Hacktivist collective Team GhostShell delivered its Christmas presents well ahead of schedule yesterday, celebrating the upcoming festivities by leaking more than a million public agency records stolen from organizations including NASA, the European Space Agency, the FBI and others.
The latest high profile dump was done in the name of #ProjectWhiteFox, a movement that claims to promote freedom of information online. Embarrassingly for the concerned agencies, team GhostShell’s haul included thousands of user login names, passwords, CVs, and email addresses of employees, plus tons of private data from secure databases.
While the agencies themselves will be fuming at the latest security breach, the attack underlines Team GhostShell’s reputation as one of the most productive hacker collectives around. The vast majority of Anonymous members actually do little beyond the odd DDoS attack, whereas GhostShell has chalked up several notable attacks over the last twelve months.
“Winter is here and so are we, to present Team GhostShell’s last project. We’ve included plenty of surprises in this one, so hop on our bandwagon, we’re going on an adventure!” announced the press release.
“#ProjectWhiteFox will conclude this year’s series of attacks by promoting hacktivism worldwide and drawing attention to the freedom of information on the net. For those two factors we have prepared a juicy release of 1.6 million accounts/records from fields such as aerospace, nanotechnology, banking, law, education, government, military, all kinds of wacky companies & corporations working for the department of defense, airlines and more.”
Before stealing their latest haul of public records, Team GhostShell claims that it warned the agencies via email that it had identified security risks in their systems that could easily be exploited — sadly for them, it appears that they failed to heed the warning and so GhostShell went ahead and proved it. One of the biggest targets was of the hack was the Credit Union National Association, which says that no sensitive consumer information has been stolen.
Team GhostShell also took the time to address the controversial ITU Conference in Dubai, where talks are continuing this week. The collective says that it hasn’t taken part in any attacks against the WCIT website itself, but nevertheless fully supports Anonymous and its ongoing OpWCIT campaign. It goes on to encourage other webmasters to “deface” their own websites as a means of protesting against any new internet regulations.