Pierluigi Paganini November 05, 2012

Last month we have discussed on the attacks conducted by the group of hackers Team GhostShell against universities all over the world.  The group Team GhostShell claimed credit for the hack of  servers of the 100 principal universities from around the world, including Stanford, Princeton Harvard, the University of Michigan and also the Italian University of Rome.

Approach superficially the hacktivism is a great error, groups such as Anonymous have demonstrated how much dangerous could be their operations, let’s think for example to the Stratfor case and the operations conducted with Wikileaks.

Hacktivism represents a serious problem for governments and intelligence agencies, the hack of IT infrastructures and the exposure of confidential information is a serious menace. In the past Anonymous has hit several governments and law enforcement agencies such us UK gov, US gov, Japan Gov, India Gov and FBI.

This time I desire to discuss on the new operation of the Team GhostShell named #Project Blackstar conducted  by the hackers against Russian Government.

During last attack Team GhostShell leaked 2.5 millions of accounts belong to governmental, academic, political, research institutes, law enforcement, telecom and large corporations operating in different sectors such as energy and  banking.

“GhostShell is declaring war on Russia’s cyberspace, in “Project BlackStar”. The project is aimed at the Russian Government. We’ll start off with a nice greeting of 2.5 million accounts/records leaked, from governmental, educational, academical, political, law enforcement, telecom, research institutes, medical facilities, large corporations (both national and international branches) in such fields as energy, petroleum, banks, dealerships and many more. GhostShell currently has access to more russian files than the FSB and we are very much  eager to prove it. – DeadMellox”

The date leaked have been published trough different channels, in perfect Anonymous style, the hacktivist have used more of 301 different links to expose archives containing row dump file.

The data exposed came from 62 websites that are mainly from Russia but also from other countries such as Italy, Ukraine and Turkey. The data stolen from websites contains username, passwords and other user’s personal information, more over 148,000 emails and also visitation logs from websites such as metaprom.ru and others.

On Pastebin has been posted the complete list of links including an announcement to explain the reason of the attack against Russian Government.

“For far too long Russia has been a state of tyranny and regret. The average citizen is forced to live an isolated life from the rest of the world imposed by it’s politicians and leaders. A way of thinking outdated for well over 100 years now. The still present communism feeling has fused with todays capitalism and bred together a level of corruption and lack of decency of which we’ve never seen before.”

Team GhostShell accused the policy of Russian Government guilty of having established a tyranny, but the hackers accused also large companies that support decision of central government.

“Large corporations end up making the political game and with it, the future of the country. And yet, injustice is all over the world, but something did stand out from all of it. Even though the country is going through hard times and many people are starving, the Russian Government has enough resources to spend on it’s spies.

http://www.businessinsider.com/alexander-fishenko-indicted-feds-bust-houston-spy-network-accused-of-shipping-50-million-in-high-tech-electronics-to-russia-2012-10 ”  

“The average citizen is forced to live an isolated life from the rest of the world imposed by it’s politicians and leaders. A way of thinking outdated for well over 100 years now,”

This set of hacks is spread out across 301 links, many of which simply contain raw dump files uploaded to GitHub and mirrored on paste sites like Slexy.org and PasteSite.com. The files include IP addresses, names, logins, email addresses, passwords, phone numbers, and even addresses.

Analyzing the data leaked it is possible to verify that majority of information (64,885 found emails) came from http://www.corp-gov.ru followed by http://rabota-izhevsk.info.

The 2nd lot of largest sites are in the 10-20k leaked accounts and those are http://ec-univer.ru with 14,683 accounts found, http://medical.ru 13,750 accounts found and finally  http://www.psi-energo.ru with 12,836 accounts found.

An interesting analysis on the data leaked is proposed by the web site OZ Data Centa

Team GhostShell member DeadMellox wrote. Project BlackStar is the second alleged hack from Team GhostShell in the last month.

“The still present communism feeling has fused with todays capitalism and bred together a level of corruption and lack of decency of which we’ve never seen before.”

GhostShell’s latest operation was announced one day after Russia’s new “Internet blacklist bill,” Bill 89417-6, took effect. The legislation allows the Russian government to monitor internet use spying on millions of Russians on-line and to apply a questionable censorship.

In the message posted on PasteBin the hackers explicitly refer the international case of the arrest of 11 suspected Russian spies on charges of smuggling $50 million in sensitive American military electronics to Russia.

Alexander Fishenko, an owner and executive of American and Russian companies, was charged with operating as an “unregistered agent of the Russian government inside the United States by illegally procuring the high-tech microelectronics on behalf of the Russian government,” according to an FBI press release.
Despite the leaked data doesn’t contain critical information, they could be used for successive APT attacks against government. In this case it is fundamental the management of data breach, a proper response to the incident could avoid further damage.

The data leaked could also be used by foreign government in various way, for intelligence first but also to conduct successive cyber attacks, in this scenario a cyber offensive conducted by hacktivists could represent a serious danger for the homeland security … so never underestimate the cyber threat “Hacktivism”.

Pierluigi Paganini