GhostShell Hackers Release Data From Exploiting NASA, FBI, ESA

An anonymous reader writes "The Register is reporting that the hacking collective GhostShell has announced it has [dumped] around 1.6 million account details purloined from government, military, and industry. The [hacking] group said in a statement: 'we have prepared a juicy release of 1.6 million accounts/records from fields such as aerospace, nanotechnology, banking, law, education, government, military, all kinds of wacky companies & corporations working for the department of defense, airlines and more.'"

Is it working now?

[Anonymous Coward]

Or is slashdot still broken?

Re:

[aggemam]

Which problems were you encountering?

Re:

[azalin]

OT: A few minutes ago I was unable to leave the front page. All article links simply loaded the front page. Seems to be working by now.

Re:

[SomePgmr]

I know we're off topic here, but that hasn't been my experience, with an S2 skyrocket. I can scroll through it all just fine.

Works in both stock browser and dolphin, running on ics.

Re:

[Threni]

I'm on Jelly Bean. Not tried other browsers because...well, it has to work on chrome or I'm not using it, much like I never install apps to view websites when I can just view the website in a browser!

Re:Is it working now?

[Anonymous Coward]

Which problems were you encountering?

For a period of at least several hours, clicking on any link to a story simply loaded you back on the front page.
Mods, quit wasting your points giving -1's to people complaining about the site not working properly. The OP in this thread did not deserve to be modded as "Flamebait", give it an Offtopic if you're that pissed about it.

Re:

[Anonymous Coward]

Is it really appropriate to call someone a dimwit when you appear to be functionally illiterate?

Re:

[yahwotqa]

Miy wits only appear dim because I want them to last, instead of burning out, you insensitive clod!

Re:What's their motive?

[TapeCutter]

"sheeple" - If you think the government is bad now, it would be a lot worse if people who use that term had any real power.

Re:

[Anonymous Coward]

^this^

Look its all good and all that you are 'leet' hacker. Did you scrub the data? Or did you dump it in the raw because that would entailed too much work? What I am asking is did you screw up someones life. Other than some admins who did not know about your exploits or maybe has no power to fix it? Did you notify the agencies involved (least the ones who do not throw a fit)? Or did you just dump the data out?

So you broke into NASA. Nice. They now have to take money that is already low and spend it

Re:

[drinkypoo]

Or maybe, just maybe, he's an asshole and NASA should have worked a little harder on their infrastructure. Since NASA is a military contractor, it's obviously interesting to access their data.

Re:

[girlintraining]

"sheeple" - If you think the government is bad now, it would be a lot worse if people who use that term had any real power.

I don't think our government's going to get any better or worse based solely on what words our elected officials use. I only say this based on over a decade in IT, where the names of everything have changed many, many times, but the problems haven't.

Re:

[kelemvor4]

"sheeple" - If you think the government is bad now, it would be a lot worse if people who use that term had any real power.

I don't think our government's going to get any better or worse based solely on what words our elected officials use. I only say this based on over a decade in IT, where the names of everything have changed many, many times, but the problems haven't.

In that case you should be well aware that they're issues, not problems. Sheesh!

Re:

[tehcyder]

"sheeple" - If you think the government is bad now, it would be a lot worse if people who use that term had any real power.

Presumably if you're one of the Randian sheeple-using libertarians you wouldn't be able to accept a job in government without your head exploding.

Re:

[Anonymous Coward]

From Miriam Webster:

patriot
noun \p-tr-t, -ät, chiefly British pa-tr-t\
Definition of PATRIOT
: one who loves his or her country and supports its authority and interests

That doesn't sound like what these guys are doing can be defined as "patriots". Please explain how this is in the best interests of the country. Or better yet, please explain how this does anything other than steal technical data and post it online. Who benefits? What wrong is righted? How is the public better off? An

Re: What's their motive?

[Urza9814]

"The duty of a true patriot is to protect his country from its government."
  - Thomas Paine ...which is exactly what is being done.

Re:What's their motive?

[ae1294]

I'm confused about what their motive is... Is it to endanger American citizens? Reveal military tactics and endanger soldier's lives? Is it to further corrupt a country that is hanging by a thread? I see no purpose to these hacks other than to gloat around anonymously and/or to endanger people.

It's all for the Lulz....

Re:What's their motive?

[somersault]

Some men just want to watch the world burn.

Re:

[Marble1972]

Study ancient history and find out.

Re:

[Anonymous Coward]

According to my 94 year old venerable grandmother we are not free anymore: there are too many laws and rules for anyone to understand what is legal and what is not.
No need go back to ancient history to find out what a civilised society with less regulation would be like, ask your +90 elders. You will learn that poverty and misery would be abundant but the peoples would be freer economically (you could trade beef for chicken with your neighbours without risking a visit from the food police) but the peer pres

Re:What's their motive?

