ProjectWhiteFox 1.6M accounts exposed,Team Ghostshell vs UN Y.2770 standard

Pierluigi Paganini December 11, 2012

Once again the group of hackers Team Ghostshell conquers a record to have attacked major organizations and expose around 1.6 million accounts from the victims. In the past the hacktivists attacked Russian Government and businesses during a campaign named ProjectBlackstar.

The hackers during the operation named ProjectWhiteFox have targeted a wide range of companies operating in different sectors such as aerospace, nanotechnology, banking, law, military, education and  government, following a list of the targets hacked

  • The European Space Agency
  • NASA’s Engineers: Center for Advanced Engineering
  • Federal Reserve
  • The Pentagon
  • Credit Union National Association (CUNA)
  • Crestwood Technology Group – CTG123
  • Bigelow Aerospace
  • California Manufacturers & Technology Association –
  • Aerospace Suppliers
  • World Airport Transfers
  • General Dynamics Defense Systems – GD-OtsCanada
  • Zero-Max – Manufacturer of parts
  • MicroController Shop
  • Jp Chem eData
  • Human Security Gateway
  • NanoConference
  • Hamamatsu
  • HMI CronPowder
  • Defense Contractor for the Pentagon – DPAtitle3
  • Business Consultancy dealing mostly with military personnel – Drum Cussac
  • Institute of makers of explosives – IME
  • Texas Bankers

Why the hackers have started a new campaign?

They started the series of attacks to claim the right to use internet freely without censorship and controls, cyberspace has no masters and the hackers desire to bring attention on ongoing ITU (International Telecommunication Union) that is hosting a meeting right that may decide “the fate of how the internet will be managed in the future”.

Recently United Nations’ International Telecommunications Union has taken the unprecedented step of adopting a standard for the Internet that would essentially permit eavesdropping on a global basis. UN Seeks unprecedented control of global internet traffic, ITU decided to adopt a standard, known as Y.2770 (Approved on 2012-11-20 – Requirements for deep packet inspection in Next Generation Networks), which would permit the inspection of Internet traffic analyzing every web content such as emails and any other form communication, the only defense against this is encryption.

The group of hacktivists released the following message:

 “Winter is here and so are we, to present Team GhostShell’s last project. We’ve included plenty of surprises in this one, so hop on our bandwagon, we’re going on an adventure! #ProjectWhiteFox will conclude this year’s series of attacks by promoting hacktivism worldwide and drawing attention to the freedom of information on the net. For those two factors we have prepared a juicy release of 1.6 million accounts/records from fields such as aerospace, nanotechnology, banking, law, education, government, military, all kinds of wacky companies & corporations working for the department of defense, airlines and more.”

The hackers have gathered the precious information using SQL injection technique, the stolen files contain personal data and access credentials of the victims, results of tests conducted by companies working in defense sector and analysis notes. Some files exposed contain administrator email addresses and credentials and many other details related to  database of company suppliers in the aerospace and oil industries.

Team GhostShell hackers wrote in a Pastebin post that they sent a emails detailing security flaws to a considerable number of institutions:

“ICS-CERT Security Operations Center ([email protected])  Homeland Security Information Network (HSIN) ([email protected]) Lessons Learned and Information Sharing (LLIS) ([email protected]) FBI – Washington Division ([email protected]) FBI – Seattle ([email protected]) Flashpoint Intel Partners ([email protected]) Raytheon ([email protected]) Since NASA is also mentioned there, we also sent it to ([email protected]) which turned out to be the email address of Langley: And finally to ([email protected]) who apparently is working for the Technical Reports Servers. (Updated* Forgot to mention that the email will also contain another 150 vulnerable servers from the Pentagon, NASA, DHS, Federal Reserve, Intelligence firms, L-3 CyberSecurity, JAXA, etc. consider it an early Christmas present from us)”

They are not alone

The fight for internet freedom is also one of pillar of Anonymous operations that already started a campaign named #OpWCIT (Operation World Conference on International Telecommunications) , more news are available @ Twitter account #opWCIT .

Following the announcement published on Anonpaste

“The telecommunications standards arm of the U.N. has quietly endorsed the standardization of technologies that could give governments and companies the ability to sift through all of an Internet user’s traffic — including emails, banking transactions, and voice calls — without adequate privacy safeguards. The move suggests that some governments hope for a world where even encrypted communications may not be safe from prying eyes. The ITU-T DPI standard holds very little in reserve when it comes to privacy invasion. For example, the document optionally requires DPI systems to support inspection of encrypted traffic “in case of a local availability of the used encryption key(s).” It’s not entirely clear under what circumstances ISPs might have access to such keys, but in any event the very notion of decrypting the users’ traffic (quite possibly against their will) is antithetical to most norms, policies, and laws concerning privacy of communications. This apparent indifference to the wider implications of its work is yet another reason why the ITU is unfit to determine any aspect of something with as much power to affect people’s lives as the Internet. The internet is a self governing place where all of its community members take part in its principles. Don’t mess with the net. We like what we have. Our internet is working perfectly as an free and open model. It is your old systems that dont work correctly. We cannot allow idiots to destroy our internet. We wholly reject any agreements made at a meeting behind closed doors by politicians and others who don’t even understand the internet.”

As usual let me suggest to give a look to the excellent analysis, proposed  by the OZDC website , on data gathered during the attacks :


In the next days the number of initiatives to claim the right of a free network without any government control will increase and nobody is secure, private businesses and intelligence agencies are advised, the attacks of GhostShell are a clear demonstration and the massive media campaign started by the group of hacktivists is motivated by the needs to sensitize public opinion on the argument and to recruit new forces for the attacks.

Pierluigi Paganini


you might also like

leave a comment