GhostShell has been one of the more active hacking groups in 2012. Yesterday it posted a discussion on Pastebin, mentioning current concerns, dropping a few LulzSec-like taunts, detailing its latest hacks and dumps, and finally presenting a chronology of this year’s hacks and hacking ‘projects.’
GhostShell does not appear to be part of Anonymous, but clearly has contact with Anonymous and frequently entertains similar concerns. Yesterday’s announcement, for example, specifically supports the Anonymous operation #OpWCIT, designed to protest against the potential ITU ‘takeover’ of the internet via the WCIT.
In support of ‘hacktivism worldwide’ and ‘freedom of information on the net’, GhostShell yesterday announced “a juicy release of 1.6 million accounts/records from fields such as aerospace, nanotechnology, banking, law, education, government, military, all kinds of wacky companies & corporations working for the department of defense, airlines and more.” As always, it is difficult to prove the validity of all the dumped data, but Christopher Brook writing in the Kaspersky Lab ThreatPost blog comments, “The divulged data appears to be a dump of names, passwords – some hashed, some plain text – resumes, admin logins, phone numbers and e-mail addresses, among other bits of information.”
ZDnet expands a little on this. It “seems to include a number of records obtained via SQL injection. A random selection of the files contain email and home addresses, defense material tests and analysis notes, mailing lists, passwords and names.” The Pastebin announcement includes a list of sites and URLs where the hacked data can now be found. While Pastebin itself is still frequently used for hacker announcements, its improved ability to rapidly remove what it considers to be illegal or personally sensitive data has led the actual dumps being placed elsewhere.
One noticeable feature of the GhostShell announcement is an indication of the cat and mouse game played between hackers and law enforcement, with a strong suggestion that it is not always clear which is the cat and which the mouse. DeadMellox, it suggests, was a fiction created for a purpose. He “was a ghost to begin with. Never existed. No, really. Before we created ‘him’, he never exi[s]ted on the internet, zero searches on google and all that jazz. Starting to get it now? We used the name afterwards to trackback all mentions of that name all over the place. Well, the whole plan is a bit more complicated than that, part of a bigger story, but let's leave it at that for now.”
In fact, the GhostShell preamble to the dump details is full of taunts against intelligence companies and security vendors. “It's funny actually; private investigators use social platforms to find their suspects, yet here we are doing it to ‘experts’. Lame. Speaking of lame, people might want to look into Raytheon and see how ‘pro’ military sponsored cyber teams really are...” History suggests, however, that the public taunts issued by LulzSec against the FBI merely spurred greater effort by law enforcement and the successful takedown of the group.