• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

 | 

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

 | 

Stealth backdoor found in WordPress mu-Plugins folder

 | 

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

 | 

Sophos fixed two critical Sophos Firewall vulnerabilities

 | 

French Authorities confirm XSS.is admin arrested in Ukraine

 | 

Microsoft linked attacks on SharePoint flaws to China-nexus actors

 | 

Cisco confirms active exploitation of ISE and ISE-PIC flaws

 | 

SharePoint under fire: new ToolShell attacks target enterprises

 | 

CrushFTP zero-day actively exploited at least since July 18

 | 

Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices

 | 

MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict

 | 

U.S. CISA urges to immediately patch Microsoft SharePoint flaw adding it to its Known Exploited Vulnerabilities catalog

 | 

Microsoft issues emergency patches for SharePoint zero-days exploited in "ToolShell" attacks

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Hacking
  • Security
  • ProjectWhiteFox 1.6M accounts exposed,Team Ghostshell vs UN Y.2770 standard

ProjectWhiteFox 1.6M accounts exposed,Team Ghostshell vs UN Y.2770 standard

Pierluigi Paganini December 11, 2012

Once again the group of hackers Team Ghostshell conquers a record to have attacked major organizations and expose around 1.6 million accounts from the victims. In the past the hacktivists attacked Russian Government and businesses during a campaign named ProjectBlackstar.

The hackers during the operation named ProjectWhiteFox have targeted a wide range of companies operating in different sectors such as aerospace, nanotechnology, banking, law, military, education and  government, following a list of the targets hacked

  • The European Space Agency
  • NASA’s Engineers: Center for Advanced Engineering
  • Federal Reserve
  • The Pentagon
  • Credit Union National Association (CUNA)
  • Crestwood Technology Group – CTG123
  • Bigelow Aerospace
  • California Manufacturers & Technology Association – CMTA.net
  • Aerospace Suppliers
  • World Airport Transfers
  • General Dynamics Defense Systems – GD-OtsCanada
  • Zero-Max – Manufacturer of parts
  • MicroController Shop
  • Jp Chem eData
  • Human Security Gateway
  • NanoConference
  • Hamamatsu
  • HMI CronPowder
  • Defense Contractor for the Pentagon – DPAtitle3
  • Business Consultancy dealing mostly with military personnel – Drum Cussac
  • Institute of makers of explosives – IME
  • Texas Bankers

Why the hackers have started a new campaign?

They started the series of attacks to claim the right to use internet freely without censorship and controls, cyberspace has no masters and the hackers desire to bring attention on ongoing ITU (International Telecommunication Union) that is hosting a meeting right that may decide “the fate of how the internet will be managed in the future”.

Recently United Nations’ International Telecommunications Union has taken the unprecedented step of adopting a standard for the Internet that would essentially permit eavesdropping on a global basis. UN Seeks unprecedented control of global internet traffic, ITU decided to adopt a standard, known as Y.2770 (Approved on 2012-11-20 – Requirements for deep packet inspection in Next Generation Networks), which would permit the inspection of Internet traffic analyzing every web content such as emails and any other form communication, the only defense against this is encryption.

The group of hacktivists released the following message:

 “Winter is here and so are we, to present Team GhostShell’s last project. We’ve included plenty of surprises in this one, so hop on our bandwagon, we’re going on an adventure! #ProjectWhiteFox will conclude this year’s series of attacks by promoting hacktivism worldwide and drawing attention to the freedom of information on the net. For those two factors we have prepared a juicy release of 1.6 million accounts/records from fields such as aerospace, nanotechnology, banking, law, education, government, military, all kinds of wacky companies & corporations working for the department of defense, airlines and more.”

The hackers have gathered the precious information using SQL injection technique, the stolen files contain personal data and access credentials of the victims, results of tests conducted by companies working in defense sector and analysis notes. Some files exposed contain administrator email addresses and credentials and many other details related to  database of company suppliers in the aerospace and oil industries.

Team GhostShell hackers wrote in a Pastebin post that they sent a emails detailing security flaws to a considerable number of institutions:

“ICS-CERT Security Operations Center (ics-cert@dhs.gov)  Homeland Security Information Network (HSIN) (hsin.helpdesk@dhs.gov) Lessons Learned and Information Sharing (LLIS) (feedback@llis.dhs.gov) FBI – Washington Division (washington.field@ic.fbi.gov) FBI – Seattle (seattle.fbi@ic.fbi.gov) Flashpoint Intel Partners (info@flashpoint-intel.com) Raytheon (products@raytheon.com) Since NASA is also mentioned there, we also sent it to (m.sepp@larc.nasa.gov) which turned out to be the email address of Langley: http://www.nasa.gov/centers/langley/about/contact.html And finally to (m.copeland@larc.nasa.gov) who apparently is working for the Technical Reports Servers. (Updated* Forgot to mention that the email will also contain another 150 vulnerable servers from the Pentagon, NASA, DHS, Federal Reserve, Intelligence firms, L-3 CyberSecurity, JAXA, etc. consider it an early Christmas present from us)”

They are not alone

The fight for internet freedom is also one of pillar of Anonymous operations that already started a campaign named #OpWCIT (Operation World Conference on International Telecommunications) , more news are available @ Twitter account #opWCIT .

Following the announcement published on Anonpaste

“The telecommunications standards arm of the U.N. has quietly endorsed the standardization of technologies that could give governments and companies the ability to sift through all of an Internet user’s traffic — including emails, banking transactions, and voice calls — without adequate privacy safeguards. The move suggests that some governments hope for a world where even encrypted communications may not be safe from prying eyes. The ITU-T DPI standard holds very little in reserve when it comes to privacy invasion. For example, the document optionally requires DPI systems to support inspection of encrypted traffic “in case of a local availability of the used encryption key(s).” It’s not entirely clear under what circumstances ISPs might have access to such keys, but in any event the very notion of decrypting the users’ traffic (quite possibly against their will) is antithetical to most norms, policies, and laws concerning privacy of communications. This apparent indifference to the wider implications of its work is yet another reason why the ITU is unfit to determine any aspect of something with as much power to affect people’s lives as the Internet. The internet is a self governing place where all of its community members take part in its principles. Don’t mess with the net. We like what we have. Our internet is working perfectly as an free and open model. It is your old systems that dont work correctly. We cannot allow idiots to destroy our internet. We wholly reject any agreements made at a meeting behind closed doors by politicians and others who don’t even understand the internet.”

As usual let me suggest to give a look to the excellent analysis, proposed  by the OZDC website , on data gathered during the attacks :

 

In the next days the number of initiatives to claim the right of a free network without any government control will increase and nobody is secure, private businesses and intelligence agencies are advised, the attacks of GhostShell are a clear demonstration and the massive media campaign started by the group of hacktivists is motivated by the needs to sensitize public opinion on the argument and to recruit new forces for the attacks.

Pierluigi Paganini

 


facebook linkedin twitter

#GhostShell #opWCIT Anonymous Censorship hacktivists ITU ProjectWhiteFox Team GhostShell Y.2770

you might also like

Pierluigi Paganini July 25, 2025
Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access
Read more
Pierluigi Paganini July 25, 2025
Mitel patches critical MiVoice MX-ONE Auth bypass flaw
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

    Intelligence / July 25, 2025

    Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

    Security / July 25, 2025

    Koske, a new AI-Generated Linux malware appears in the threat landscape

    Malware / July 25, 2025

    Mitel patches critical MiVoice MX-ONE Auth bypass flaw

    Security / July 25, 2025

    Coyote malware is first-ever malware abusing Windows UI Automation

    Malware / July 24, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT