As promised, Anonymous has sought to embarrass the FBI with a network attack, this time going after defense contractor ManTech International.
"Hacktivist" collective Anonymous claims to have "owned" the defense contractor ManTech International and promised to release the stolen information within 24 hours, according to a post on Twitter that appeared shortly after midnight on July 29.
Some documents have already been posted as "teasers," including a resume of an individual with significant military and law enforcement background and a statement of work memo for NATO Communication & Information Systems Services Agency. About 500MB of files are expected to be released.
This latest attack is in apparent retribution for the July 20 arrests of individuals who are accused of participating in Anonymous group hacking attacks.
Earlier this week, in the midst of news reports about British police arresting a suspected member of hacker group LulzSec and regular updates on Twitter about people canceling PayPal accounts in protest, Anonymous posted the following warning on Twitter, "Also, tomorrow: Expect something nice. Looks like the FBI asked for a slap in the face. Well, we can deliver. #FFF (On Thursday, who cares)."
About 14 individuals were arrested on July 20 in the United States for participating in the Anonymous DDOS (distributed denial-of-service) campaign against PayPal in Operation Payback in December. The FBI also arrested one person accused of hacking into InfraGard Tampa and a customer support contractor who downloaded confidential AT&T documents and provided them to LulzSec.
The group said the attacks will continue regardless of the arrests. "We are not scared anymore. Any threats to arrest us are meaningless. We are past threats. We just act. #AntiSec #FFFriday," the group posted via Twitter.
British police also arrested two alleged members of LulzSec, and the Dutch National Police Agency arrested four Anonymous members this month. In June, Spanish authorities arrested three members and claimed to have shut down Anonymous within the country, and Turkish police detained 32 individuals with alleged links to the group.
ManTech provides cyber-security services such round-the-clock intrusion-detection monitoring, security engineering, and incident identification and response. It's providing these services to the FBI's security division as part of a $99.5 million five-year contract. The company also provides vulnerability assessment and penetration testing, cyber-threat analysis and specialized cyber-training services.
Other clients include the National Security Agency and the departments of Defense, State and Homeland Security, among others.
"The latest attack against ManTech following a string of attacks against other defense and national security contractors shows that those charged with defending our nation are also susceptible to the same attacks," Anup Ghosh, CEO of Invincea, told eWEEK. "Make no mistake -- this is a failure of the security industry more than it is a failure of ManTech, Booz Allen, Northrup Grumman, and the National Labs," Ghosh added.
Anonymous dumped 90,000 passwords belonging to military personnel from consulting firm Booz Allen Hamilton, exposed sensitive information belonging to agricultural chemical and biotechnology company Monsanto employees and stole more than 8GB of internal data from Italy's cyber-crime police unit. Before it disbanded, LulzSec lifted and published internal documents obtained during its attack on the Arizona Department of Public Safety, breached two Websites belonging to FBI partners InfraGard Atlanta and InfraGard Connecticut, and broke into surveillance company Unveillance CEO's personal email account.