[somersault]

The original question was

I wonder what it would be like to live in a world that simply relies and trusts in the goodness of your neighbors.

I don't think that existed 100 years ago. I don't think that exists anywhere. Not in our society, nor in the animal world. Anything that trusts too much gets wiped out sooner or later.

100 years ago the world may have been more free economically, but issues of race and gender were a lot worse than what we have in most of today's supposedly "civilised" society.

Re:

[Pubstar]

What about hippie communes?

Re:

[aNonnyMouseCowered]

"The original question was

'I wonder what it would be like to live in a world that simply relies and trusts in the goodness of your neighbors.'

I don't think that existed 100 years ago. I don't think that exists anywhere. Not in our society, nor in the animal world. Anything that trusts too much gets wiped out sooner or later."

Any group where the members fear each other too much would soon disintegrate or worst descend into internecine conflict. Yes, some form of "trust" is necessary in any animal society, ev

Re:

[somersault]

Of course. Either extreme is likely to end up in failure. But "simply trusting" will never work long term in any non-trivial social structure.

Re:

[Quiet_Desperation]

Ooo, yeah, lets go back to the era of polio, typhoid and smallpox! People forget about stuff like that.

ask your +90 elders.

I did that once. She muttered something about not having "all them uppity coloreds" and "a good woman knew her place."

Now get back to your factory shift, kid, or it's the coal mine for you! You fail that, and it's medical experiments for the lot of you.

(QD cuffs AC up side the head)

Re:

[kelemvor4]

Exactly, what part of "anarchy" is not clear here? I wonder what it would be like to live in a world that simply relies and trusts in the goodness of your neighbors.

Ask your parents what it was like.

Re:

[c0lo]

Some men just want to watch the world burn.

Sexist and discriminatory.

(grin)

Re:

[gmuslera]

Maybe with this some anonymous person could show up a bit more of US dirty laundry without going to a martial court or being suicidal in practical terms. It should not be needed, but unfortunately is.

Re:

[khallow]

Is it to further corrupt a country that is hanging by a thread?

I'd have to say this part is probably not correct. Corruption tends to lead to things like lax security and other cases of not doing the job. While this attack probably doesn't have much effect, I'd rather these guys be trying out the security rather than someone with more sinister motives. And maybe that embarrassment will get someone to do their job.

Re:

[Johann Lau]

Endangering those that endanger American citizens on a real big scale is technically "endangering American citizens"... maybe shove your wordplay/sophistry up your as and see if that helps you understand this at all.

Okay, but why?

[Anonymous Coward]

Can't I just look up their emails on their web page or their business card? *lookspuzzled*

is nasa developing a bot net?

[jehan60188]

https://privatepaste.com/17c37f360e [privatepaste.com]

"Try to determine if this is a person or a computer responding.","54041e7f42c444ce65298f70581d9b52""

what are those letters/numbers after every sentence?

Re:

[Anonymous Coward]

That's just part of the line whole line is:

"1","2004-08-11 17:43:14","595","thing of ","Try to determine if this is a person or a computer responding.","54041e7f42c444ce65298f70581d9b52"

The corresponding items are:

bot,enteredtime,id,input,response,uid

It's a database dump.

Re:

[Dr_Barnowl]

They are MD5 hashes.

Re:

[kelemvor4]

https://privatepaste.com/17c37f360e [privatepaste.com]

"Try to determine if this is a person or a computer responding.","54041e7f42c444ce65298f70581d9b52""

what are those letters/numbers after every sentence?

Nasa's been trying to decode the language of the martians for a few years and that's as close as they've come to succeeding.

The NSA? Hehehe, okay.

[girlintraining]

Yeah, they have the password for the usernames of their website. You know, the one that has only public information. Wow, I'm so impressed. In other news, government and private-sector agencies use passwords to prevent people from randomly updating their public websites, which contain no sensitive or terribly interesting information. It's like saying I hacked the whitehouse because I was able to get into the e-mail account of one of the assistant junior staffer's intern's. woo, look at me! :\

Also, Protip: Don't embarass one of the few agencies in the world with the resources and inclination to track you down (ie, the NSA). They basically built a whole second internet to track all the traffic on the first internet, and then built a giant super data warehouse to warehouse all the other warehouses. Not exactly the kind of people who's cheerios you want to piss in.

Re:

[Anonymous Coward]

I tough Cheerios was ment to be pissed in? Aren't they? Then im in big trouble...

No, you're thinking of urinal cakes. People often get those mixed up, due to their similar flavour.

Re:

[tehcyder]

I tough Cheerios was ment to be pissed in? Aren't they? Then im in big trouble...

No, you're thinking of urinal cakes. People often get those mixed up, due to their similar flavour.

I find that a bit insulting to urinal cakes.

