Over the weekend an as-yet-unknown hacker group called Team GhostShell spilled account credentials from some extremely hard targets over the weekend (or so it seems) and they’ve also gone as far as to name their affiliation with the hacktivist collective Anonymous.
In their Pastebin post, the hactivist group penned the name “Hellfire” to their project and also posted what appears to be accounts and records gleaned from banks, government agencies, consulting firms, law enforcement and the CIA, according to an article published on ZDNet.
“Team GhostShell’s final form of protest this summer against the banks, politicians and for all the fallen hackers this year,” writes the group in their manifesto on Pastebin. “One million accounts/records leaked. We are also letting everyone know that more releases, collaborations with Anonymous and other, plus two more projects are still scheduled for this fall and winter. It’s only the beginning.”
The researcher team at Imperva took to the leak and examined how the hackers obtained the information and give the first pass skim of the data as definitely from multiple databases and some of those contained more than 30,000 records apiece. Imperva also notes that it appears that largely Team GhostShell used a SQL injection tool called SQLmap to retrieve their ill-gotten booty. Also, since most of the URLs affected appear to have PHP extensions, it’s likely that the hackers used an exploit scanner that looked for specific vulnerabilities common to the PHP programming community and its services.
The hackers leaked data that displayed admin login info, usernames and passwords, and even files and documents from the affected targets. Many of the passwords appear to suffer from the usual laziness of people using extremely weak passwords such as “123456” and one law firm implemented temporary passwords for new users but didn’t require users to change them.
The files and documents appear to have come from a CMS (content management system) which was probably connected to one of the databases but the files contained absolutely no sensitive information.
A majority of the data appears to have come from banks as credit history and current standing is represented extremely well in the take. This could have strong privacy ramifications for the customer of those banks, not just because GhostShell has the data; but because it’s now posted publicly online.
Hacktivism protesting banks through hitting them in their customers and pocketbooks
Banks and governments are common targets for hackers in movies from the 1990s and it seems to have rung true for the hackers of today—except that instead of stealing money and running off to the crystal blue waters of the Bahamas, hackers have gone the route of vandalism and leaking information for political purposes.
Certainly, many of the cells that make up Anonymous may have the tools to easily breach bank security (which reads to the very sad state of that cybersecurity) but they lack the professional ties to use the banking information or credentials to launder and make money off it in the criminal underground.
Hacktivists belong to a less technically savvy but oddly more “moral” breed of hackers and it leads to them developing and designing protests based around ideology and what tools that they have on hand to cause disruptions and drive attention to their activities.
“All aboard the Smoke & Flames Train, Last stop, Hell,” Team GhostShell signed off with. “Two more projects are still scheduled for this fall and winter. It’s only the beginning.”
This is probably not the last we’ll see of these dumps if they have even more; the group has claimed access to a Chinese technology vendor’s mainframe, a US stock exchange and the Department of Homeland Security.
No doubt that will cause a row if it turns up true.
Meanwhile, we will keep a lookout for further leaks from this group; but right now it seems like they’re flailing wildly at the ideological churn of the day by targeting banks and governments instead of picking specific examples of wrongdoing.