Britam Defence LEAK



PART 1: 

britam defence hacked, confidential documents leaked, site offline

By  on 
A British defence company has been breached and as a result a heap of documents have been published online and now the site has gone offline.
The attack is on britam defence (http://www.britamdefence.com/) and  has been claimed by a hacker using the handle JAsIrX who uploaded the leaked information to various file sharing websites and released it via a single pastebin post with the a message about the release (see bottom).
The documents come in 6 parts and total over 423MB compress zip files and inside the compress files appears to be a common layout of three main folders named !!Syria, Iran and Iraq.
Inside these appear to be documents like passports, incident reports about drunk employees which are labelled private and confidential as well.
A quick look into the files shows shocking plans for chemical warfare attacks where they have planned to lure victims to kill zones. The file can be found in the Iran folder under OPLAN (Ruhayyat) 1433H-1.doc.
Move from their garrisons to occupy AA at Grid (1556) (IAW Movement Order).
On order defend in the designated sector from Grid (378477) to Grid (275408).
Facilitate the passage of the Screening Force through PP (1, 2).
Fix Enemy forces and lure them to the Killing Zones.
On order conduct Counter Attack.
Support Reserves when they conduct deep operations.
Full Gallery of documents in leak below:


The leaked data also contains usernames and administration login credentials which appear to be stored in clear text which is a real big worry for a defence company.
Also as noted below the British defence company was using a Singapore based host for its server, its any wonder why such companys do this when its national security they handle.
Message from the release:
Hello,
I’m JAsIrX and I will share with you some documents downloaded after hacking Britam Defence server.
Its website is located on the Malaysian server. I found bugs in the website with same ip and uploaded web-shell through this site.
Then I hacked plesk parallels control panel and gained access to Britam Defence mail accounts and website directory.
Leaked documents:
- Contracts copies with signatures
- Private email correspondence
- Personnel data, etc.
Britam Defence is British private military company, operates mainly in the Middle East. It killed Arabs in Iraq and plans to invade in Iran and Syria.
Look through leaked documents carefully. CW means chemical weapon, g-shell is short for a gas shell I guess.
Help to distribute this info and let other people know about the threats.
Thank all
Source: Pastebin.com
If i get more time i will release a report into the contents of this leak.


------------------------------------------
UPDATE  2

A Look into the Britam Defence Data Leak Files

By  on 
network
Its also clear that Britam does not practice data security very well as they have been storing user credentials, network information in unencrypted formats.

Break down of each folder.

 Syria Folder:

288 KB 
2 PDF files and 1 email file.
File name: CV P Doughty CV2 091.pdf
CV for Philip doughty who is the dynamic director and founder of Britam Defence, currently resides in UAE according to his CV.
File name: Phil Doughty PP1 7200830372.pdf
PDF copy of current English, Irish passport for Philip Doughty.
File name: Sirian Issue.eml
Email between David Goulding who is the Business Development Director and Philip regarding a new offer about an operation in syria.

Phil
We’ve got a new offer. It’s about Syria again. Qataris propose an attractive deal and swear that the idea is approved by Washington.
We’ll have to deliver a CW to Homs, a Soviet origin g-shell from Libya similar to those that Assad should have.
They want us to deploy our Ukrainian personnel that should speak Russian and make a video record.
Frankly, I don’t think it’s a good idea but the sums proposed are enormous. Your opinion?
Kind regards
David

Iran folder:

Size: 938kb
16 doc files and 1 email file total
The Iran folder contains heaps of operation plans of attack and defend as well as procedures for preventing or using chemical warfare  luring targets to kill zones, medical help, intelligence to the surrounding of operations and more. all together there appears to be 15 plans of operation.
It also has a file named Draft which is a email draft used for the announcement of the current operations. Appears the .doc operation files are the results of an attachment to from that email.
Preview of each of the attachments from the email.
[Gallery not found]
There is also a file named Iranian Issue.eml
Contact between phil and david over confirmation of plans of operations in iran by the saudis.
Phil
Please see attached details of preparatory measures concerning the Iranian issue.
Participation of Britam in the operation is confirmed by the Saudis.
http://mbf.cc/OTEH8

Iraq Folder:

Size: 153 MB 
9 Folders, 7 PDF Files, 7 DOCX Files, 6 CSV Files, 2 image files
First file looked at was a summury report from STRATFOR titlled “Curious U.S. and French Military Deployments”. Other files include incident reports, weather reports, management plans for trips, data sheets and more.