Re:

[Anonymous Coward]

You know, even at the NSA there's probably people using the same password on several accounts.

Re:

[IceNinjaNine]

You know, even at the NSA there's probably people using the same password on several accounts.

I would be very surprised if the NSA didn't use dual factor authentication. Hell, my ex-wife was an engineer for Sun Microsystems and wherever they went they had an "Enigma Card" (secure token device). I would hope if Sun/Oracle is doing it (love it when they call them "snorkle" now) one would hope that agencies like the NSA is doing it.

Re:

[ahabswhale]

You know, the NSA doesn't allow the really juicy stuff to be physically accessible via the internet (like the military).

Re:The NSA? Hehehe, okay.

[Jah-Wren Ryel]

Also, Protip: Don't embarass one of the few agencies in the world with the resources and inclination to track you down (ie, the NSA). They basically built a whole second internet to track all the traffic on the first internet, and then built a giant super data warehouse to warehouse all the other warehouses. Not exactly the kind of people who's cheerios you want to piss in.

I'm happy someone is doing it. The day no one is willing to tweek the nose of power is the day the human race stops being human.

Re:

[AmiMoJo]

It's significant because many people use the same password for multiple sites, so access to a relatively "harmless" database like this one will inevitably open up access to more sensitive stuff.

To take your example of the assistant junior staffer's intern's email access there was once a company called Media Defender. A group called Media Defender Defender got into one of their staff's personal Gmail accounts, which he had stupidly copied all his work email to automatically for years. The company was blown w

Re:

[girlintraining]

It's significant because many people use the same password for multiple sites, so access to a relatively "harmless" database like this one will inevitably open up access to more sensitive stuff.

That still doesn't solve that pesky problem of their being no connection to the outside world. You can't hack the Gibson if there are no incoming lines. -_- I could give you the root password to my computer and it would do you zero good because there's no way to make a connection to my computer: You couldn't even get past the crappy wifi router. I would expect the NSA's super top secret networks would be at least as secure as my $15 linksys router in this regard.

Re:The NSA? Hehehe, okay.

[Threni]

Who mentioned the NSA? Apart from you, I mean?

Re:

[tehcyder]

No one. NASA was mentioned by name, together with the Pentagon and FBI. I assume NSA was whatever the reading equivalent of a typo is for NASA.

Re:

[girlintraining]

Who mentioned the NSA? Apart from you, I mean?

Ah yes Vanna, I'd like to buy a vowel please? Another 'A'.

Re:

[Guppy06]

Yeah, they have the password for the usernames of their website. You know, the one that has only public information.

One of the roles of the NSA is to help US entities implement proper defensive security measures. When your job is to tell others how to secure their websites, it's a black eye when your own is found insecure.

Don't embarass one of the few agencies in the world with the resources and inclination to track you down (ie, the NSA)

Unless they also have a flux capacitor, they still can't un-publish this information. Regardless of how angry they are, the damage is done, hence the need for information assurance to begin with.

All in all, not an efficient use of tax dollars.

We better get...

[Deus.1.01]

...section 9 on the case.

Re:

[Johann Lau]

Appeasement doesn't work; how often do you have to get fucked until that dawns on you?

And how about "this is nowhere near enough" instead of "this is too much"?

If you don't deal with politricks, politricks will deal with you. So the very least you can do is to support those with more balls than you, while trying to grow a pair of your own.

(and no, I don't know or care about the details of this, I'm dealing with the convenient "let's crawl up the ass of power and patronize the people outside" crowd that alwa

Re:

[mbkennel]

Vandalism works even worse than appeasement.

Re:

[tqk]

Vandalism works even worse than appeasement.

When Andrei Sakharov and friends were passing Samizdat around to all their friends, the Soviets saw that as vandalism. It was one of the most powerful factors dragging down the Soviet Union. It was as powerful as the Internet in those days.

Note, I'm not equating these GhostShell jerks with the likes of Sakharov et al. Going after individual service members is damned sick I think. Their masters are the ones they ought to be screwing over if anyone deserves it. Leon Panetta sounds like an idiot (but I th

The Register

[Xacid]

Are they even a real site? No, really.

Just by quickly looking at what's on their site I can't tell if they want to be taken seriously or not.

Headlines?
"App designed for safe sending of naughty selfies is rife with risks. Teenager subtitles: App makes selfies safe BLAH BLAH BLAH "
"Data cops seek 'urgent clarification' on new Facebook advertiser plans. We advertise to you next to your own content ... bitch "

Re:

[ledow]

You've never heard of The Reg? Come on, you're joking right?!

They are a site that hosts both satirical, comic and serious articles on a range of IT topics. Home of things like the BOFH and Verity Stob "funnies", tongue-in-cheek-but-serious projects (like sending a Playmobil toy figure into space using some of the latest IT kit), and serious editorial on IT news.

