Team GhostShell says it published one million records, allegedly from banks, government agencies, consulting firms and others — and claims there’s more to come.
by Elinor Mills
A group of hackers has released a vast quantity of data from banks, government agencies, consulting firms and many others and promised more data leaks in the future.
“Team GhostShell’s final form of protest this summer against the banks, politicians and for all the fallen hackers this year,” the group, which calls itself — you guessed it — “Team GhostShell,” wrote in a Pastebin post titled “Project HellFire” this weekend. “With the help of it’s [sic] sub-divisions, MidasBank & the newest branch, OphiusLab. One million accounts/records leaked. We are also letting everyone know that more releases, collaborations with Anonymous and other, plus two more projects are still scheduled for this fall and winter. It’s only the beginning.”
It’s unclear how much data was published from how many organizations, but security firm Imperva analyzed the data and said some of the breached databases contain more than 30,000 records.
“It’s hard to say with precision just how much (data was stolen), but you can say this is a pretty significant breach,” Rob Rachwald, director of security strategy at Imperva, told CNET in an interview today.
Whoever stole the data mostly used SQL injection attacks, common attacks that are easy for Web sites to protect against. The data includes administrator login information, usernames and passwords and files from content management systems, although it didn’t appear to have much sensitive information in those files, Imperva said. “There was some vulnerability with a content management system that they were able to exploit across multiple locations and download file upon file upon file,” Rachwald said.
Team GhostShell also offered — to “anyone who’s up for the challenge” — six billion databases from a Chinese mainframe that it claims contained technology from China, Japan and possibly other countries; more than 100 billion databases from a mainframe at an unnamed U.S. stock exchange mainframe; and access points to three or four Department of Homeland Security servers. “The sensitive information isn’t that great but it may be good for street cred,”the post says.
The leak, like so many others, highlights some of the amazingly lax password practices people and companies follow. “The passwords show the usual ‘123456’ problem,” the Imperva blog post said. “However, one law firm implemented an interesting password system where the root password, ‘law321’ was pre-pended with your initials. So if your name is Mickey Mouse, your password is ‘mmlaw321’. Worse, the law firm didn’t require users to change the password.”