• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

 | 

Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

 | 

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

 | 

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

 | 

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

 | 

Stealth backdoor found in WordPress mu-Plugins folder

 | 

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

 | 

Sophos fixed two critical Sophos Firewall vulnerabilities

 | 

French Authorities confirm XSS.is admin arrested in Ukraine

 | 

Microsoft linked attacks on SharePoint flaws to China-nexus actors

 | 

Cisco confirms active exploitation of ISE and ISE-PIC flaws

 | 

SharePoint under fire: new ToolShell attacks target enterprises

 | 

CrushFTP zero-day actively exploited at least since July 18

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Hacking
  • Security
  • Team GhostShell hacktivists against temples of knowledge

Team GhostShell hacktivists against temples of knowledge

Pierluigi Paganini October 07, 2012

In this days the hacking group Team GhostShell claimed credit for the hack of  servers of the 100 principal universities from around the world, including Stanford, Princeton Harvard, the University of Michigan and also the Italian University of Rome. The hackers named the campaign #ProjectWestWind.

The group accessed to the databases of universities stealing hundred of thousand of records, recently in a post on Pastebin the group released about 120,000 records from the breached servers.

The name Team GhostShell is not new, the hackers are very active, last summer they conducted a campaign named Project HellFire, a massive leak of data, alleged to top more than a million records.

In that occasion Team GhostShell, along with two other associate groups, successfully attacked hundreds of websites, the victims of Project Hellfire were very heterogeneous, financial, law enforcement, political organizations and private businesses.

The group, which recently claimed credit for several major hacking incidents, in July penetrated into ITWallStreet.com, a recuiting website IT professionals who are searching for financial Wall Street jobs or working with Wall Street firms, and exposed valuable information belonging to tens of thousands of job applicants.

Why the hackers have chosen the universities in the last wave of attacks?

The group desires demonstrate the “failing educational standards around the world“, in the university system.

“We have set out to raise awareness towards the changes made in today’s education, how new laws imposed by politicians affect us, our economy and overall, our way of life. How far we have ventured from learning valuable skills that would normally help us be prepared in life, to just, simply memorizing large chunks of text in exchange for good grades. How our very own traditions are heard less and less, losing touch with who we truly are. Slowly casting the identities, that our ancestors fought to protect, into exile. – TGS

 As a wise man once said: “Those who cannot remember the past are condemned to repeat it.”

What is surprising is the large scale attack that demonstrated the lack of defense in what could be considered the “temples of knowledge” and have been discovered vulnerable to offensive. In some cases, the hackers have breached multiple servers at the same university, very unfortunate circumstance that must raise many question on the approach of these institutions to the security.

The message posted on PasteBin states

“We tried to keep the leaked information to a minimum, so just around 120,000+ accounts and records are here, leaving in their servers hundreds of thousands more,”

“When we got there, we found out that a lot of them have malware injected. No surprise there since some have credit card information stored,”

According the official communication of Stanford University, two departmental websites had been violated but no restricted or sensible data was exposed.

Also other universities provided similar comments to the event … according their declarations nothing of important is happened. The University of Michigan spokesman said:

“However there was no sensitive data or passwords accessed,” he said in emailed comments. “What they gained access to was data that is generally available to the public on our website.”

The blog Identity Finder provided an interesting analysis of the leaked data highlighting that the hackers hasn’t only published the stolen info, but they spent long time to analyze and aggregate them.

Probably behind these operation there is also a long study of objectives and a specific strategy, differently of what wrongly people believes.

The attacks represent a large breach of SQL database information obtained from various subdomains belonging to more than 50 top U.S. and international universities.

Following some interesting figure on the data breach:

  1. 36,623 Unique Email Addresses
  2. 1 Bank Account Number
  3. No credit card information
  4. No social security numbers
  5. Tens of Thousands of student, faculty, and staff names
  6. Thousands of Usernames, Hashed and Plain-Text Passwords
  7. Thousands of Addresses and Phone Numbers
  8. Several Dates of Birth, Citizenship, Ethnicity, Marital Status, and Gender Information
  9. Payroll Information, Employee IDs
  10. Database Schema Information

“Based upon a casual sampling of time stamps in the data set, it appears that the hackers spent at least four months aggregating the information prior to release,” explained Aaron Titus, Chief Privacy Officer for Identity Finder. “Although the hackers claim to have posted 120,000 accounts, Identity Finder could only confirm around 40,000 accounts exposed. 40,000 accounts is still a large number, and it is possible that the hackers had access to far more.”

The data leaked includes more user’s credentials and information, to aggravate the situation the fact that many passwords were available in plain text format.

What lessons should we learn from these events?

  1. Firstly never underestimate the cyber threats, especially the operations of groups of hacktivists too often considered, wrongly, too modest and without serious consequences.
  2. The university and many other institutions included hospitals and research centers are now run in a disorganized way. Very often each department has its own computer facilities and there is no central coordination. The result is that each of these departments could be used as a starting point for attacks on central structures, it is like having a bunker protected with too many windows open and unattended which have sometimes ignores its existence.
  3. Last consideration is related to the costs for the security of many universities, at least in the most prestigious institutes, that are far from negligible. An attack, even in peripheral departments, cannot be underestimated and the responsibility is the same as an attack to the central systems.
  4. Consider then that this information may also be used in various ways to infiltrate the structures in the months to come, and sometimes the universities and their students are involved in projects of national interest ….do you think that this should be left unattended?
Pierluigi Paganini

 


facebook linkedin twitter

#ProjectWestWind cyber threats data breach Hackers hacktivists passwords security SQL injection Team GhostShell

you might also like

Pierluigi Paganini July 26, 2025
Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme
Read more
Pierluigi Paganini July 25, 2025
Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

    Malware / July 27, 2025

    Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

    Breaking News / July 27, 2025

    Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

    Cyber Crime / July 26, 2025

    Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

    Intelligence / July 26, 2025

    Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

    Intelligence / July 25, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT