This article was published on November 2, 2012

Hacker group GhostShell declares war on Russia, leaks 2.5 million alleged accounts and records


Hacker group GhostShell declares war on Russia, leaks 2.5 million alleged accounts and records

The hacktivist group GhostShell, which got picked up on the tech world’s radar in October for breaching 100 top university servers and releasing 120,000 student records, declared on Twitter an hour ago that it is back, after promising to return with a new project. We’re now in November, and apparently that means another, much bigger target than just over a hundred thousand students.

In a Pastebin file, GhostShell has declared war on Russia as part of what it is calling “Project Blackstar.” This hack is significantly bigger than the last: an alleged 2.5 million accounts and records leaked “from governmental, educational, academical, political, law enforcement, telecom, research institutes, medical facilities, large corporations (both national and international branches) in such fields as energy, petroleum, banks, dealerships and many more.”

GhostShell sets itself apart from other hacktivist groups by targeting more than just one company or organization, and then releasing the results of its attack all at once. This set of hacks is spread out across 301 links, many of which simply contain raw dump files uploaded to GitHub and mirrored on paste sites Slexy.org and PasteSite.com.

A few of the uploaded files contain user data that looks to be obtained from servers from various firms. The entries include IP addresses, names, logins, email addresses, passwords, phone numbers, and even addresses. Some of the information appears to be set to “<blank>”, suggesting it was never filled out in the first place or it was redacted by GhostShell, but most of it is present, including sensitive information such as email addresses, phone numbers, and postal addresses.

Email accounts listed are on major Russian domains, including BK.ru, Mail.ru, Rambler.ru, Yandex.ru, as well as the Russian government’s corp-gov.ru. The big email providers are also present, however: there are many Gmail, Hotmail, and Yahoo email addresses.

The <3 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

If you’re wondering “why Russsia?” then look no further than GhostShell’s explanation in the Pastebin file:

For far too long Russia has been a state of tyranny and regret. The average citizen is forced to live an isolated life from the rest of the world imposed by it’s politicians and leaders. A way of thinking outdated for well over 100 years now. The still present communism feeling has fused with todays capitalism and bred together a level of corruption and lack of decency of which we’ve never seen before.

People getting silenced from standing up to their own morals and values; such as journalists/reporters conveniently gone missing after criticizing those in power; so called ‘spontaneous protests’ having no real impact besides the purpose of showing the rest of the world that Russia is a democratic place; and public meetings to poorer neighborhoods with empty promises, where after, they get in their expensive cars and drive to their luxurious yachts for a well deserved rest.

Large corporations end up making the political game and with it, the future of the country. And yet, injustice is all over the world, but something did stand out from all of it. Even though the country is going through hard times and many people are starving, the Russian Government has enough resources to spend on it’s spies.

GhostShell suggests that the larger ramifications of its attack will come to light over the next couple of days. It claims to currently have “access to more Russian files than the FSB and we are very much eager to prove it.”

Image credit: David Lebrero

Get the TNW newsletter

Get the most important tech news in your inbox each week.