GhostShell targets personal data at top-rated colleges

Share this article:

Team GhostShell, an Anonymous-related hacktivist collective, is at it again, this time targeting the top-rated universities domestically and internationally.

The group claims it hacked the servers of a laundry list of prestigious institutions, including Princeton, Harvard and Johns Hopkins universities, exposing, at the minimum, the email addresses, passwords, IDs and names of students and faculty.

On Monday, GhostShell posted information from more than 120,000 accounts and records gathered from servers at 100 universities.

Calling the incident part of the “Project West Wind” campaign, group leader “DeadMellox” tweeted about the dump the same day, linking to a document posted on Pastebin.

In late August, GhostShell claimed responsibility for a leak involving one million user accounts, stolen from around 100 websites for government agencies, banks, consulting firms and other institutions. The group also is connected to a breach in May affecting the University of Maine's Orono campus, where the personal data of nearly 4,000 people was compromised after Social Security and credit card numbers were accessed by hackers.

In the Pastebin message, GhostShell said that the recent attacks were launched to bring attention to various grievances the group holds toward the educational systems in the United States, Europe and Asia. The hackers cited growing tuition fees, frequently changing laws and heavily regulated teaching.

Perhaps telling of the vulnerability of the academic landscape, the group said it discovered that many of the targeted college's servers already had been  infected with malware.

A spokesperson from University of Michigan, which had seven servers listed as having been hacked, did not immediately respond on Monday to a request for comment from SCMagazine.com.

A spokesman at New York University, where two servers may have been made accessed by hackers, told SCMagazine.com on Monday that the school's IT department had been contacted about the matter. A spokesman at Johns Hopkins University also confirmed that IT staff was looking into allegations that five servers were infected.

SCMagazine.com also reached out to the U.S. Department of Education for comment, which has yet to respond.

Share this article:

Sign up to our newsletters

More in News

Pentagon to triple its security workforce by 2016

Pentagon to triple its security workforce by 2016

Defense Secretary Chuck Hagel recently announced the recruitment efforts during a speech in Fort Meade, Md.

Tech manufacturer's online payment system breached

LaCie confirmed an unauthorized party used malware to access its online payment system for almost a year and could have stolen customer information.

The Heartbleed bug works, and could be a scapegoat for older breaches

The Heartbleed bug works, and could be a ...

Researchers proved the Heartbleed bug was real in a challenge issued by CloudFlare to prove private keys can be stolen, right around the time companies are claiming they were breached ...