Team Ghostshell Hackers Claim NASA, Interpol, Pentagon Breaches
Group boasts "juicy release" of 1.6 million records and accounts drawn from defense contractors, government agencies, trade organizations and more.
"'Kay, let's get this party started! ESA, NASA, Pentagon, Federal Reserve, Interpol, FBI try to keep up from here on out because it's about to get interesting," said the group in a Pastebin post, making reference to some of the organizations with servers it claimed to have hacked.
More Security Insights
- How Attackers Identify and Exploit Software and Network Vulnerabilities
- Getting a Grip on Mobile Malware
White PapersMore >>
The resulting data that was copied and released by Team Ghostshell, and which largely appears to be in the form of server database tables, spans over 140 separate uploads -- all mirrored to multiple sites. Seventeen of those uploads relate to data grabs allegedly obtained from the Credit Union National Association (CUNA), which bills itself as "the premier national trade association serving credit unions." Team Ghostshell said the related data dump puts "over 85 mil. people at risk," while noting that "we've keep (sic) the leak to as little as possible." As of press time, CUNA's website was offline.
[ Read Bank Hacks: 7 Misunderstood Facts. ]
Meanwhile, 36 of Team Ghostshell's uploads appeared to involve data stolen from airport transfer firm World Airport Transfer, which is based in Ohio and owned by Tours & Co; 23 uploads are from California Manufacturers & Technology Association; 19 from Crestwood Technology Group; and eight from NASA's Center for Advanced Engineering Environments. Some of the other breached organizations appeared to include the Institute of Makers of Explosives, law firm Glaser Weil, the Defense Production Act (DPA) Title III Program, intelligence company Aquilent, the Texas Bankers Association, and the University of Texas at Austin School of Law's continuing education program.
The hackers apparently were also able to access servers that are part of ICS-CERT, the Department of Homeland Security Information Network, the FBI's Washington division in Seattle, intelligence company Flashpoint Partners, and Raytheon. It promised to warn affected organizations, via an email from email@example.com. "The email will also contain another 150 vulnerable servers from the Pentagon, NASA, DHS, Federal Reserve, intelligence firms, L-3 CyberSecurity, JAXA, etc. consider it an early Christmas present from us," said Team Ghostshell.
In what it has dubbed its year-end wrap up, the hacking group also detailed an identity -- "DeadMellox" -- which it said that its members had created to trace the flow of information relating to hackers. "'DeadMellox' was a ghost to begin with. Never existed. No, really. Before we created 'him,' he never exited (sic) on the internet, zero searches on google and all that jazz. Starting to get it now? We used the name afterwards to trackback all mentions of that name all over the place," said the group via Pastebin.
As part of its massive dox -- aka data dump -- Team Ghostshell included a briefing document allegedly stolen from Flashpoint Partners, the private intelligence firm that recently scored an interview with the U.S. bank attackers. The document lists the Twitter feed of DeadMellox as a source for the company's Team Ghostshell intelligence. To obtain the document, the hacking group claimed to have penetrated the Flashpoint network. "Interesting fact is that we weren't the only ones in there doing espionage," it said.
Earlier efforts by Team Ghostshell have included the release of 50,000 user accounts stolen from a jobs board that focuses on Wall Street, and the release of 120,000 records from 100 of the world's top universities, including Harvard and Oxford.
Last month, meanwhile, after "declaring war on Russia's cyberspace" as part of what it dubbed Project BlackStar, the group claimed to have leaked 2.5 million records and accounts related to a number of Russian government, law enforcement, and business organizations.
Storing and protecting data are critical components of any successful cloud solution. Join our webcast, Cloud Storage Drivers: Auto-provisioning, Virtualization, Encryption, to stay ahead of the curve on automated and self-service storage, enterprise class data protection and service level management. Watch now or bookmark for later.