Hackers leak responsibly, point to cyber insecurity

Jul 2, 2015 09:50 GMT  ·  By

The hackers in the GhostShell crew published a list with targets that have been recently compromised, each entry being accompanied by links to four different public paste locations containing a preview of the extracted data.

Called the “master list,” the database is not intended to cause harm to the victims, but to draw attention to their state of insecurity.

Return of GhostShell

The group is known for hacking sprees back in 2012, but in March 2013, it announced that its activity would stop. However, on June 28, GhostShell’s Twitter feed came back to life, publishing targets and links to dumped data.

“Time to bring to light the things that you've never been told in the media lately. How truly deplorable cybersecurity has become,” reads the second tweet after the comeback.

The list includes websites in the government and educational sector as well as retailers around the world, without revealing a clear pattern, except for selecting targets based on region and activity sector.

All the entries have been gathered in a single document available on Pastebin, which also makes available a text about Dark Hacktivism, a new concept promoted by the group.

The number of victims is impressive, amounting to 548, according to the data published on Pastebin. It is not clear when breaching the defenses for each of them occurred.

It is worth noting that, although the hackers leaked the data extracted from the victims, the information is not complete and represents only a preview. But even so, one can find email addresses, usernames, post codes, phone numbers, names, dates of birth as well as hashed and plain text passwords.

Hackers provide glimpse into their activity

In the Dark Hacktivism piece, the outfit shares information based on their experience with hacking various organizations, including government and education.

The details refer to the physical and mental stress resulting from long hacking sessions and to psychological preparedness and building up online alter egos to protect the real identity.

Some of the details hint at approaches that can be tried under certain scenarios once a system has been breached.

Examples provided in the document are aimed not only at cybercriminals but at administrators, too. They reveal tactics a hacker may employ to continue an exfiltration process, hurdles encountered, ways to gather knowledge to determine if and how a target is vulnerable and inferring server layout from available hints.

In one of the seven chapters presented, GhostShell says that some targets were hacked because they failed to implement the latest patches on the market.

Furthermore, the group provides a brief analysis of the “hackability” state of government domains, giving UK as a tough nut to crack, pointing to the firewalled state of the targets in Taiwan, or the Chinese protection against brute-forcing due to predominant use of the GBK2312 charset.

GhostShell says that, in the case of the targets in the education sector, 9 out of 10 are vulnerable against basic forms of attack. Different attack responses may be recorded but the group’s opinion is that they “they can breached quite easily.”

“The modules themselves that are casually used by edu's throughout the net are the most vulnerable amongst all the modules. (not that they're unique but it's almost like they gathered the weakest ones and decided to use only those),” GhostShell says.