Forgot your password?
typodupeerror
Security

GhostShell Hackers Release Data From Exploiting NASA, FBI, ESA 124

Posted by Unknown Lamer
from the infernal-script-kiddies dept.
An anonymous reader writes "The Register is reporting that the hacking collective GhostShell has announced it has [dumped] around 1.6 million account details purloined from government, military, and industry. The [hacking] group said in a statement: 'we have prepared a juicy release of 1.6 million accounts/records from fields such as aerospace, nanotechnology, banking, law, education, government, military, all kinds of wacky companies & corporations working for the department of defense, airlines and more.'"
This discussion has been archived. No new comments can be posted.

GhostShell Hackers Release Data From Exploiting NASA, FBI, ESA

Comments Filter:
  • by Anonymous Coward

    Or is slashdot still broken?

    • by aggemam (641831)

      Which problems were you encountering?

      • Re: (Score:3, Informative)

        by azalin (67640)
        OT: A few minutes ago I was unable to leave the front page. All article links simply loaded the front page. Seems to be working by now.
      • by Anonymous Coward on Tuesday December 11, 2012 @07:45AM (#42249272)

        Which problems were you encountering?

        For a period of at least several hours, clicking on any link to a story simply loaded you back on the front page.
        Mods, quit wasting your points giving -1's to people complaining about the site not working properly. The OP in this thread did not deserve to be modded as "Flamebait", give it an Offtopic if you're that pissed about it.

  • by Anonymous Coward

    Can't I just look up their emails on their web page or their business card? *lookspuzzled*

  • https://privatepaste.com/17c37f360e [privatepaste.com]

    "Try to determine if this is a person or a computer responding.","54041e7f42c444ce65298f70581d9b52""

    what are those letters/numbers after every sentence?

    • Re: (Score:1, Interesting)

      by Anonymous Coward

      That's just part of the line whole line is:

      "1","2004-08-11 17:43:14","595","thing of ","Try to determine if this is a person or a computer responding.","54041e7f42c444ce65298f70581d9b52"

      The corresponding items are:

      bot,enteredtime,id,input,response,uid

      It's a database dump.

    • They are MD5 hashes.

    • https://privatepaste.com/17c37f360e [privatepaste.com]

      "Try to determine if this is a person or a computer responding.","54041e7f42c444ce65298f70581d9b52""

      what are those letters/numbers after every sentence?

      Nasa's been trying to decode the language of the martians for a few years and that's as close as they've come to succeeding.

  • by girlintraining (1395911) on Tuesday December 11, 2012 @07:34AM (#42249228)

    Yeah, they have the password for the usernames of their website. You know, the one that has only public information. Wow, I'm so impressed. In other news, government and private-sector agencies use passwords to prevent people from randomly updating their public websites, which contain no sensitive or terribly interesting information. It's like saying I hacked the whitehouse because I was able to get into the e-mail account of one of the assistant junior staffer's intern's. woo, look at me! :\

    Also, Protip: Don't embarass one of the few agencies in the world with the resources and inclination to track you down (ie, the NSA). They basically built a whole second internet to track all the traffic on the first internet, and then built a giant super data warehouse to warehouse all the other warehouses. Not exactly the kind of people who's cheerios you want to piss in.

    • by Anonymous Coward

      You know, even at the NSA there's probably people using the same password on several accounts.

      • You know, even at the NSA there's probably people using the same password on several accounts.

        I would be very surprised if the NSA didn't use dual factor authentication. Hell, my ex-wife was an engineer for Sun Microsystems and wherever they went they had an "Enigma Card" (secure token device). I would hope if Sun/Oracle is doing it (love it when they call them "snorkle" now) one would hope that agencies like the NSA is doing it.

      • You know, the NSA doesn't allow the really juicy stuff to be physically accessible via the internet (like the military).

    • by Jah-Wren Ryel (80510) on Tuesday December 11, 2012 @08:15AM (#42249392)

      Also, Protip: Don't embarass one of the few agencies in the world with the resources and inclination to track you down (ie, the NSA). They basically built a whole second internet to track all the traffic on the first internet, and then built a giant super data warehouse to warehouse all the other warehouses. Not exactly the kind of people who's cheerios you want to piss in.

      I'm happy someone is doing it. The day no one is willing to tweek the nose of power is the day the human race stops being human.

    • by AmiMoJo (196126) *

      It's significant because many people use the same password for multiple sites, so access to a relatively "harmless" database like this one will inevitably open up access to more sensitive stuff.

      To take your example of the assistant junior staffer's intern's email access there was once a company called Media Defender. A group called Media Defender Defender got into one of their staff's personal Gmail accounts, which he had stupidly copied all his work email to automatically for years. The company was blown w

      • It's significant because many people use the same password for multiple sites, so access to a relatively "harmless" database like this one will inevitably open up access to more sensitive stuff.

        That still doesn't solve that pesky problem of their being no connection to the outside world. You can't hack the Gibson if there are no incoming lines. -_- I could give you the root password to my computer and it would do you zero good because there's no way to make a connection to my computer: You couldn't even get past the crappy wifi router. I would expect the NSA's super top secret networks would be at least as secure as my $15 linksys router in this regard.

    • by Threni (635302) on Tuesday December 11, 2012 @08:40AM (#42249554)

      Who mentioned the NSA? Apart from you, I mean?

