back to article GhostShell hackers release 1.6 million NASA, FBI, ESA accounts

The hacking collecting GhostShell has announced it has finished operations for the year, but has signed off with a dump of around 1.6 million account details purloined from government, military, and industry. "ProjectWhiteFox will conclude this year's series of attacks by promoting hacktivism worldwide and drawing attention to …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    It's OK, guys

    The ESA, NASA, Pentagon, Federal Reserve, Interpol, FBI, etc. can stop worrying. Kim Dotcom will come to the rescue and keep all their sensitive data encrypted and safe from miscreants with his new Mega file storage service.

    1. Anonymous Coward
      Anonymous Coward

      Re: It's OK, guys

      Running Linux is what the vast majority of the hacked systems have in common....

      1. Anonymous Coward
        Facepalm

        Re: It's OK, guys

        Ah, RICHTO! –You've forgotten to login, matey.

      2. Captain Scarlet Silver badge
        Facepalm

        Re: It's OK, guys

        Yes because its all the OS's fault, not the software that if run in a way it wasn't intended to blaps details, exploit in something else or poor passwords are not to blaim.

        There are loads of attack vectors these days that people are only starting to realise are vulnerable, a simple coding mistake on a website can give an attacker the ability to do something unintended but permitted by the software.

        1. Anonymous Coward
          Anonymous Coward

          Re: It's OK, guys

          No no, of course it's not the OSs fault. It's only the fault of the OS if it's a Microsoft OS.

      3. This post has been deleted by its author

      4. Anonymous Coward
        Anonymous Coward

        @AC

        It could be true, I dunno, but then its still the lack of maintenance which caused the intrusion(s).

        AC for very obvious reasons; I've recently experienced this myself with a certain customer server. It ran Debian.... 3.1 (Sarge). In the year 2010, 2011, 2012... Of course Sarge's release date was 2005 and it has been long superseded. Heck; even the lack of security updates was no problem for this customer. As long as the server ran "all was fine".

        This server has been compromised a few times now and from the looks of it has been again quite recently. So; who or what is to blame; the operating system?

        I don't think so....

        1. asdf

          Re: @AC

          Lots of VMS systems and mainframes a lot older than 2005 running in production still. Upgrading an OS on a mission critical business system is a HUGE deal for most decent sized businesses. Walling off your business critical system as much from not just the internet but internal networks as much as you can is generally best practice. Of course the OS on a public facing web server is a whole different matter.

  2. Don Jefe
    Black Helicopters

    Blah. Blah. Shut It.

    Here's a huge list of email addresses and names. LET SLIP THE DOGS OF WAR. Then we all get something...

    Asshats. You can get and legally use most of this data for less than the cost of calling a lawyer to see how much trouble it is worth. Validated names and email addresses from respectable vendors cost our partners less than $6,000 per thousand for 30 day use. Why even bother with the fringe stuff? If you are serious about changing things then you'll figure out a way to find a few thousand dollars.

    Kids were smarter in my day.

    1. Jon Gibbins
      Holmes

      Re: Blah. Blah. Shut It.

      I'm sure the point that was being made here is not that they have the data, more that they managed to get the data via servers' backdoors that were wide open flapping in the wind.

      1. Kristian Walsh Silver badge

        Re: Blah. Blah. Shut It.

        That's what they *said* they did, but if the various arrested Anons are any indication of character, that were these guys are fantasists. It's more likely they got the addresses by rifling through third-party servers like forums or conference organisers that don't have such high security.

        You can get a shit-load of ESA and NASA addresses just by scanning the abstracts of aerospace conference papers, and it's not too hard to weed through other spam-lists to find certain domains.

        And when you've got them, what the fuck use is a pile of email addresses at the Department of the Treasury, or the European Space Agency anyway. What are they going to do with them? *Spam* them into revealing that the financial crisis is a result of the world's governments paying a gold tribute to the aliens that landed in Roswell? Seriously... acquisition of something resembling a life is in order here.

        But hey, they're saving the world (from something as yet undefined) and taking a stand (for something as yet undefined).

        1. url

          Re: Blah. Blah. Shut It.

          spear phishing mayhaps??

    2. Uffish

      Re: less than $6,000

      Is $6 per month what my name and email address is worth? I might consider renting it out.

      1. Don Jefe
        Joke

        Re: less than $6,000

        No need to rent it out. Everyone already has it.

    3. Anonymous Coward
      Anonymous Coward

      Re: Blah. Blah. Shut It.

      "Kids were smarter in my day"

      citation?

