14 DAY TRIAL // Team GhostShell has made a lot of headlines over the past period. That’s because, usually, its operations don't affect just a single company, but hundreds at a time. Their first major campaign, launched back in May, targeted China. At the time, the hackers leaked the details of 100,000 user accounts, stolen from several Chinese websites.
In August, they breached over 100 websites from which they stole more than 1 million record sets. Their most recent targets were the world’s top 100 universities and Russia.
Considering their impressive record, we’ve interviewed one of the group’s members, DeadMellox, to learn more about the team and their future plans.
Softpedia: Please tell us a few things about Team GhostShell.
DeadMellox: All I can tell you is that if you ever knew the truth behind Team GhostShell, you would be extremely surprised.
Softpedia: You’re seen as the good guys, fighting against injustices and crooked regimes. Have you ever been involved in blackhat operations?
DeadMellox: GhostShell has a set of black operations that go unseen by the public, but how would you, yourself, define a 'blackhat operation'? If you mean, stealing money and destroying servers, then no, we don't do that. If you mean copying information of all sorts, with certain follow-ups, then yes.
Softpedia: At first, you only targeted one organization at a time. What made you change your tactic and focus on several companies at once?
DeadMellox: Correction, at first we leaked one target at a time. No one ever said that these releases contain the only data we have.
From our very first release, the FBI came out and declared us cyber-criminals just because we went public and let everyone know that the target was vulnerable and contained credit card information. Links with it were getting passed all over Pastebin.
I remember clearly that the message posted here on Softpedia at that time was viewed by them, and even though in the release we never leaked any & even stated that they should further look into it since others might be vulnerable from that network, nobody listened. Soon after, another one was hacked and we took the blame for it.
That's when I decided to wear the blackhat name. Not as a warning to others, but more as a reminder that such actions will always be criticized and viewed as illegal actions by those with little to no experience in this field.
If they're going to call me all sorts of names, then fine, but if I have vital information I'm not just going to sit around and watch while the real bad guys break in and steal innocent people’s money.
Before you ask, if I tried emailing the one's affected beforehand, then yes, at first I always did that, yet seeing how every single one of them ignored me, the whole thing ended up turning into public hacktivism instead.
Softpedia: Tell us about a typical operation. How do you select your targets? Is each team member responsible for a certain task?
DeadMellox: Depends on the project. There always goes a lot of work into making them happen. For example, in a 'cyber-war', we don't plan ahead on specific targets, like a certain corporation or institution, it's more like, we begin from one point, in this case governmental sites and go to an entire list of industries.
There's so much to choose from that we classified everything on certain fields, instead of simple, and usually, fairly obvious targets.
Softpedia: Have you seen any results after these campaigns? Have your targets buffed up their security? Have they changed their ways?
DeadMellox: Yes. Starting from schools, Forex companies, banks, to security teams, such as VenusTech, mobilizing itself in tracking down the targeted sites and fixing them. China took the releases very seriously, especially since the first one had over 50 of their .gov sites breached alongside edu, ac, cn, com.cn, regional ones, etc.
In one of the more recent projects, WestWind, every single one of the affected universities was eventually contacted and informed. Personally, I even took the time to answer questions from different unis to campus reporters.
I have seen some of their articles after, although none of my responses were ever mentioned or related to them, so I'm assuming they were from the start attempts of social engineering me and the info got passed along to the authorities. I don't mind. They did the right thing, but it's not going to happen again.
Softpedia: After you hacked into some of the world’s top universities, the Japanese government launched an investigation into the matter.
Also, China issued some alerts after you hacked their websites. Did you feel any heat from law enforcement? Did they try to track you down? You can probably tell when someone is trying to learn your true identity.
DeadMellox: Japan needs to chill. Lucky for me, the US already told them that. I was online when the changes in articles and official statements went from a serious manhunt to allegedly 'just some kids playing pranks for fun'. The way they handled the whole situation made me reconsider my opinion on Japan.