      • by tehcyder (746570)
        No one. NASA was mentioned by name, together with the Pentagon and FBI. I assume NSA was whatever the reading equivalent of a typo is for NASA.
      • Who mentioned the NSA? Apart from you, I mean?

        Ah yes Vanna, I'd like to buy a vowel please? Another 'A'.

    • by Guppy06 (410832)

      Yeah, they have the password for the usernames of their website. You know, the one that has only public information.

      One of the roles of the NSA is to help US entities implement proper defensive security measures. When your job is to tell others how to secure their websites, it's a black eye when your own is found insecure.

      Don't embarass one of the few agencies in the world with the resources and inclination to track you down (ie, the NSA)

      Unless they also have a flux capacitor, they still can't un-publish this information. Regardless of how angry they are, the damage is done, hence the need for information assurance to begin with.

      All in all, not an efficient use of tax dollars.

  • ...section 9 on the case.

  • Are they even a real site? No, really.

    Just by quickly looking at what's on their site I can't tell if they want to be taken seriously or not.

    Headlines?
    "App designed for safe sending of naughty selfies is rife with risks. Teenager subtitles: App makes selfies safe BLAH BLAH BLAH "
    "Data cops seek 'urgent clarification' on new Facebook advertiser plans. We advertise to you next to your own content ... bitch "

    • by ledow (319597)

      You've never heard of The Reg? Come on, you're joking right?!

      They are a site that hosts both satirical, comic and serious articles on a range of IT topics. Home of things like the BOFH and Verity Stob "funnies", tongue-in-cheek-but-serious projects (like sending a Playmobil toy figure into space using some of the latest IT kit), and serious editorial on IT news.

      In good British tradition, even the most serious of IT events is reported with humour, to lessen the blow and provide a bit of humanity, and there

      • by x3CDA84B (2592699)

        I think that's what The Register used to be. I stopped reading it years ago when it became impossible to tell if they were reporting actual news in a comical way, or completely fabricating a particular story.

        • by Xacid (560407)

          Yeah...it's that blending of the two types of "reporting" that threw me off. At least w/ the onion I know where I stand. With this group...I have no clue what they're after or who their audience even is. It feels like those well crafted spam emails that are almost coherent but just not quite.

    • by tehcyder (746570)
      Wow, you are possibly the most humourless person on slashdot. Good work fella, you've got some stiff competition.
      • by Xacid (560407)

        You're supposed to post as AC if you're going to belittle someone while avoiding answering a question. Don't you know the rules here?

    • by fuzzywig (208937)
      See that .co.uk in the URL? That means that there's a chance of irony and sarcasm being deployed.
  • nuf said
  • If even them are not protected enough, how can we trust them with our own security?
    • by nedlohs (1335013)

      You don't. You trust (well the idea anyway) one of them to mainly investigate crimes after the fact and the other two to do various things related to reseach and exploration of deep space and aerospace.

  • .... watching your posts on slashdot for clues and tips....

    • by tqk (413719)

      ... watching your posts on slashdot for clues and tips

      We wish.

      Have you seen the stories on ProPublica about the US military losing battlefield operations data, going back to WWII?

  • by sebo2000 (2764273) on Tuesday December 11, 2012 @02:11PM (#42252407)
    This is nothing more then Gov phishing attempt. I spent about 4 hours and went through most of the data, spotted few people I know, they have never had accounts on servers as those dumps claimed, I told them their “passwords” they had no clue what I was talking about, there was no wow how did you know! Reaction. Tried about 5000 user/password attempts none of them worked. Text strings from most of the Nasa/gov/contractors are public, you can google them. This whole crap of data looks like giant text scraping in attempt to generate legitimate looking “hacked” data. This was posted yesterday today noting works: http://pastebin.com/RdC0LZqW [pastebin.com] And those “super hackers” xl3gi0n have even they own facebook page please who buys this?? Another one post same dump GrenXparta_Hacker Just an example Todays dump http://pastebin.com/RdC0LZqW [pastebin.com] has following hash: MGHkLGt3ZQExBGZ2ZGt2MwD2ZmZ5LGSvZ2H5A2H0LzR= Quick search for this hash shows it showed up Sep 12 2012 on some Russian page: http://forum.insidepro.com/viewtopic.php?t=17101&sid=962d5d41e1b8225c223283ab91908b66 [insidepro.com] Some guy asks in Russian security forum what that hash is and someone says that it looks like SHA-256, but it misses / + so it is not. Or search for this: AGL2ZmEuL2HmAJL1AmVmMwVkLJRkAGL5BGtkZ2EyZTL= Every single one of those hashes is searchable on the net, most of them (from today) are from http://www.itpints.com/?sources%5B%5D=Twitter&q=Alexis%20Wright [itpints.com] What is this? Real time search engine that generates hashes the same as in “leaked” docs claiming to be passwords? It screams FAKE. There is probably quite a few hashes\hot spots included that government is monitoring and checks who searches for what, also they will phish all the idiots that will share their work related data with “anonymous” install pin point them malware on their PC and monitor them further. At list what I would do :)
  • I guess this could also just be the chinese under mask, trying to expose the ongoings to seed more mistrust and win at the cyber war they are wagering...
    Please replace chinese with your favorite cyber-advanced anti-US country....

    • by sebo2000 (2764273)
      This is US trying to scare citizen, so they can apply full monitoring measures on the internet. Continuation of war on terror. Data that is posted has no value but regular fools do not see it, they think someone is attacking us, and we need more internet laws and control.

Work is the crab grass in the lawn of life. -- Schulz

Working...