Ghostshell takes credit for extensive hack of government, private websites

The hacktivist group Team Ghostshell took credit Monday for the release of 1.6 million accounts and records stolen from government and private organizations covering aerospace, law enforcement, the military, the defense industry and banking.

Among the organizations the group claimed to have stolen information included NASA's Center For Advanced Engineering, the Department of Homeland Security (DHS) Information Network, the FBI's Washington division in Seattle, the Federal Reserve and Interpol.

Taken from about 40 websites, the information is reported to have included usernames, email addresses, passwords, phone numbers, mailing lists, administrator account information and defense data.

The information was stored on the web in more than 140 uploads, and mirrored in multiple sites. The group listed on Pastebin URLs for the information, along with a lengthy rant on the operation they called ProjectWhiteFox.

Team Ghostshell, which is loosely connected to Anonymous, has claimed responsibility for several other major breaches this year. The group claims the latest hack is the last of the year.

Team Ghostshell said it would send an email warning some of the organizations of security weaknesses. "Forgot to mention that the email will also contain another 150 vulnerable servers from the Pentagon, NASA, DHS, Federal Reserve, Intelligence firms, L-3 CyberSecurity, JAXA (Japan Aerospace Exploration Agency), etc. consider it an early Christmas present from us," the group said on Pastebin.

[See also: Hacktivists have the enterprises' attention. Now what?]

Other organizations the group named as victims included The European Space Agency, the Credit Union National Association, intelligence firms Aquilent and Flashpoint Partners, DHS' cybersecurity information site ICS-CERT, Raytheon, L-3 Communications, General Dynamics, the California Manufacturers & Technology Association and the Texas Bankers Association.

The extent of the damage from the leak is unclear. The DHS did not respond to a request for comment. CUNA confirmed that its website had been hacked, but said no sensitive information was stolen. User information taken was e-mail addresses, phone numbers, titles and business addresses, as well as some encrypted password information from more than five years ago.

"We don't save any information about credit union members on our website," a spokesman said. "We're a trade association. We exist for the institutions that are credit unions, not the credit union members."

Team Ghostshell's largest hacks this year included the theft in July of hundreds of thousands of database records from about 40 websites, mostly in China. The organizations included banks, airports, hospitals, news outlets and research labs.

Three months later, Ghostshell claimed responsibility for breaking into more than 120,000 computers accounts of dozens of large universities worldwide, dumping student records onto the Internet. Some of the information was reportedly outdated or already publicly available.

Hacktivism, defacing or breaking into websites in the name of a political cause, was behind numerous attacks this year against government and corporate websites. Politics have become the prime motivator for dedicated denial of service attacks (DDoS) against websites, Arbor Networks said in a recent report.

Last week, Anonymous appeared to be preparing a DDoS attack against the website of the International Telecommunications Union, a United Nations agency holding a meeting of 190 governments to discuss political and commercial control of the Internet, according to one security expert.

In a YouTube video posted by the hacktivist collective, the meeting was said to be a threat to Internet freedom. Following minor outages last week, a major attack has yet to materialize.

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Join the CSO newsletter!

Error: Please check your email address.

Tags NASAapplicationshacktivistGhostshellPastebinTeam GhostShellAnonymousDepartment of Homeland SecurityDHSinterpolData Protection | Malwarelegalsoftwarefbidata protectioncybercrime

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place