Ghost Shell hacktivists publish over a million credentials

The Ghost Shell group, an offshoot of the Anonymous hacking collective has published the log-in details from 1.6 million accounts

The Ghost Shell group, an offshoot of the Anonymous hacking collective has published the log-in details from 1.6 million accounts.

The credentials were stolen from a series of hack attacks on Nasa, the FBI, the European Space Agency and 34 other government agencies and contractors, especially those working for the US Department of Defense.

The data, which also includes email addresses, CVs and the contents of online databases, was posted on several different sites to stop it being found quickly and deleted, according to BBC reports.

Ghost Shell said it had sent messages to security bosses about 150 insecure servers it had targeted in the attacks.

In a statement posted on the Pastebin website, Ghost Shell said the attacks were part of its #ProjectWhiteFox campaign to promote freedom of information online.

Read more about hacktivism

  • Ira Winker: Does recent hacktivism news justify enterprise hacktivism defense?
  • Hacktivism examples: What companies can learn from the HBGary attack
  • 2011 the year of the hacktivist, Verizon data breach report reveals
  • The hacktivist threat to enterprise security

Ghost Shell has carried out a number of attacks in 2012, publishing details from millions of accounts held at businesses, universities and Russian government departments and companies.

The group said #ProjectWhiteFox was the last operation it would carry out in 2012.

The hacking of websites or computer systems for a politically or socially motivated purpose, known as hacktivism, is becoming increasingly common.

In the UK this week, David Morris, MP for Morecambe & Lunesdale, said an organisation claiming to represent "Freedom for the Mujahideen" had taken over his website.

Hacktivism is increasingly viewed as a threat that organisations should defend against, but hacktivists should not require any special attention, according to Amichai Shulman, chief technology officer (CTO) of security firm Imperva.

"Hacktivist attacks are occasional, while criminal attacks are a daily reality for most businesses and other organisations, so they should concentrate on those," Amichai Shulman said.

If businesses are prepared for criminal hackers, they should be prepared for hacktivists because, unlike criminal hackers, hacktivists tend to use standard tools that are easier to defend against, Shulman told Computer Weekly.

Read more on Privacy and data protection