Microsoft Subnet An independent Microsoft community View more

Massive Leak: Project HellFire Hackers Dump 1 Million Accounts from 100 Sites

The hacker collective Team GhostShell, in collaboration with two other hacking groups, MidasBank and OphiusLab, hacked 100 websites worldwide and then dumped one million accounts/records in "protests" under the Project HellFire banner.

A massive leak of one million records were dumped by the hacker collective Team GhostShell in the last protest of the summer "against the banks, politicians and for all the fallen hackers this year." However "we are also letting everyone know that more releases, collaborations with Anonymous and other, plus two more projects are still scheduled for this fall and winter. It's only the beginning. There are more leaked accounts/records coming." The leak was first announced by DeadMellox, the "blackhat leader of Team GhostShell."

The Project HellFire Pastebin statement begins with:

All aboard the Smoke & Flames Train. Last stop, Hell. You can have the pleasure of sharing seats with targets such as WallStreet, CIA Services [not the Central Intelligence Agency but C.I.A. Services], MIT, Consulting Firms, Political Advisors, Security Companies, Corporations, Weapon's Dealers, Laboratories, Internet Hosting Services, Academics, Banks, Police Departments, Aviation, The Navy, Stocks Exchange, Bonds Exchange, Markets, Emirates Organizations, Various Businesses, Hedge Funds, Estate Agencies, Public Affairs, Robotics, etc.

Furthermore, Team GhostShell said it plans to give away access points to "six billion databases from a Chinese mainframe full of Chinese and Japanese technology;" "over 105 billion databases to a U.S. stock exchange mainframe;" and "3-4 different servers belonging to the Department of Homeland Security." The Project HellFire hacks were reportedly accomplished in collaboration with two other hacking groups, MidasBank and OphiusLab.

Security firm Imperva analyzed the attacks and said most were accomplished via SQL injection using the tool SQLmap. While Imperva said it was "hard to count and verify" how much data was taken, "some of the breached databases contained more than 30,000 records." It's the same old story when it comes to the problem of weak passwords, but a law firm used:

an interesting password system where the root password, 'law321' was pre-pended with your initials. So if your name is Mickey Mouse, your password is 'mmlaw321'. Worse, the law firm didn't require users to change the password. Jeenyus!

While "a lot of the stolen content did not include any sensitive information," it appears the attackers exploited content management systems (CMS) to acquire "a very large portion" of the files, reported Imperva. "Credit history and current standing is a very noticeable part of the data stolen" from targeted banks. Other records contain usernames, passwords, email addresses, real names and more from "consulting firms, government agencies and manufacturing firms."

Earlier this year, Team GhostShell was busy hacking the heck out of China during Operation ProjectDragonFly which "began by breaching every site in their way, including national and regional sites, giving as examples, 'Hong Kong (hk), Beijing (bj), Shanghai (sh), Macau (mo), Tianjin (tj), Anhui (ah), etc'." That leak included "usernames, passwords, addresses, phone numbers, passports, flight numbers, private messages, project descriptions, and much more."

In another hack, AntiSec hacker Stun claims to have breached GlobalCerts which, according to the "About" page, offers "secure messaging and certificate management solutions." According to Softpedia, the AnonPaste, lists "around 1,600 names, job titles, phone numbers, email addresses, company names and other information."

Yesterday Softpedia reported on other hacktivist news. A DDoS attack, part of Operation Free Assange (#OpFreeAssange), temporarily disrupted the website of Interpol, "the largest international police organization in the world."

Like this? Here's more posts:

Follow me on Twitter @PrivacyFanatic

Join the discussion
Be the first to comment on this article. Our Commenting Policies