  3. Khaptain Silver badge
    Unhappy

    Useless bunch

    These kinds of fruitless attacks end up becoming fodder for politcal lobbying. It doesnt show strength or prowess, it shows more that the group don't understand the world that they live in....

  4. taxman
    Big Brother

    Feeding time at the zoo

    No wonder people involved in this http://www.theregister.co.uk/2012/12/10/communications_data_bill/ think there is good reason to invoke such laws when this sort of crap is being published by the press.

  5. TheCraigE
    Trollface

    Hackers need to man up

    Pretty weak.

    Please, next time only report on computer miscreants if they manage to EXPLODE A COMPUTER

    1. yossarianuk

      Re: Hackers need to man up

      Or get it to play AC-DC in a nuclear plant...

      http://www.bloomberg.com/news/2012-07-25/iranian-nuclear-plants-hit-by-virus-playing-ac-dc-website-says.html

      1. Crisp

        Re: Thunder

        Na na na na na na na na

  6. The FunkeyGibbon
    Thumb Down

    "Oooh, look what we can do!"

    I know that security is important and I'm not saying that what they've done here doesn't point out some security flaws, but it really is just willy waving. They aren't doing anything useful here it's just kids running around being douches. Hacktivism is supposed to have a political goal. This clearly doesn't so they aren't Hacktivists they are just vandals.

  7. Anonymous Coward
    Anonymous Coward

    From their logo in the pastebin

    4 weeks ago · 726 views

    Not exactly popular.

  8. Zaphod.Beeblebrox
    Mushroom

    Hacktivist crew signs off for Christmas

    Just wish these and others like them would just sign off. Permanently.

  9. adam payne

    All the billions they apparently spent on security after the whole Gary incident really helped then.

    1. Yet Another Anonymous coward Silver badge

      Of course it did - there were lots of new Powerpoint presentations about the importance of security.

      This did mean upgrading every government employee to the new version of Powerpoint but we were able to offset the costs of this by firing some admins and moving all the computer stuff onto Dropbox.

  10. magnetik
    WTF?

    irony

    These guys say they stand for keeping the internet free and open. And then they claim to have hacked into a bunch of high profile systems and release the info to the world while being untraceable. And that's meant to encourage governments to keep things free and open how exactly?

  11. Paul 37

    We are not the Judean Peoples Front

    We are the Peoples Front of F£$*ing Judea

    Splitters

    (Well, it is nearly Christmas)

  12. JaitcH
    FAIL

    US Government: The worlds biggest data sieve

    The US keeps on flaunting it's technical prowess. If this is true how come so much of their data leaks?

    Little wonder China saves so much on military R & D; The Congress should forget about Chinese backdoors and get the 'experts' to stick their fingers in the leaking dykes of US IT.

    1. asdf
      Trollface

      Re: US Government: The worlds biggest data sieve

      The Chinese are stealing from the UK government too just with less gusto. The 1960/70's technology of the UK Armed Forces is already pretty much in the public domain.

      1. Yet Another Anonymous coward Silver badge

        Re: US Government: The worlds biggest data sieve

        >The 1960/70's technology of the UK Armed Forces is already pretty much in the public domain.

        The chinese now have the secret of Tea and biscuits-Brown ?

  13. ForthIsNotDead
    FAIL

    I've a feeling that...

    ...the really successful hacks are the ones we never hear about.

    1. nuked
      Thumb Up

      Re: I've a feeling that...

      I wasn't able to upvote you more than once so I've upvoted myself here instead.

  14. Anonymous Coward
    Anonymous Coward

    I haven't looked at the raw data from this hack but none of their recent hacks has impressed me. They've all been hyped up and contained very little that was actually useful.

  15. Anonymous Coward
    Anonymous Coward

    "while in October it released student records from the world's top 100 universities" did you actually look at the data? much of it was worthless.

    1. Yet Another Anonymous coward Silver badge

      >"while in October it released student records from the world's top 100 universities" did you actually look at the data? much of it was worthless.

      Well only one record was genuine, the other 99 had just been copied off wikipedia

      1. Pie

        Brilliant :)

  16. nuked

    Just think what Chinese government-sponsored crews could steal...

  17. Anonymous Coward
    Anonymous Coward

    Soon to just be ghosts

    These naive hackers are in for a reality check when they permanently disappear without a trace.

  18. Anonymous Coward
    Anonymous Coward

    Well well well. Plaintext password storage at ESA

    A bunch of people at $orkplace have had warnings today from the local CERT team because their details were published.

    Looking at several of the warnings, the thing which stands out most clearly is that ESA didn't bother with any form of encryption for passwords on their website. The rest of the details were already publically available.

This topic is closed for new posts.

Other stories you might like