GhostShell published a list of compromised targets with each listing entry accompanied by links to four different public locations have a preview of the extracted data.
The goal of the database is not to cause harm to the victims, GhostShell said, but to draw attention to the sites’ non secure nature.
Breaches Continue Upward Trend
Attackers Exploit Privileged Accounts
Cloud Breach: Cost 3 Times Higher
How Attackers Bypass Security: Report
GhostShell goes back as far as 2012. In March 2013, the organization said its activity would stop, but that did not last as on June 28, GhostShell’s Twitter account came back to life, publishing targets and links to dumped data.
“Time to bring to light the things that you’ve never been told in the media lately. How truly deplorable cybersecurity has become,” reads the second tweet after the comeback.
The list includes websites in the government and educational sector as well as retailers around the world.
All the entries ended up gathered in a single document available on Pastebin. The number of victims is 548, according to the data published on Pastebin. It is not clear when the breaches occurred.
GhostShell also made note of Dark Hacktivism, which is group is promoting. In the Dark Hacktivism piece they published, GhostShell shared information from their experience hacking various organizations.
The details refer to the physical and mental stress resulting from long hacking sessions and to psychological preparedness and building up online alter egos to protect the real identity.
Examples provided in the document aim at cybercriminals but also administrators. They reveal tactics a hacker may employ to continue an exfiltration process, hurdles encountered, ways to gather knowledge to determine if and how a target is vulnerable and inferring server layout from available hints.
GhostShell said some targets ended up hacked because they failed to implement the latest patches on the market.
GhostShell said in the case of the targets in the education sector, 9 out of 10 are vulnerable against basic forms of attack.
As of July 4, GhostShell posted on its Twitter account: “ALL bins have been deleted. If you haven’t seen the data yet don’t worry we’ll do a re-release next time on 100 file sharing sites.”