Team GhostShell's Project WhiteFox logo.

Team GhostShell published their "last project" Monday, "Project WhiteFox." The hacking crew again used their signature method of announcing the large-scale hack, hijacking numerous Twitter  profiles to link to their Pastebin page and notify tech blogs and writers who have covered them in the past.

On the page linking to data taken as part of Project WhiteFox, Team GhostShell explained some of their actions over the past year or so. They also revealed that "DeadMellox" was a ploy, writing that he "was a ghost to begin with."

"We used the name afterwards to trackback all mentions of that name all over the place," the hackers wrote, adding, "Well, the whole plan is a bit more complicated than that, part of a bigger story, but let's leave it at that for now."

The organizations hit by Project WhiteFox include The European Space Agency, NASA's Center For Advanced Engineering, the Credit Union National Association (CUNA), a defense contractor for the Pentagon and Aquilent, an intelligence firm that states on its website that it makes "technology work for you."

In a survey of some of the data Team GhostShell posted to various paste-up sites, Betabeat noted login information including emails and passwords as well as the texts of what appear to be internal communications.

Team GhostShell ended the long list of links to hacked data with a rundown of its ops from 2012. These included #ProjectDragonFly, which Team GhostShell termed "a real cyberwar upon China" in the name of freedom of speech and #ProjectWestWind, which famously hacked top-shelf educational institutions around the world to protest "school policies that had spiked tuition fees, outdated reforms and unprepared school faculty."

While Project WhiteFox is supposedly the team's final exploit for this year, Team GhostShell signed off with a hint they'd return, writing, "who knows, maybe we'll see each other again next year."

Hundreds of systems administrators and IT security staff around the world probably hope Team GhostShell is done for good.

screengrab

Team GhostShell returned late Monday with Project WestWind: a leak of 120,000 records from 100 major universities around the world.

Team GhostShell is the hacking group behind Project Hellfire, which launched in August this year. Project Hellfire lifted 1 million accounts from 100 websites around the world, compromising data from the CIA and from Wall Street.

The hacked data leaked in Project WestWind does indeed appear to come from a who's who of major learning institutions. They include Harvard, Cambridge, Princeton, Tokyo University, Cornell and New York University.

In their Pastebin announcement, Team GhostShell said Project WestWind was a serious effort to jump-start a dialogue on the state of higher education today. Apparently this hack wasn't pranksterism for the lulz, but hacktivism for the greater good:

We wanted to bring to your attention different examples from Europe, how the laws change so often that even the teachers have a hard time adjusting to them, let alone, the students, to the US, where tuition fees have spiked up so much that by the time you finish any sort of degree, you will be in more debt than you can handle and with no certainty that you will get a job, to Asia, where strict & limited teachings still persist and never seem to catch up with the times and most of the time fail to prep you up for a world where foreign affairs are crucial in this day and age.

The hackers ask that others use the information as a conversation starter, team member DeadMellox writing:

You don't have to talk about it with us, what's important is that you bring up the subject 'today's education' in day-to-day conversations with your family, friends, people close to you and try to understand the system better, together. How it works, how a certain type of diploma can or cannot help you in your road to the career you want to pursue.

Though Team GhostShell's data dump contains user screen names and mostly hashed passwords (Betabeat examined one file in which some of the passwords were apparently cracked), they claim they've kept the leaked records to a minimum.

Team GhostShell issued a warning to the targeted institutions regarding the states of their networks: "When we got there, we found out that a lot of them have malware injected. No surprise there since some have credit card information stored."

Betabeat has reached out to a web network administrator at one of the hacked universities for comment and will update this post if we receive a response.