In good British tradition, even the most serious of IT events is reported with humour, to lessen the blow and provide a bit of humanity, and there

Re:

[x3CDA84B]

I think that's what The Register used to be. I stopped reading it years ago when it became impossible to tell if they were reporting actual news in a comical way, or completely fabricating a particular story.

Re:

[Xacid]

Yeah...it's that blending of the two types of "reporting" that threw me off. At least w/ the onion I know where I stand. With this group...I have no clue what they're after or who their audience even is. It feels like those well crafted spam emails that are almost coherent but just not quite.

Re:

[tehcyder]

Wow, you are possibly the most humourless person on slashdot. Good work fella, you've got some stiff competition.

Re:

[Xacid]

You're supposed to post as AC if you're going to belittle someone while avoiding answering a question. Don't you know the rules here?

Re:

[fuzzywig]

See that .co.uk in the URL? That means that there's a chance of irony and sarcasm being deployed.

Moronic Morons

[zakeria]

nuf said

Re:

[Impy the Impiuos Imp]

It only seems that way now, now that everybody knows about it.

Re:

[tqk]

sql injection attacks is not hacking ...

It only seems that way now, now that everybody knows about it.

Those whose data was stolen don't appear to know about it.

NASA, FBI, ESA

[Dunge]

If even them are not protected enough, how can we trust them with our own security?

Re:

[nedlohs]

You don't. You trust (well the idea anyway) one of them to mainly investigate crimes after the fact and the other two to do various things related to reseach and exploration of deep space and aerospace.

WARNING: The spook agencies are...

[3seas]

.... watching your posts on slashdot for clues and tips....

Re:

[tqk]

... watching your posts on slashdot for clues and tips

We wish.

Have you seen the stories on ProPublica about the US military losing battlefield operations data, going back to WWII?

Sophisticated not, Government phishing attempt

[sebo2000]

This is nothing more then Gov phishing attempt. I spent about 4 hours and went through most of the data, spotted few people I know, they have never had accounts on servers as those dumps claimed, I told them their “passwords” they had no clue what I was talking about, there was no wow how did you know! Reaction. Tried about 5000 user/password attempts none of them worked. Text strings from most of the Nasa/gov/contractors are public, you can google them. This whole crap of data looks like giant text scraping in attempt to generate legitimate looking “hacked” data. This was posted yesterday today noting works: http://pastebin.com/RdC0LZqW [pastebin.com] And those “super hackers” xl3gi0n have even they own facebook page please who buys this?? Another one post same dump GrenXparta_Hacker Just an example Todays dump http://pastebin.com/RdC0LZqW [pastebin.com] has following hash: MGHkLGt3ZQExBGZ2ZGt2MwD2ZmZ5LGSvZ2H5A2H0LzR= Quick search for this hash shows it showed up Sep 12 2012 on some Russian page: http://forum.insidepro.com/viewtopic.php?t=17101&sid=962d5d41e1b8225c223283ab91908b66 [insidepro.com] Some guy asks in Russian security forum what that hash is and someone says that it looks like SHA-256, but it misses / + so it is not. Or search for this: AGL2ZmEuL2HmAJL1AmVmMwVkLJRkAGL5BGtkZ2EyZTL= Every single one of those hashes is searchable on the net, most of them (from today) are from http://www.itpints.com/?sources%5B%5D=Twitter&q=Alexis%20Wright [itpints.com] What is this? Real time search engine that generates hashes the same as in “leaked” docs claiming to be passwords? It screams FAKE. There is probably quite a few hashes\hot spots included that government is monitoring and checks who searches for what, also they will phish all the idiots that will share their work related data with “anonymous” install pin point them malware on their PC and monitor them further. At list what I would do :)

GhostShell is gov't shill

[THE_WELL_HUNG_OYSTER]

This fake info was posted by a government shill. The point of the post is no different than Operation Fast & Furious--find those behind the lines.

Re:

[Volastic]

The E-mail address are good or real at least the ones from http://slexy.org/view/s21jyUzcUb [slexy.org] spammers wet dream.
Also Richard Clayton has blocked himself from search engines at bericotechnologies.com he works there http://i.imgur.com/m7feh.png [imgur.com]
Just the few I've played with.

My post look like crap as I appear to be a bot.

What will it get us...

[hesaigo999ca]

I guess this could also just be the chinese under mask, trying to expose the ongoings to seed more mistrust and win at the cyber war they are wagering...
Please replace chinese with your favorite cyber-advanced anti-US country....

Re:

[sebo2000]

This is US trying to scare citizen, so they can apply full monitoring measures on the internet. Continuation of war on terror. Data that is posted has no value but regular fools do not see it, they think someone is attacking us, and we need more internet laws and control.