July 2, 2015 by

Hacktivist Group GhostShell Claims it Hacked Over 300 Websites

In a series of tweets that detail their latest exploits, Team GhostShell, a hacker group has claimed to successfully hacking over 300 websites around the world with the personal data of over 13,000 users being dumped online, as revealed by Symantec in a blog post.

The hacking spree

Claiming to hack hundreds of websites within the past 48 hours, Team GhostShell posted multiple links showing a number of educational portals, Korean and Japanese websites, travel portals and more as victims of their hacking spree.

With no seeming pattern to the attacks, Team GhostShell claim they hope to raise awareness and attention to the vulnerability and shoddy cybersecurity that most websites embrace, according to group.

Educational institutions targeted in the attack include:

  • The University of Southern California (USC)
  • Princeton University
  • The University of Maryland
  • UCLA Electrical Engineering Department
  • University of Michigan and plenty more.

Those around the world weren’t spared either, with the University of Delhi in India also a victim of the spree. So too were institutions in Australia, Egypt, China along with many other .edu domain websites.

According to preliminary reports looking into the dumped files that have been obtained from the extensive data breach, users’ personal data includes:

  • Names
  • Email addresses
  • Skype IDs
  • Phone numbers
  • Physical addresses

“Reports say that the data dumps reveal compromised account details numbering in the thousands at the lower estimate; however, this number is probably much higher,” said Symantec security researchers.

They also added that while some passwords were encrypted and hashed, most were still stored in plain text. The data dumps also revealed plenty of examples of notoriously weak password: 123456.

A history of notoriety

Team GhostShell were last active in 2012 before going into a hiatus and surfacing again in the present day. At the time, they had:

  • Leaked hundreds of thousands of records from top Ivy-league schools and global universities.
  • Took on organizations such as NASA, the Pentagon and other political groups.
  • Dumped and made public availability of 1.6 million accounts and records from various departments including the Federal Reserve, the FBI, NASA and the Pentagon in December of 2012.

The data dumps from 2012 revealed the usage of SQLmap, a popular injection tool used by hackers which injected and infected the victims’ servers and websites with SQL code.

It is recommended that individuals use strong passwords that are unique to every website and never used across other sites. It’s also recommended that websites providing two-factor authentication as a feature is enabled, giving users comprehensive security.

Admins are advised to use web application firewalls for their databases and keeping all systems and software patched and up-to-date. As a rule of thumb, a Threat Assessment Test is recommended for any institution or enterprise as a precautionary measure to know where any vulnerabilities may be in your networks and website(s).

We will keep you updated on this developing, breaking story.


About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Apple Update Patch Fixes Exploit Enabling Hacker Takeover via WiFi

Released on Wednesday, the new iOS 10.3.3 update closes a critical wi-fi vulnerability that allows...

Read more arrow_forward

Here are the 10 Most Malware Infected States in the Country

A new report has canvassed more than 1.5 million malware infections in the United States to reveal...

Read more arrow_forward

NotPetya Cyberattack Causes Financial Losses for FedEx

Package delivery giant FedEx has revealed that the ‘NotPetya’ ransomware attack in June has led...

Read more arrow_forward

If you have any further questions, please don't hesitate to contact us.