GhostShell hackers release 1.6 million NASA, FBI, ESA accounts
The hacking collecting GhostShell has announced it has finished operations for the year, but has signed off with a dump of around 1.6 million account details purloined from government, military, and industry. "ProjectWhiteFox will conclude this year's series of attacks by promoting hacktivism worldwide and drawing attention to …
This topic is closed for new posts.
It's OK, guys
The ESA, NASA, Pentagon, Federal Reserve, Interpol, FBI, etc. can stop worrying. Kim Dotcom will come to the rescue and keep all their sensitive data encrypted and safe from miscreants with his new Mega file storage service.
Re: It's OK, guys
Running Linux is what the vast majority of the hacked systems have in common....
Re: It's OK, guys
Ah, RICHTO! –You've forgotten to login, matey.
Re: It's OK, guys
Yes because its all the OS's fault, not the software that if run in a way it wasn't intended to blaps details, exploit in something else or poor passwords are not to blaim.
There are loads of attack vectors these days that people are only starting to realise are vulnerable, a simple coding mistake on a website can give an attacker the ability to do something unintended but permitted by the software.
@AC
It could be true, I dunno, but then its still the lack of maintenance which caused the intrusion(s).
AC for very obvious reasons; I've recently experienced this myself with a certain customer server. It ran Debian.... 3.1 (Sarge). In the year 2010, 2011, 2012... Of course Sarge's release date was 2005 and it has been long superseded. Heck; even the lack of security updates was no problem for this customer. As long as the server ran "all was fine".
This server has been compromised a few times now and from the looks of it has been again quite recently. So; who or what is to blame; the operating system?
I don't think so....
Re: It's OK, guys
No no, of course it's not the OSs fault. It's only the fault of the OS if it's a Microsoft OS.
Re: @AC
Lots of VMS systems and mainframes a lot older than 2005 running in production still. Upgrading an OS on a mission critical business system is a HUGE deal for most decent sized businesses. Walling off your business critical system as much from not just the internet but internal networks as much as you can is generally best practice. Of course the OS on a public facing web server is a whole different matter.
Blah. Blah. Shut It.
Here's a huge list of email addresses and names. LET SLIP THE DOGS OF WAR. Then we all get something...
Asshats. You can get and legally use most of this data for less than the cost of calling a lawyer to see how much trouble it is worth. Validated names and email addresses from respectable vendors cost our partners less than $6,000 per thousand for 30 day use. Why even bother with the fringe stuff? If you are serious about changing things then you'll figure out a way to find a few thousand dollars.
Kids were smarter in my day.
Re: Blah. Blah. Shut It.
I'm sure the point that was being made here is not that they have the data, more that they managed to get the data via servers' backdoors that were wide open flapping in the wind.
Re: Blah. Blah. Shut It.
That's what they *said* they did, but if the various arrested Anons are any indication of character, that were these guys are fantasists. It's more likely they got the addresses by rifling through third-party servers like forums or conference organisers that don't have such high security.
You can get a shit-load of ESA and NASA addresses just by scanning the abstracts of aerospace conference papers, and it's not too hard to weed through other spam-lists to find certain domains.
And when you've got them, what the fuck use is a pile of email addresses at the Department of the Treasury, or the European Space Agency anyway. What are they going to do with them? *Spam* them into revealing that the financial crisis is a result of the world's governments paying a gold tribute to the aliens that landed in Roswell? Seriously... acquisition of something resembling a life is in order here.
But hey, they're saving the world (from something as yet undefined) and taking a stand (for something as yet undefined).
Re: less than $6,000
Is $6 per month what my name and email address is worth? I might consider renting it out.
Re: less than $6,000
No need to rent it out. Everyone already has it.
Re: Blah. Blah. Shut It.
"Kids were smarter in my day"
citation?
Useless bunch
These kinds of fruitless attacks end up becoming fodder for politcal lobbying. It doesnt show strength or prowess, it shows more that the group don't understand the world that they live in....
Feeding time at the zoo
No wonder people involved in this http://www.theregister.co.uk/2012/12/10/communications_data_bill/ think there is good reason to invoke such laws when this sort of crap is being published by the press.
Hackers need to man up
Pretty weak.
Please, next time only report on computer miscreants if they manage to EXPLODE A COMPUTER
Re: Hackers need to man up
Or get it to play AC-DC in a nuclear plant...
http://www.bloomberg.com/news/2012-07-25/iranian-nuclear-plants-hit-by-virus-playing-ac-dc-website-says.html
"Oooh, look what we can do!"
I know that security is important and I'm not saying that what they've done here doesn't point out some security flaws, but it really is just willy waving. They aren't doing anything useful here it's just kids running around being douches. Hacktivism is supposed to have a political goal. This clearly doesn't so they aren't Hacktivists they are just vandals.
From their logo in the pastebin
4 weeks ago · 726 views
Not exactly popular.
Hacktivist crew signs off for Christmas
Just wish these and others like them would just sign off. Permanently.
All the billions they apparently spent on security after the whole Gary incident really helped then.
Of course it did - there were lots of new Powerpoint presentations about the importance of security.
This did mean upgrading every government employee to the new version of Powerpoint but we were able to offset the costs of this by firing some admins and moving all the computer stuff onto Dropbox.
irony
These guys say they stand for keeping the internet free and open. And then they claim to have hacked into a bunch of high profile systems and release the info to the world while being untraceable. And that's meant to encourage governments to keep things free and open how exactly?
We are not the Judean Peoples Front
We are the Peoples Front of F£$*ing Judea
Splitters
(Well, it is nearly Christmas)
US Government: The worlds biggest data sieve
The US keeps on flaunting it's technical prowess. If this is true how come so much of their data leaks?
Little wonder China saves so much on military R & D; The Congress should forget about Chinese backdoors and get the 'experts' to stick their fingers in the leaking dykes of US IT.
Re: US Government: The worlds biggest data sieve
The Chinese are stealing from the UK government too just with less gusto. The 1960/70's technology of the UK Armed Forces is already pretty much in the public domain.
Re: US Government: The worlds biggest data sieve
>The 1960/70's technology of the UK Armed Forces is already pretty much in the public domain.
The chinese now have the secret of Tea and biscuits-Brown ?
I've a feeling that...
...the really successful hacks are the ones we never hear about.
Re: I've a feeling that...
I wasn't able to upvote you more than once so I've upvoted myself here instead.
I haven't looked at the raw data from this hack but none of their recent hacks has impressed me. They've all been hyped up and contained very little that was actually useful.
"while in October it released student records from the world's top 100 universities" did you actually look at the data? much of it was worthless.
>"while in October it released student records from the world's top 100 universities" did you actually look at the data? much of it was worthless.
Well only one record was genuine, the other 99 had just been copied off wikipedia
Just think what Chinese government-sponsored crews could steal...
Soon to just be ghosts
These naive hackers are in for a reality check when they permanently disappear without a trace.
Well well well. Plaintext password storage at ESA
A bunch of people at $orkplace have had warnings today from the local CERT team because their details were published.
Looking at several of the warnings, the thing which stands out most clearly is that ESA didn't bother with any form of encryption for passwords on their website. The rest of the details were already publically available.
This topic is closed for new posts.