If someone wants to attack them seriously, it will end in total disaster. First off, they're not prepared in terms of cybernetic laws or personnel to combat such actions. Right now they're putting together a 100 man team of security experts, as I'm sure you already know.
They are scheduled to go fully operational in 2013. Too bad no one told some of them not to go on twitter with made accounts since they might get doxed.
Secondly, their entire cyberspace is dangerously vulnerable. When I first started looking into it, around the beginning of the year, I thought they had some sort of unique ways of hiding their vulnerabilities through all kinds of modules.
After a few weeks or so of raging at people in chat rooms about it, since no one else knew anything either, I decided to analyze the modules themselves. One of their favorites is the pico module. Turns out they aren't better patched, but extremely outdated.
I've encountered outdated servers before in China, but these were so bad that all the attacks I knew at the time wouldn't even get recognized by the system as valid inputs, let alone get anything out of them. We were fortunate that the top universities are more updated than the rest.
Softpedia: The Russian government is feared by many hackers because of their almost unlimited resources. How come you’re not afraid?
DeadMellox: If I hover in fear and live in regret, then there was no point in me being born a man. I will live the way I want. If I want to declare war to the Chinese Government, then I will do it. If I want to declare war on the Russian Government, then I will do it.
If I want to declare war on all governments in the world, THEN I WILL DO IT! For my own selfish reasons and for no one or nothing else.
I like to view it as a chess game. Only that here all the pieces on my side of the board are all moving on their own, are unpredictable and at times, rash in their actions. Still, so far, thankfully, everything went well.
It was a good idea for only me to be accounted as part of the leaks directly, while shading everyone else. After all, if the king can't lead, how can he expect the others to follow?
Softpedia: What will you focus on next? Do you have any targets in mind?
DeadMellox: I will focus as promised on the second (new) project for this winter.
A lot of people misunderstood and thought that Project WestWind was the new operation for this season, but it was actually initiated months ago, if you remember the release on certain European politicians' extreme parties (mostly fascists) with their sites getting defaced and the data leaked.
This release, about universities, was not in GhostShell's agenda at the beginning. In fact, the project for this fall was meant to be held in the Middle East. Unfortunately something happened there in the meantime and I had to call the whole thing off.
We made due with the unis. People should check our Twitter page more often, we let them know in advance what's going to happen. For example, after Project HellFire, it was announced that “There will be a rumble in the fall, so get ready for war.” And GhostShell delivered.
Softpedia: What is your ultimate goal? What do you hope to achieve by hacking all those websites?
DeadMellox: Experience. I've actually been thinking for months now about becoming an ethical hacker. I've recently turned 21 in August and I already feel like I'm getting left behind. I know I should seriously think about attaining my CEH exam, but since I'm a self-taught hacker and all alone in this, it's a bit tricky on how to go about.
I've looked up last month at CCNA, CISSP, TICSA work sheets just to see the usual schema and they seemed quite easy enough as well.
I mean, I think everyone already knows attacks like SQLi (both browser, terminal and some open sourcing), buffer overflow, system hijacking, shellcoding, xss, Java scripting, some C/C++, writing injection tools in Python, Perl a little, you know, the basics.
So I'm not really sure how much else I should learn or if I've been studying the right things so far. I have been working in Linux over the past year, but I don't think that counts for something. Haha.
Softpedia: Is there anything else you want to add?
DeadMellox: The sixth project this winter will be the beginning of the end for Team GhostShell. Before this season ends, I will decide if I want to keep the whole thing going, transform it, or put an end to it and move on.
Around the beginning of this year, I had planned for only 6 projects to surface and now it's all coming to an end.
I'm somehow divided between continuing it, doing everything on a much bigger scale, implementing new hacking techniques and releasing more than just raw data, or putting a stop right after, erasing all its traces from the public scene and leaving altogether.