Break down of sub Folders:

Britam Internet Networks & Passwords

887KB
2 PDF, 5 DOC, 1 folder that contains 4 further DOC files.
Sadly they have gone to the effort to created human readable documents in various formats that contain current login credentails for every single user related to Britam and its complete network.  the files appear to be various working with one pdf contain all information.

Contracts

37.7MB
8 PDF, 1 CSV , 1 Image, 1 Folder named BP that contains full contract details and information.
Folder contains a list of contracts, the operations, the amount due or paid. Amongst these are agreements, history, payments, guides, charts, information and much more. It also has contract agreements about clearing land mines and keep roads safe of explosive devices.

Daily Orders

3.88 MB
53 DOC Files, 80 Excel files.
These contain daily movements for months of 2012, daily spending reports as well as a organisational chart.

incident

2.87MB
9 DOC, 3 PDF, 1 Email, 1 power point presentation
These files consist of incident reports such as Britam security staff being stopped at check points and digital equipment being siezed. As well as drunk officers, requests for CCTV and security breach reports.

MOI

2.8MB
3 Images
Letters from the ministry of inertia of Iraq. Unknown content at time of publishing.

People

57MB
Contains Personal copys of passports of employees of Britam and other unknown related people. Passports are in variuos formats such as images, pdf etc.

Report

14.5MB
5 PDF, 5DOC 37 Excel files
Daily mission reports for various mission that Britam has been or is involved with.

Sitrep

17.9MB
8 PDF 21 Doc
Contains restricted operation reports related to halliburton (http://www.halliburton.com/)

WMM

Contains weekly management meeting schedules and reports.

Gallery for Iraq Folder

Full gallery


Source OF PART 2 | http://www.cyberwarnews.info/reports/a-look-into-the-britam-defence-data-leak-files/

------------------------------------------------------------------------------------------

FOUND SOME COMMENTS RELATED TO THE LEAK FROM FACEPUNCH.COM (http://facepunch.com/showthread.php?t=1242490)



UPDATE 3

This update is gathered from "the Syrian Commando" Blog at http://syriancommando.wordpress.com/

It was pointed out to me in a tweet that there were in fact TWO emails posted in the BritAm leak. One on “Iranian issue”. A quick inspect reveals fraud.
Within the Iranian issue email the header contains the following:
with ESMTP id nWRHL2NRVdAP for ;;
Thu, 16 Oct 2012 23:57:18 +0800 (SGT)
Received: from smtp.clients.netdns.net (smtp.clients.netdns.net [202.157.148.149])
by titanium.netdns.net (Postfix) with ESMTP id 27D5F523A0E
for ;; Thu, 16 Oct 2012 23:57:18 +0800 (SGT)
And within the Syrian email, the header contained the following:
with ESMTP id nWRHL2NRVdAP for ;;
Mon, 24 Dec 2012 23:57:18 +0800 (SGT)
Received: from smtp.clients.netdns.net (smtp.clients.netdns.net [202.157.148.149])
by titanium.netdns.net (Postfix) with ESMTP id 27D5F523A0E
for ;; Mon, 24 Dec 2012 23:57:18 +0800 (SGT)
The date is different, as one would expect but the TIME is exactly the same. This means that one or both of these emails has been edited from the email database. The forgery is clear, it’s time to burn this Trojan horse. Whoever made this leak purposely left this sign of fraud behind, in order to later point it out and use it as a platform to attack ALL leaks unfavourable to the US and to try and claim that a chemical weapon attack cannot possibly be a false flag.
Nice try.
UPDATE 1: Note that in both emails the date is modified throughout, but the time is left intact. Such attention to detail implies its not just a fraud, but a deliberate fraud. This turns the magic on the magician: why create this two level false flag when there is no intention to carry out a chemical weapon false flag? This highly sophisticated cyber warfare operation should indicate the stakes at play: what is the prize behind the sacrifice of a mercenary organisation like BritAm?

Related articles:




2) Hacked Emails Reveal ‘Washington-Approved’ Plan to Stage Chemical Weapons Attack in Syria

http://www.infowars.com/hack-reveals-washington-approved-plan-to-stage-chemical-weapons-attack-in-syria/