Hack Hack Hack Hack It Apart

Hackers Strike Back: Team GhostShell Claims Massive Data Leak of CIA, Wall Street Info

Injectable SQL = hacker crack
anonymous Hackers Strike Back: Team GhostShell Claims Massive Data Leak of CIA, Wall Street Info

People need to start expecting this.

This weekend, a group of hackers claiming solidarity with Anonymous performed a huge data dump of 1 million records. Speaking for Team GhostShell, black hat hacker DeadMellox evoked a metal vibe, writing, “All aboard the Smoke & Flames Train,” before listing targets of the dump.

Wall Street, the CIA., political advisers, internet hosting services, banks and police departments appeared to be among the fallen, as well as hedge funds, estate agencies and “Robotics, etc.”

DeadMellox explained that the leak was “Team GhostShell’s final form of protest this summer against the banks, politicians and for all the fallen hackers this year.”

As The Register noted, some databases contain over 30,000 records.

Imperva Data Security analyzed Team GhostShell’s attack and concluded the hackers used SQL injection to cull admin logins, usernames, passwords, files and documents. However, Imperva concluded “a lot of the stolen content did NOT include any sensitive information.”

Team GhostShell works with MidasBank and OphiusLab. They’re not done yet:

To conclude this summer’s hacking spree, I will be giving away to anyone who’s up for the challenge three different access points to three different groups/crews out there. It’s our way of saying how great it’s been raiding with you and let’s hope that it isn’t over just yet. The access-points are the following: 1. Six billion databases from a chinese mainframe full of chinese & japanese technology. It’s very possible that it has from other countries as well, we haven’t checked them all for obvious reasons. 2. Over 105 billion databases to a US stockexchange mainframe/s. It’s very possible that the actual number is over 1 trillion, I wasn’t prepared the first time and it gave me a memory error after 105 when it tried to add another digit. This job will require you to have at least 1TB available. 3. Access-points to 3-4 different servers belonging to the Department of Homeland Security. The sensitive information isn’t that great but it may be good for street cred.

Network World points out Team GhostShell hacked a ton of Chinese sites last spring in Operation ProjectDragonFly. The hackers appeared to blow through vaunted Chinese security measures to obtain usernames, passwords, even passport information.

The fun is just beginning for government and Wall Street security experts.

Follow Steve Huff via RSS. shuff@observer.com