total Articles: 211
Comment this article

In yet another security incident involving a defense contractor, Booz Allen Hamilton, suffered massive security breach. Members of the Anonymous were reportedly successful in extracting 90,000 e-mail addresses and passwords by intruding into the servers of the organization. The group has posted the stolen data on a third party file sharing site. Booz Allen Hamilton has not yet confirmed the attack. The security breach at Hamilton follows a recent exposure of confidential information related to various contracts of IRC Federal. Over half of the disclosed e-mail addresses are reportedly associated with military domains. Attackers may attack these military domains and attempt to extract classified documents, which could compromise national security. The rest of the e-mails are allegedly associated with educational domains and even other defense contractors. The latest attack is also part of the AntiSec campaign.

Pentagon is coordinating with concerned agencies to assess the security situation. Attack groups are following the trend initiated by Lulz Sec of publishing stolen information online. By posting the confidential ...
... logins and e-mail addresses online, attackers are allowing large number of crime groups to misuse confidential information to launch more sophisticated and target-based attacks. According to Internet security firm Sophos, Anonymous was also successful in extracting around 4 gigabytes of source code from the servers of Booz Allen Hamilton. The group has termed the latest attack as Military Meltdown Monday.

Attackers have frequently targeted military related sites and networks in the recent times including those on Lockheed Martin and several websites associated with Gannett Government Media, a defense related publication group. Repeated attacks have exposed the security lapses on government and military related establishments.

According to NextGov, a former director of the Central Intelligence Agency (CIA) under the Bush regime articulated for the creation of a new Internet infrastructure to secure critical services. Reactive approach to IT security results in complications and mismanagement of the network infrastructure. Organizations must assess the security threats at regular intervals and evaluate the strength of the security infrastructure. Professionals qualified in IT masters degree and security certifications such as penetration testing may help organizations in proactively securing the organizational networks and information infrastructure.

Organizations must have proper IT security policy in place and ensure adherence of the same by employees. They must have appropriate monitoring mechanisms in place to test the implementation of the IT policy. Supervisors and computer administrators must counsel the erring employees and guide them on the significance of adhering to security instructions. Organizations must penalize employees who breach security policy frequently. Mandatory e-learning and online computer degree programs may help employees to understand and implement best practices in cyber security.

Cyber security professionals face the constant challenge of securing networks from intrusion by attackers. As such, they need to update their skills at regular intervals to combat different types of security threats. Professionals may leverage online technology degree programs and iPad training programs to self-pace their training requirements. Participation in security conferences such as Hacker Halted, TakeDownCon and workshops may help professionals in acquainting themselves of latest developments in IT security.