Content

GhostShell group fixes on Wall St., others in “HellFire” raid

A series of breaches professed to be the work of a hacking campaign titled “Project HellFire” materialized Saturday when a group named Team GhostShell leaked data associated with one million user accounts.

The information was posted online, along with a message from the group, which claimed to be collaborating with hacktivist group Anonymous.

"DeadMellox," a leader of the GhostShell group sent a tweet Saturday announcing the breach. 

The stolen data, which included admin login information, employee usernames, passwords and files -- particularly from content management systems -- was said to be stolen from around 100 websites for banks, consulting firms, government agencies and other institutions across various industries.

In the message, Team GhostShell explained that the attack was a form of protest against financial institutions and lawmakers, as well as authorities who arrested hackers this year. The group also announced that more attacks were planned.

“We are also letting everyone know that more releases, collaborations with Anonymous, and others, plus two more projects, are still scheduled for this fall and winter,” the message read. “It's only the beginning.”

Security firm Imperva posted an analysis of the attack on its blog, stating that some of the databases breached contained more than 30,000 records.

In a Tuesday interview with SCMagazine.com, Rob Rachwald, the director of security strategy at Imperva, said the intruders used a common method of stealing information – SQL injection, an attack against a database through an application, in which a string of code is entered to dupe a database into transmitting data to attackers.

“Since 2005, [SQL injection attacks are] the most common way that hackers steal data,” said Rachwald. 

Massachusetts Institute of Technology, one of the many institutions targeted by Team GhostShell, said in a statement that it was responding to the possible compromise.

"MIT takes security allegations very seriously and has been investigating the matter since it was first brought to our attention on Saturday," said the statement. "A temporary security measure has been put in place to prevent any future access to the data as the incident is being investigated."

Team GhostShell was also linked with a May security breach impacting the University of Maine's Orono campus. In that case, a server at the school was compromised to expose the personal details, including Social Security and credit card numbers, on nearly 4,000 individuals.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.