• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

 | 

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

 | 

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

IT Worker arrested for selling access in $100M PIX cyber heist

 | 

New Batavia spyware targets Russian industrial enterprises

 | 

Taiwan flags security risks in popular Chinese apps after official probe

 | 

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

 | 

Security Affairs newsletter Round 531 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

 | 

Critical Sudo bugs expose major Linux distros to local Root exploits

 | 

Google fined $314M for misusing idle Android users' data

 | 

A flaw in Catwatchful spyware exposed logins of +62,000 users

 | 

China-linked group Houken hit French organizations using zero-days

 | 

Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach

 | 

Europol shuts down Archetyp Market, longest-running dark web drug marketplace

 | 

Kelly Benefits data breach has impacted 550,000 people, and the situation continues to worsen as the investigation progresses

 | 

Cisco removed the backdoor account from its Unified Communications Manager

 | 

U.S. Sanctions Russia's Aeza Group for aiding crooks with bulletproof hosting

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Hacking
  • Security
  • Team GhostShell hacktivists against temples of knowledge

Team GhostShell hacktivists against temples of knowledge

Pierluigi Paganini October 07, 2012

In this days the hacking group Team GhostShell claimed credit for the hack of  servers of the 100 principal universities from around the world, including Stanford, Princeton Harvard, the University of Michigan and also the Italian University of Rome. The hackers named the campaign #ProjectWestWind.

The group accessed to the databases of universities stealing hundred of thousand of records, recently in a post on Pastebin the group released about 120,000 records from the breached servers.

The name Team GhostShell is not new, the hackers are very active, last summer they conducted a campaign named Project HellFire, a massive leak of data, alleged to top more than a million records.

In that occasion Team GhostShell, along with two other associate groups, successfully attacked hundreds of websites, the victims of Project Hellfire were very heterogeneous, financial, law enforcement, political organizations and private businesses.

The group, which recently claimed credit for several major hacking incidents, in July penetrated into ITWallStreet.com, a recuiting website IT professionals who are searching for financial Wall Street jobs or working with Wall Street firms, and exposed valuable information belonging to tens of thousands of job applicants.

Why the hackers have chosen the universities in the last wave of attacks?

The group desires demonstrate the “failing educational standards around the world“, in the university system.

“We have set out to raise awareness towards the changes made in today’s education, how new laws imposed by politicians affect us, our economy and overall, our way of life. How far we have ventured from learning valuable skills that would normally help us be prepared in life, to just, simply memorizing large chunks of text in exchange for good grades. How our very own traditions are heard less and less, losing touch with who we truly are. Slowly casting the identities, that our ancestors fought to protect, into exile. – TGS

 As a wise man once said: “Those who cannot remember the past are condemned to repeat it.”

What is surprising is the large scale attack that demonstrated the lack of defense in what could be considered the “temples of knowledge” and have been discovered vulnerable to offensive. In some cases, the hackers have breached multiple servers at the same university, very unfortunate circumstance that must raise many question on the approach of these institutions to the security.

The message posted on PasteBin states

“We tried to keep the leaked information to a minimum, so just around 120,000+ accounts and records are here, leaving in their servers hundreds of thousands more,”

“When we got there, we found out that a lot of them have malware injected. No surprise there since some have credit card information stored,”

According the official communication of Stanford University, two departmental websites had been violated but no restricted or sensible data was exposed.

Also other universities provided similar comments to the event … according their declarations nothing of important is happened. The University of Michigan spokesman said:

“However there was no sensitive data or passwords accessed,” he said in emailed comments. “What they gained access to was data that is generally available to the public on our website.”

The blog Identity Finder provided an interesting analysis of the leaked data highlighting that the hackers hasn’t only published the stolen info, but they spent long time to analyze and aggregate them.

Probably behind these operation there is also a long study of objectives and a specific strategy, differently of what wrongly people believes.

The attacks represent a large breach of SQL database information obtained from various subdomains belonging to more than 50 top U.S. and international universities.

Following some interesting figure on the data breach:

  1. 36,623 Unique Email Addresses
  2. 1 Bank Account Number
  3. No credit card information
  4. No social security numbers
  5. Tens of Thousands of student, faculty, and staff names
  6. Thousands of Usernames, Hashed and Plain-Text Passwords
  7. Thousands of Addresses and Phone Numbers
  8. Several Dates of Birth, Citizenship, Ethnicity, Marital Status, and Gender Information
  9. Payroll Information, Employee IDs
  10. Database Schema Information

“Based upon a casual sampling of time stamps in the data set, it appears that the hackers spent at least four months aggregating the information prior to release,” explained Aaron Titus, Chief Privacy Officer for Identity Finder. “Although the hackers claim to have posted 120,000 accounts, Identity Finder could only confirm around 40,000 accounts exposed. 40,000 accounts is still a large number, and it is possible that the hackers had access to far more.”

The data leaked includes more user’s credentials and information, to aggravate the situation the fact that many passwords were available in plain text format.

What lessons should we learn from these events?

  1. Firstly never underestimate the cyber threats, especially the operations of groups of hacktivists too often considered, wrongly, too modest and without serious consequences.
  2. The university and many other institutions included hospitals and research centers are now run in a disorganized way. Very often each department has its own computer facilities and there is no central coordination. The result is that each of these departments could be used as a starting point for attacks on central structures, it is like having a bunker protected with too many windows open and unattended which have sometimes ignores its existence.
  3. Last consideration is related to the costs for the security of many universities, at least in the most prestigious institutes, that are far from negligible. An attack, even in peripheral departments, cannot be underestimated and the responsibility is the same as an attack to the central systems.
  4. Consider then that this information may also be used in various ways to infiltrate the structures in the months to come, and sometimes the universities and their students are involved in projects of national interest ….do you think that this should be left unattended?
Pierluigi Paganini

 


facebook linkedin twitter

#ProjectWestWind cyber threats data breach Hackers hacktivists passwords security SQL injection Team GhostShell

you might also like

Pierluigi Paganini July 08, 2025
Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day
Read more
Pierluigi Paganini July 08, 2025
Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

    Security / July 08, 2025

    Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

    Intelligence / July 08, 2025

    U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

    Hacking / July 08, 2025

    IT Worker arrested for selling access in $100M PIX cyber heist

    Cyber Crime / July 08, 2025

    New Batavia spyware targets Russian industrial enterprises

    Malware / July 07, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT