Feeds

back to article GhostShell hackers release 1.6 million NASA, FBI, ESA accounts

The hacking collecting GhostShell has announced it has finished operations for the year, but has signed off with a dump of around 1.6 million account details purloined from government, military, and industry. "ProjectWhiteFox will conclude this year's series of attacks by promoting hacktivism worldwide and drawing attention to …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

It's OK, guys

The ESA, NASA, Pentagon, Federal Reserve, Interpol, FBI, etc. can stop worrying. Kim Dotcom will come to the rescue and keep all their sensitive data encrypted and safe from miscreants with his new Mega file storage service.

4
0
Anonymous Coward

Re: It's OK, guys

Running Linux is what the vast majority of the hacked systems have in common....

3
8
Facepalm

Re: It's OK, guys

Ah, RICHTO! –You've forgotten to login, matey.

6
0
Bronze badge
Facepalm

Re: It's OK, guys

Yes because its all the OS's fault, not the software that if run in a way it wasn't intended to blaps details, exploit in something else or poor passwords are not to blaim.

There are loads of attack vectors these days that people are only starting to realise are vulnerable, a simple coding mistake on a website can give an attacker the ability to do something unintended but permitted by the software.

1
0

This post has been deleted by its author

Anonymous Coward

@AC

It could be true, I dunno, but then its still the lack of maintenance which caused the intrusion(s).

AC for very obvious reasons; I've recently experienced this myself with a certain customer server. It ran Debian.... 3.1 (Sarge). In the year 2010, 2011, 2012... Of course Sarge's release date was 2005 and it has been long superseded. Heck; even the lack of security updates was no problem for this customer. As long as the server ran "all was fine".

This server has been compromised a few times now and from the looks of it has been again quite recently. So; who or what is to blame; the operating system?

I don't think so....

3
0
Anonymous Coward

Re: It's OK, guys

No no, of course it's not the OSs fault. It's only the fault of the OS if it's a Microsoft OS.

5
0
Silver badge

Re: @AC

Lots of VMS systems and mainframes a lot older than 2005 running in production still. Upgrading an OS on a mission critical business system is a HUGE deal for most decent sized businesses. Walling off your business critical system as much from not just the internet but internal networks as much as you can is generally best practice. Of course the OS on a public facing web server is a whole different matter.

0
0
Silver badge
Black Helicopters

Blah. Blah. Shut It.

Here's a huge list of email addresses and names. LET SLIP THE DOGS OF WAR. Then we all get something...

Asshats. You can get and legally use most of this data for less than the cost of calling a lawyer to see how much trouble it is worth. Validated names and email addresses from respectable vendors cost our partners less than $6,000 per thousand for 30 day use. Why even bother with the fringe stuff? If you are serious about changing things then you'll figure out a way to find a few thousand dollars.

Kids were smarter in my day.

4
4
Holmes

Re: Blah. Blah. Shut It.

I'm sure the point that was being made here is not that they have the data, more that they managed to get the data via servers' backdoors that were wide open flapping in the wind.

1
0
Silver badge

Re: Blah. Blah. Shut It.

That's what they *said* they did, but if the various arrested Anons are any indication of character, that were these guys are fantasists. It's more likely they got the addresses by rifling through third-party servers like forums or conference organisers that don't have such high security.

You can get a shit-load of ESA and NASA addresses just by scanning the abstracts of aerospace conference papers, and it's not too hard to weed through other spam-lists to find certain domains.

And when you've got them, what the fuck use is a pile of email addresses at the Department of the Treasury, or the European Space Agency anyway. What are they going to do with them? *Spam* them into revealing that the financial crisis is a result of the world's governments paying a gold tribute to the aliens that landed in Roswell? Seriously... acquisition of something resembling a life is in order here.

But hey, they're saving the world (from something as yet undefined) and taking a stand (for something as yet undefined).

8
0
Bronze badge

Re: less than $6,000

Is $6 per month what my name and email address is worth? I might consider renting it out.

2
0
Silver badge
Joke

Re: less than $6,000

No need to rent it out. Everyone already has it.

3
0
Anonymous Coward

Re: Blah. Blah. Shut It.

"Kids were smarter in my day"

citation?

0
0
url

Re: Blah. Blah. Shut It.

spear phishing mayhaps??

0
0
Silver badge
Unhappy

Useless bunch

These kinds of fruitless attacks end up becoming fodder for politcal lobbying. It doesnt show strength or prowess, it shows more that the group don't understand the world that they live in....

8
0
Bronze badge
Big Brother

Feeding time at the zoo

No wonder people involved in this http://www.theregister.co.uk/2012/12/10/communications_data_bill/ think there is good reason to invoke such laws when this sort of crap is being published by the press.

0
0
Trollface

Hackers need to man up

Pretty weak.

Please, next time only report on computer miscreants if they manage to EXPLODE A COMPUTER

1
0

Re: Hackers need to man up

Or get it to play AC-DC in a nuclear plant...

http://www.bloomberg.com/news/2012-07-25/iranian-nuclear-plants-hit-by-virus-playing-ac-dc-website-says.html

0
0
Silver badge

Re: Thunder

Na na na na na na na na

1
0
Thumb Down

"Oooh, look what we can do!"

I know that security is important and I'm not saying that what they've done here doesn't point out some security flaws, but it really is just willy waving. They aren't doing anything useful here it's just kids running around being douches. Hacktivism is supposed to have a political goal. This clearly doesn't so they aren't Hacktivists they are just vandals.

5
0
Anonymous Coward

From their logo in the pastebin

4 weeks ago · 726 views

Not exactly popular.

0
0
Mushroom

Hacktivist crew signs off for Christmas

Just wish these and others like them would just sign off. Permanently.

1
0

All the billions they apparently spent on security after the whole Gary incident really helped then.

0
0
Silver badge

Of course it did - there were lots of new Powerpoint presentations about the importance of security.

This did mean upgrading every government employee to the new version of Powerpoint but we were able to offset the costs of this by firing some admins and moving all the computer stuff onto Dropbox.

1
0
WTF?

irony

These guys say they stand for keeping the internet free and open. And then they claim to have hacked into a bunch of high profile systems and release the info to the world while being untraceable. And that's meant to encourage governments to keep things free and open how exactly?

5
0

We are not the Judean Peoples Front

We are the Peoples Front of F£$*ing Judea

Splitters

(Well, it is nearly Christmas)

2
0
Silver badge
FAIL

US Government: The worlds biggest data sieve

The US keeps on flaunting it's technical prowess. If this is true how come so much of their data leaks?

Little wonder China saves so much on military R & D; The Congress should forget about Chinese backdoors and get the 'experts' to stick their fingers in the leaking dykes of US IT.

0
0
Silver badge
Trollface

Re: US Government: The worlds biggest data sieve

The Chinese are stealing from the UK government too just with less gusto. The 1960/70's technology of the UK Armed Forces is already pretty much in the public domain.

0
0
Silver badge

Re: US Government: The worlds biggest data sieve

>The 1960/70's technology of the UK Armed Forces is already pretty much in the public domain.

The chinese now have the secret of Tea and biscuits-Brown ?

1
0
FAIL

I've a feeling that...

...the really successful hacks are the ones we never hear about.

6
0
Bronze badge
Thumb Up

Re: I've a feeling that...

I wasn't able to upvote you more than once so I've upvoted myself here instead.

0
0
Anonymous Coward

I haven't looked at the raw data from this hack but none of their recent hacks has impressed me. They've all been hyped up and contained very little that was actually useful.

0
0
Anonymous Coward

"while in October it released student records from the world's top 100 universities" did you actually look at the data? much of it was worthless.

0
0
Silver badge

>"while in October it released student records from the world's top 100 universities" did you actually look at the data? much of it was worthless.

Well only one record was genuine, the other 99 had just been copied off wikipedia

1
0
Pie

Brilliant :)

0
0
Bronze badge

Just think what Chinese government-sponsored crews could steal...

0
0
Anonymous Coward

Soon to just be ghosts

These naive hackers are in for a reality check when they permanently disappear without a trace.

0
0
Anonymous Coward

Well well well. Plaintext password storage at ESA

A bunch of people at $orkplace have had warnings today from the local CERT team because their details were published.

Looking at several of the warnings, the thing which stands out most clearly is that ESA didn't bother with any form of encryption for passwords on their website. The rest of the details were already publically available.

0
0
This topic is closed for new posts.