Hacktivists Ghost Shell dump 1.6m log-in details on web

  • Published
Ghost Shell logo
Image caption,
The Ghost Shell group is an offshoot of the Anonymous hacking collective

Log-in details from 1.6 million accounts have been posted on the web by hacktivist group Ghost Shell.

The group gathered the data during a series of attacks on Nasa, the FBI, the European Space Agency and many other government agencies and contractors.

Included in the dump were log-in names, passwords, email addresses and CVs, plus the contents of online databases.

The group said it had sent messages to security bosses about 150 insecure servers it had targeted in the attacks.

In a statement posted online Ghost Shell said the attacks were part of its #ProjectWhiteFox campaign to promote freedom of information online.

The data stolen was posted on several different sites to stop it being swiftly found and deleted.

Images posted to a Pastebin page suggest the hacking group accessed some sites by attacking the databases many companies use to catalogue and curate website content.

With cleverly crafted queries, attackers can make these databases surrender data they should be concealing.

As well as mounting attacks on government agencies, the group also targeted contractors and firms working for the US Department of Defense.

In all, 37 separate organisations, agencies and businesses were hit during the campaign.

The group, which is an offshoot of the Anonymous hacking collective, has carried out a series of attacks in 2012.

Details from millions of accounts held at businesses, universities and Russian government departments and companies have all been posted by the group.

It said #ProjectWhiteFox was the last operation it would carry out in 2012.